Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
oz9Blof9tN.msi

Overview

General Information

Sample name:oz9Blof9tN.msi
renamed because original name is a hash value
Original sample name:65bd52c6c75354696a891efbf47be141837d095953366f5dec823a0257126840.msi
Analysis ID:1483409
MD5:54e6bcb33159c34e4e35fc27073786fb
SHA1:74b6384f931cfd1c37e86bf62699d657b38faad2
SHA256:65bd52c6c75354696a891efbf47be141837d095953366f5dec823a0257126840
Tags:156-255-2-100msi
Infos:

Detection

CobaltStrike
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected CobaltStrike
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)
Drops executables to the windows directory (C:\Windows) and starts them
Potentially malicious time measurement code found
Checks for available system drives (often done to infect USB drives)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 1200 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\oz9Blof9tN.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 3160 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 3996 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 2FB75800E24C988F6C303CBA6166C7C4 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • MSI460B.tmp (PID: 3396 cmdline: "C:\Windows\Installer\MSI460B.tmp" /DontWait /HideWindow "C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exe" MD5: C846B15B4C1FFFD0FB6B438E71670953)
  • ImmEnumInputContext9ed8e2f7ae.exe (PID: 6304 cmdline: "C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exe" MD5: 92FFD5A24BF3942FFA7AC182E4E0C171)
    • conhost.exe (PID: 5756 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Cobalt Strike, CobaltStrikeCobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable.
  • APT 29
  • APT32
  • APT41
  • AQUATIC PANDA
  • Anunak
  • Cobalt
  • Codoso
  • CopyKittens
  • DarkHydrus
  • FIN6
  • FIN7
  • Leviathan
  • Mustang Panda
  • Shell Crew
  • Stone Panda
  • TianWu
  • UNC1878
  • UNC2452
  • Winnti Umbrella
https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike

Malware Configuration

Threatname: CobaltStrike

{"BeaconType": ["HTTPS"], "Port": 18896, "SleepTime": 45000, "MaxGetSize": 1403644, "Jitter": 37, "C2Server": "156.255.2.100,/jquery-3.3.1.min.js", "HttpPostUri": "/jquery-3.3.2.min.js", "Malleable_C2_Instructions": ["Remove 1522 bytes from the end", "Remove 84 bytes from the beginning", "Remove 3931 bytes from the beginning", "Base64 URL-safe decode", "XOR mask w/ random key"], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe", "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 987654321, "bStageCleanup": "True", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "False", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 17500, "ProcInject_PrependAppend_x86": ["kJA=", "Empty"], "ProcInject_PrependAppend_x64": ["kJA=", "Empty"], "ProcInject_Execute": ["ntdll:RtlUserThreadStart", "CreateThread", "NtQueueApcThread-s", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "NtMapViewOfSection", "bUsesCookies": "True", "HostHeader": ""}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.3239674052.0000025F7D900000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_CobaltStrike_3Yara detected CobaltStrikeJoe Security
    00000005.00000002.3239674052.0000025F7D900000.00000020.00001000.00020000.00000000.sdmpWindows_Trojan_CobaltStrike_b54b94acRule for beacon sleep obfuscation routineunknown
    • 0x137:$a_x64: 4C 8B 53 08 45 8B 0A 45 8B 5A 04 4D 8D 52 08 45 85 C9 75 05 45 85 DB 74 33 45 3B CB 73 E6 49 8B F9 4C 8B 03
    00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmpWindows_Trojan_CobaltStrike_663fc95dIdentifies CobaltStrike via unidentified function codeunknown
    • 0x1c93c:$a: 48 89 5C 24 08 57 48 83 EC 20 48 8B 59 10 48 8B F9 48 8B 49 08 FF 17 33 D2 41 B8 00 80 00 00
    00000005.00000002.3238249247.000000C000100000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_CobaltStrike_2Yara detected CobaltStrikeJoe Security
      00000005.00000002.3238249247.000000C000100000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_CobaltStrike_4Yara detected CobaltStrikeJoe Security
        Click to see the 8 entries

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        No Snort rule has matched

        Suricata Signatures

        Timestamp:2024-07-27T11:19:56.672500+0200
        SID:2028765
        Source Port:49704
        Destination Port:18896
        Protocol:TCP
        Classtype:Unknown Traffic
        Timestamp:2024-07-27T11:20:14.760009+0200
        SID:2022930
        Source Port:443
        Destination Port:49713
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-07-27T11:20:52.809081+0200
        SID:2022930
        Source Port:443
        Destination Port:49739
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-07-27T11:19:58.073924+0200
        SID:2841527
        Source Port:18896
        Destination Port:49704
        Protocol:TCP
        Classtype:Domain Observed Used for C2 Detected

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Found malware configuration
        Source: 00000005.00000002.3238249247.000000C000100000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: CobaltStrike {"BeaconType": ["HTTPS"], "Port": 18896, "SleepTime": 45000, "MaxGetSize": 1403644, "Jitter": 37, "C2Server": "156.255.2.100,/jquery-3.3.1.min.js", "HttpPostUri": "/jquery-3.3.2.min.js", "Malleable_C2_Instructions": ["Remove 1522 bytes from the end", "Remove 84 bytes from the beginning", "Remove 3931 bytes from the beginning", "Base64 URL-safe decode", "XOR mask w/ random key"], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe", "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 987654321, "bStageCleanup": "True", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "False", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 17500, "ProcInject_PrependAppend_x86": ["kJA=", "Empty"], "ProcInject_PrependAppend_x64": ["kJA=", "Empty"], "ProcInject_Execute": ["ntdll:RtlUserThreadStart", "CreateThread", "NtQueueApcThread-s", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "NtMapViewOfSection", "bUsesCookies": "True", "HostHeader": ""}
        Multi AV Scanner detection for domain / URL
        Source: https://156.255.2.100:18896/Virustotal: Detection: 5%Perma Link
        Multi AV Scanner detection for dropped file
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeReversingLabs: Detection: 47%
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeVirustotal: Detection: 60%Perma Link
        Multi AV Scanner detection for submitted file
        Source: oz9Blof9tN.msiReversingLabs: Detection: 36%
        Source: oz9Blof9tN.msiVirustotal: Detection: 46%Perma Link
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability

        Bitcoin Miner

        barindex
        Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_010020A0 LoadLibraryExW,5_2_010020A0
        Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdbD source: MSI460B.tmp, 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmp, MSI460B.tmp, 00000004.00000000.1999454439.000000000054E000.00000002.00000001.01000000.00000003.sdmp, oz9Blof9tN.msi, MSI458D.tmp.1.dr, MSI460B.tmp.1.dr, 4b42f7.msi.1.dr
        Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: oz9Blof9tN.msi, MSI4440.tmp.1.dr, 4b42f7.msi.1.dr, MSI452E.tmp.1.dr, MSI43E2.tmp.1.dr, MSI44DF.tmp.1.dr, MSI4480.tmp.1.dr
        Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb source: MSI460B.tmp, 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmp, MSI460B.tmp, 00000004.00000000.1999454439.000000000054E000.00000002.00000001.01000000.00000003.sdmp, oz9Blof9tN.msi, MSI458D.tmp.1.dr, MSI460B.tmp.1.dr, 4b42f7.msi.1.dr
        Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_00540A10 FindFirstFileExW,4_2_00540A10
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 4x nop then cmp rdx, 40h5_2_00FEF360
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 4x nop then cmp rdx, rbx5_2_00FDB320
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 4x nop then shr r10, 0Dh5_2_00FFA580
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 4x nop then lock or byte ptr [rdx], dil5_2_00FEFAA0
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 4x nop then shr r10, 0Dh5_2_00FFBA00

        Networking

        barindex
        C2 URLs / IPs found in malware configuration
        Source: Malware configuration extractorURLs: 156.255.2.100
        Source: global trafficTCP traffic: 192.168.2.5:49704 -> 156.255.2.100:18896
        Source: Joe Sandbox ViewASN Name: ANCHGLOBAL-AS-APAnchnetAsiaLimitedHK ANCHGLOBAL-AS-APAnchnetAsiaLimitedHK
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: unknownTCP traffic detected without corresponding DNS query: 156.255.2.100
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.jquery.com/
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2308728075.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.jquery.com/9S
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2026764473.0000025F76009000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2308728075.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2308728075.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.5.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2308875318.0000025F75FA6000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017374596.0000025F75FA7000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017544301.0000025F75FAC000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2191865341.0000025F75FAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabG
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2308875318.0000025F75FA6000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75FAF000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017374596.0000025F75FA7000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017544301.0000025F75FAC000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2191865341.0000025F75FAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?c6786262e0
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2308728075.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://156.255.2.100/
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2309083007.0000025F75FDB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://156.255.2.100:18896/
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://156.255.2.100:18896/hy
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.js
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2308728075.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.js-2425835fc7d3
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.js1.3.6.1.4.1.311.10.3.91.3.6.1.4.1.311.10.3.19
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.js53011b87bd06u
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsS
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2309083007.0000025F75FDB000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017544301.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsc
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2308728075.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsdclHbog
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017544301.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsg
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsjb
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsnc
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017544301.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsrovider
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2191865341.0000025F75FDA000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017544301.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsrovider7
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsroviderD
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsryptnetUrlCache
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2308728075.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jst
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2308728075.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jststl.cab?c6786262e02c8735
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017544301.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsvider
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsw
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://156.255.2.100:18896/ll
        Source: ImmEnumInputContext9ed8e2f7ae.exeBinary or memory string: runtime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p stateassembly checks failedstack not a power of 2minpc or maxpc invalidcompileCallback: type non-Go function at pc=RtlLookupFunctionEntryRegisterRawInputDevicesCreateAccelerator

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000005.00000002.3239674052.0000025F7D900000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon sleep obfuscation routine Author: unknown
        Source: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
        Source: 00000005.00000002.3238249247.000000C000100000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
        Source: 00000005.00000003.2002510111.0000025F7CB50000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4b42f7.msiJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI43E2.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4440.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4480.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI44DF.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI452E.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{0915C26A-4838-446F-95D6-9061AE0B204B}Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI458D.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI460B.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI43E2.tmpJump to behavior
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_0053F2D34_2_0053F2D3
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_0052B3404_2_0052B340
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_005433404_2_00543340
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_005313304_2_00531330
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_005354D04_2_005354D0
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_0050D5104_2_0050D510
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_005335214_2_00533521
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_005316BE4_2_005316BE
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_00544A9F4_2_00544A9F
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_0053CBA94_2_0053CBA9
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_00537CA84_2_00537CA8
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FDC2405_2_00FDC240
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0100D9205_2_0100D920
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FD1AA05_2_00FD1AA0
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FF7A605_2_00FF7A60
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FF6C605_2_00FF6C60
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FDCDE05_2_00FDCDE0
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_01014CA05_2_01014CA0
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FE4E205_2_00FE4E20
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_010321095_2_01032109
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FED0E05_2_00FED0E0
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FD30405_2_00FD3040
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0101E0405_2_0101E040
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_010070C05_2_010070C0
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0100E3A05_2_0100E3A0
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FE93C05_2_00FE93C0
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0101F2605_2_0101F260
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_010042C05_2_010042C0
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0100F5605_2_0100F560
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FFA5805_2_00FFA580
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FF45605_2_00FF4560
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FD96205_2_00FD9620
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FF16005_2_00FF1600
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0100B6005_2_0100B600
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_010079005_2_01007900
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FE98E05_2_00FE98E0
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FDD9A05_2_00FDD9A0
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FF59A05_2_00FF59A0
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FFE9805_2_00FFE980
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FFAA405_2_00FFAA40
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FE3A205_2_00FE3A20
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FFBA005_2_00FFBA00
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0101AD205_2_0101AD20
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FFDC005_2_00FFDC00
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_01029C005_2_01029C00
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FFCDE05_2_00FFCDE0
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0100ACA05_2_0100ACA0
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FEFD205_2_00FEFD20
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FE8D005_2_00FE8D00
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_00FE7F605_2_00FE7F60
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0000025F7CBB6B385_2_0000025F7CBB6B38
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0000025F7CBC15285_2_0000025F7CBC1528
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0000025F7CBC0E645_2_0000025F7CBC0E64
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0000025F7CBC1F9C5_2_0000025F7CBC1F9C
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0000025F7CBBF1A85_2_0000025F7CBBF1A8
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0000025F7D9000005_2_0000025F7D900000
        Source: Joe Sandbox ViewDropped File: C:\Windows\Installer\MSI43E2.tmp CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504
        Source: Joe Sandbox ViewDropped File: C:\Windows\Installer\MSI4440.tmp CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504
        Source: C:\Windows\Installer\MSI460B.tmpCode function: String function: 00529E26 appears 71 times
        Source: C:\Windows\Installer\MSI460B.tmpCode function: String function: 00529DF3 appears 100 times
        Source: C:\Windows\Installer\MSI460B.tmpCode function: String function: 0052A1C0 appears 39 times
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: String function: 01006320 appears 512 times
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: String function: 01007E20 appears 89 times
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: String function: 01008640 appears 693 times
        Source: oz9Blof9tN.msiBinary or memory string: OriginalFilenameviewer.exeF vs oz9Blof9tN.msi
        Source: oz9Blof9tN.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs oz9Blof9tN.msi
        Source: 00000005.00000002.3239674052.0000025F7D900000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
        Source: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
        Source: 00000005.00000002.3238249247.000000C000100000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
        Source: 00000005.00000003.2002510111.0000025F7CB50000.00000020.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
        Source: classification engineClassification label: mal100.troj.evad.mine.winMSI@8/27@0/1
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_005062E0 CreateToolhelp32Snapshot,CloseHandle,Process32FirstW,OpenProcess,CloseHandle,Process32NextW,CloseHandle,4_2_005062E0
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_00507020 CoInitialize,CoCreateInstance,VariantInit,IUnknown_QueryService,IUnknown_QueryInterface_Proxy,IUnknown_QueryInterface_Proxy,CoAllowSetForegroundWindow,SysAllocString,SysAllocString,SysAllocString,VariantInit,LocalFree,OpenProcess,WaitForSingleObject,GetExitCodeProcess,CloseHandle,LocalFree,VariantClear,VariantClear,VariantClear,VariantClear,SysFreeString,VariantClear,CoUninitialize,_com_issue_error,4_2_00507020
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_00501D90 LoadResource,LockResource,SizeofResource,4_2_00501D90
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CML45C6.tmpJump to behavior
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5756:120:WilError_03
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DFF5CEB662862EABEF.TMPJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeFile opened: C:\Windows\system32\39f92c109a8dd9329424c47503eedf00f58ba06624d67346b63dda6edce31e92AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJump to behavior
        Source: C:\Windows\Installer\MSI460B.tmpKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: oz9Blof9tN.msiReversingLabs: Detection: 36%
        Source: oz9Blof9tN.msiVirustotal: Detection: 46%
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: /memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspin
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: /memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspin
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: /sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: /sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable t
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable t
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: uncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime:
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: uncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime:
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: concurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:sec
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: concurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:sec
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: runtime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:sec
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: runtime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:sec
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: /memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime:
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: /memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime:
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: /cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: /cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: /sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime:
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: /sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime:
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: /cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.ins
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: /cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.ins
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: /gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus old
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: /gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus old
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: /memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent loc
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: /memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent loc
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: lfstack node allocated from the heap) is larger than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime:
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: lfstack node allocated from the heap) is larger than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime:
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: ) is larger than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime:
        Source: ImmEnumInputContext9ed8e2f7ae.exeString found in binary or memory: ) is larger than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime:
        Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\oz9Blof9tN.msi"
        Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 2FB75800E24C988F6C303CBA6166C7C4
        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI460B.tmp "C:\Windows\Installer\MSI460B.tmp" /DontWait /HideWindow "C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exe"
        Source: unknownProcess created: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exe "C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exe"
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 2FB75800E24C988F6C303CBA6166C7C4Jump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI460B.tmp "C:\Windows\Installer\MSI460B.tmp" /DontWait /HideWindow "C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exe"Jump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\Installer\MSI460B.tmpSection loaded: msi.dllJump to behavior
        Source: C:\Windows\Installer\MSI460B.tmpSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\Installer\MSI460B.tmpSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\Installer\MSI460B.tmpSection loaded: sxs.dllJump to behavior
        Source: C:\Windows\Installer\MSI460B.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Windows\Installer\MSI460B.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: cryptnet.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: webio.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: cabinet.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\Installer\MSI460B.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
        Source: oz9Blof9tN.msiStatic file information: File size 2541568 > 1048576
        Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdbD source: MSI460B.tmp, 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmp, MSI460B.tmp, 00000004.00000000.1999454439.000000000054E000.00000002.00000001.01000000.00000003.sdmp, oz9Blof9tN.msi, MSI458D.tmp.1.dr, MSI460B.tmp.1.dr, 4b42f7.msi.1.dr
        Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: oz9Blof9tN.msi, MSI4440.tmp.1.dr, 4b42f7.msi.1.dr, MSI452E.tmp.1.dr, MSI43E2.tmp.1.dr, MSI44DF.tmp.1.dr, MSI4480.tmp.1.dr
        Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb source: MSI460B.tmp, 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmp, MSI460B.tmp, 00000004.00000000.1999454439.000000000054E000.00000002.00000001.01000000.00000003.sdmp, oz9Blof9tN.msi, MSI458D.tmp.1.dr, MSI460B.tmp.1.dr, 4b42f7.msi.1.dr
        Source: ImmEnumInputContext9ed8e2f7ae.exe.1.drStatic PE information: section name: .xdata
        Source: ImmEnumInputContext9ed8e2f7ae.exe.1.drStatic PE information: section name: .symtab
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_00529DD0 push ecx; ret 4_2_00529DE3
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_3_0000025F7CB5508E push edi; iretd 5_3_0000025F7CB5508F
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_3_0000025F7CB508EE push ss; iretd 5_3_0000025F7CB508F5
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_3_0000025F7CB529A1 push ds; ret 5_3_0000025F7CB529F7
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_3_0000025F7CB503E2 push cs; retf 5_3_0000025F7CB503E3
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0000025F7CBA935D push edi; iretd 5_2_0000025F7CBA935E
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0000025F7CBAAD58 push ebp; iretd 5_2_0000025F7CBAAD59
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0000025F7CBA971E push cs; retf 5_2_0000025F7CBA971F
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0000025F7CBB977E push EC9DD3C7h; retf 5_2_0000025F7CBB978C
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0000025F7CBCA86F push ebp; iretd 5_2_0000025F7CBCA870
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0000025F7CBCA84F push ebp; iretd 5_2_0000025F7CBCA850
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0000025F7CBAB91C pushad ; retf 5_2_0000025F7CBAB91D
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0000025F7CBAF901 push ebx; iretd 5_2_0000025F7CBAF902
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0000025F7CBCA898 push ebp; iretd 5_2_0000025F7CBCA899

        Persistence and Installation Behavior

        barindex
        Drops executables to the windows directory (C:\Windows) and starts them
        Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSI460B.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4440.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI460B.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI43E2.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI44DF.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4480.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI452E.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4440.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI460B.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI43E2.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI44DF.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4480.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI452E.tmpJump to dropped file
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOTJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_01034E60 rdtscp5_2_01034E60
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4440.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI43E2.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI44DF.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4480.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI452E.tmpJump to dropped file
        Source: C:\Windows\Installer\MSI460B.tmpCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_4-35102
        Source: C:\Windows\Installer\MSI460B.tmpAPI coverage: 4.6 %
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exe TID: 6052Thread sleep time: -39873s >= -30000sJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_00540A10 FindFirstFileExW,4_2_00540A10
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_010021E0 GetProcessAffinityMask,GetSystemInfo,5_2_010021E0
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeThread delayed: delay time: 39873Jump to behavior
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2308728075.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F24000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
        Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior

        Anti Debugging

        barindex
        Potentially malicious time measurement code found
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_01034E60 Start: 01034E69 End: 01034E7F5_2_01034E60
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_01034E60 rdtscp5_2_01034E60
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_005124B5 IsDebuggerPresent,OutputDebugStringW,4_2_005124B5
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_0054080C mov eax, dword ptr fs:[00000030h]4_2_0054080C
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_00539C75 mov ecx, dword ptr fs:[00000030h]4_2_00539C75
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_005025B0 GetProcessHeap,4_2_005025B0
        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI460B.tmp "C:\Windows\Installer\MSI460B.tmp" /DontWait /HideWindow "C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exe"Jump to behavior
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_0052A145 SetUnhandledExceptionFilter,4_2_0052A145
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_0052976D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0052976D
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_0052DFE6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_0052DFE6
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_00529FB1 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00529FB1
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_00507840 GetWindowsDirectoryW,GetForegroundWindow,ShellExecuteExW,ShellExecuteExW,GetModuleHandleW,GetProcAddress,AllowSetForegroundWindow,GetModuleHandleW,GetProcAddress,Sleep,EnumWindows,SetWindowPos,WaitForSingleObject,GetExitCodeProcess,GetWindowThreadProcessId,GetWindowLongW,4_2_00507840
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_00529BFC cpuid 4_2_00529BFC
        Source: C:\Windows\Installer\MSI460B.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_00544039
        Source: C:\Windows\Installer\MSI460B.tmpCode function: EnumSystemLocalesW,4_2_0053E02D
        Source: C:\Windows\Installer\MSI460B.tmpCode function: GetLocaleInfoW,4_2_0054413F
        Source: C:\Windows\Installer\MSI460B.tmpCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,4_2_0054420E
        Source: C:\Windows\Installer\MSI460B.tmpCode function: GetLocaleInfoW,4_2_0053E5AA
        Source: C:\Windows\Installer\MSI460B.tmpCode function: GetLocaleInfoEx,FormatMessageA,4_2_00512831
        Source: C:\Windows\Installer\MSI460B.tmpCode function: GetACP,IsValidCodePage,GetLocaleInfoW,4_2_0054388F
        Source: C:\Windows\Installer\MSI460B.tmpCode function: EnumSystemLocalesW,4_2_00543B37
        Source: C:\Windows\Installer\MSI460B.tmpCode function: EnumSystemLocalesW,4_2_00543B82
        Source: C:\Windows\Installer\MSI460B.tmpCode function: EnumSystemLocalesW,4_2_00543C1D
        Source: C:\Windows\Installer\MSI460B.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,4_2_00543CB0
        Source: C:\Windows\Installer\MSI460B.tmpCode function: GetLocaleInfoEx,4_2_00528EB7
        Source: C:\Windows\Installer\MSI460B.tmpCode function: GetLocaleInfoW,4_2_00543F10
        Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_0052A205 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,4_2_0052A205
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeCode function: 5_2_0000025F7CBB4E28 GetUserNameA,strrchr,_snprintf,5_2_0000025F7CBB4E28
        Source: C:\Windows\Installer\MSI460B.tmpCode function: 4_2_0053EA34 GetTimeZoneInformation,4_2_0053EA34
        Source: C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Remote Access Functionality

        barindex
        Yara detected CobaltStrike
        Source: Yara matchFile source: 00000005.00000002.3238249247.000000C000100000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000003.2002510111.0000025F7CB50000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.3239674052.0000025F7D900000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.3239202728.0000025F7CBD1000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: ImmEnumInputContext9ed8e2f7ae.exe PID: 6304, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire Infrastructure1
        Replication Through Removable Media        		1
        Native API        		1
        DLL Side-Loading        		1
        Exploitation for Privilege Escalation        		1
        Disable or Modify Tools        		11
        Input Capture        		2
        System Time Discovery        		Remote Services1
        Archive Collected Data        		1
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault Accounts2
        Command and Scripting Interpreter        		Boot or Logon Initialization Scripts1
        DLL Side-Loading        		1
        Deobfuscate/Decode Files or Information        		LSASS Memory11
        Peripheral Device Discovery        		Remote Desktop Protocol11
        Input Capture        		1
        Non-Standard Port        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        Process Injection        		3
        Obfuscated Files or Information        		Security Account Manager1
        Account Discovery        		SMB/Windows Admin SharesData from Network Shared Drive1
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        DLL Side-Loading        		NTDS1
        File and Directory Discovery        		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        File Deletion        		LSA Secrets35
        System Information Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts121
        Masquerading        		Cached Domain Credentials1
        Query Registry        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
        Virtualization/Sandbox Evasion        		DCSync131
        Security Software Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        Process Injection        		Proc Filesystem11
        Virtualization/Sandbox Evasion        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow2
        Process Discovery        		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
        IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
        System Owner/User Discovery        		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        oz9Blof9tN.msi37%ReversingLabsWin64.Backdoor.Cobeacon
        oz9Blof9tN.msi46%VirustotalBrowse

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exe47%ReversingLabsWin32.Trojan.CobaltStrike
        C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exe60%VirustotalBrowse
        C:\Windows\Installer\MSI43E2.tmp0%ReversingLabs
        C:\Windows\Installer\MSI43E2.tmp0%VirustotalBrowse
        C:\Windows\Installer\MSI4440.tmp0%ReversingLabs
        C:\Windows\Installer\MSI4440.tmp0%VirustotalBrowse
        C:\Windows\Installer\MSI4480.tmp0%ReversingLabs
        C:\Windows\Installer\MSI4480.tmp0%VirustotalBrowse
        C:\Windows\Installer\MSI44DF.tmp0%ReversingLabs
        C:\Windows\Installer\MSI44DF.tmp0%VirustotalBrowse
        C:\Windows\Installer\MSI452E.tmp0%ReversingLabs
        C:\Windows\Installer\MSI452E.tmp0%VirustotalBrowse
        C:\Windows\Installer\MSI460B.tmp0%ReversingLabs
        C:\Windows\Installer\MSI460B.tmp0%VirustotalBrowse

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        bg.microsoft.map.fastly.net0%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        https://156.255.2.100:18896/jquery-3.3.1.min.jsjb0%Avira URL Cloudsafe
        http://code.jquery.com/0%Avira URL Cloudsafe
        https://156.255.2.100:18896/jquery-3.3.1.min.jsdclHbog0%Avira URL Cloudsafe
        https://156.255.2.100:18896/jquery-3.3.1.min.js1.3.6.1.4.1.311.10.3.91.3.6.1.4.1.311.10.3.190%Avira URL Cloudsafe
        https://156.255.2.100:18896/jquery-3.3.1.min.jsS0%Avira URL Cloudsafe
        https://156.255.2.100:18896/hy0%Avira URL Cloudsafe
        https://156.255.2.100/0%Avira URL Cloudsafe
        https://156.255.2.100:18896/0%Avira URL Cloudsafe
        https://156.255.2.100:18896/jquery-3.3.1.min.js53011b87bd06u0%Avira URL Cloudsafe
        https://156.255.2.100:18896/jquery-3.3.1.min.jststl.cab?c6786262e02c87350%Avira URL Cloudsafe
        https://156.255.2.100:18896/5%VirustotalBrowse
        https://156.255.2.100/1%VirustotalBrowse
        https://156.255.2.100:18896/jquery-3.3.1.min.jsrovider0%Avira URL Cloudsafe
        https://156.255.2.100:18896/ll0%Avira URL Cloudsafe
        https://156.255.2.100:18896/jquery-3.3.1.min.jsnc0%Avira URL Cloudsafe
        https://156.255.2.100:18896/jquery-3.3.1.min.js0%Avira URL Cloudsafe
        https://156.255.2.100:18896/jquery-3.3.1.min.jst0%Avira URL Cloudsafe
        http://code.jquery.com/1%VirustotalBrowse
        https://156.255.2.100:18896/jquery-3.3.1.min.js4%VirustotalBrowse
        https://156.255.2.100:18896/jquery-3.3.1.min.jsw0%Avira URL Cloudsafe
        http://code.jquery.com/9S0%Avira URL Cloudsafe
        https://156.255.2.100:18896/hy4%VirustotalBrowse
        https://156.255.2.100:18896/jquery-3.3.1.min.jsrovider70%Avira URL Cloudsafe
        https://156.255.2.100:18896/jquery-3.3.1.min.jsw4%VirustotalBrowse
        https://156.255.2.100:18896/jquery-3.3.1.min.jsryptnetUrlCache0%Avira URL Cloudsafe
        https://156.255.2.100:18896/jquery-3.3.1.min.jsvider0%Avira URL Cloudsafe
        https://156.255.2.100:18896/jquery-3.3.1.min.js-2425835fc7d30%Avira URL Cloudsafe
        https://156.255.2.100:18896/jquery-3.3.1.min.jsc0%Avira URL Cloudsafe
        156.255.2.1000%Avira URL Cloudsafe
        https://156.255.2.100:18896/jquery-3.3.1.min.jsg0%Avira URL Cloudsafe
        https://156.255.2.100:18896/jquery-3.3.1.min.jsroviderD0%Avira URL Cloudsafe
        156.255.2.1000%VirustotalBrowse

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        bg.microsoft.map.fastly.net
        		199.232.214.172
        		truefalseunknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        156.255.2.100true
        • 0%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://156.255.2.100:18896/jquery-3.3.1.min.jsjbImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://code.jquery.com/ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F24000.00000004.00000020.00020000.00000000.sdmpfalse
        • 1%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        https://156.255.2.100:18896/jquery-3.3.1.min.jsSImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F55000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://156.255.2.100:18896/jquery-3.3.1.min.js1.3.6.1.4.1.311.10.3.91.3.6.1.4.1.311.10.3.19ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://156.255.2.100:18896/jquery-3.3.1.min.jsdclHbogImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2308728075.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://156.255.2.100:18896/hyImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmpfalse
        • 4%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        https://156.255.2.100/ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2308728075.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpfalse
        • 1%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        https://156.255.2.100:18896/ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2309083007.0000025F75FDB000.00000004.00000020.00020000.00000000.sdmpfalse
        • 5%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        https://156.255.2.100:18896/jquery-3.3.1.min.js53011b87bd06uImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://156.255.2.100:18896/jquery-3.3.1.min.jststl.cab?c6786262e02c8735ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2308728075.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://156.255.2.100:18896/jquery-3.3.1.min.jsroviderImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017544301.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://156.255.2.100:18896/llImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://156.255.2.100:18896/jquery-3.3.1.min.jsncImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://156.255.2.100:18896/jquery-3.3.1.min.jsImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpfalse
        • 4%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        https://156.255.2.100:18896/jquery-3.3.1.min.jstImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2308728075.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://156.255.2.100:18896/jquery-3.3.1.min.jswImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmpfalse
        • 4%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        http://code.jquery.com/9SImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2308728075.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://156.255.2.100:18896/jquery-3.3.1.min.jsrovider7ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2191865341.0000025F75FDA000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017544301.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://156.255.2.100:18896/jquery-3.3.1.min.jsryptnetUrlCacheImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://156.255.2.100:18896/jquery-3.3.1.min.jsviderImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017544301.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://156.255.2.100:18896/jquery-3.3.1.min.js-2425835fc7d3ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2308728075.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75F82000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017520327.0000025F75F82000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://156.255.2.100:18896/jquery-3.3.1.min.jscImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.2309083007.0000025F75FDB000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017544301.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://156.255.2.100:18896/jquery-3.3.1.min.jsgImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmp, ImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000003.3017544301.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://156.255.2.100:18896/jquery-3.3.1.min.jsroviderDImmEnumInputContext9ed8e2f7ae.exe, 00000005.00000002.3238431748.0000025F75FDD000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        156.255.2.100
        		unknownSeychelles
        		137443ANCHGLOBAL-AS-APAnchnetAsiaLimitedHKtrue

        General Information

        Joe Sandbox version:40.0.0 Tourmaline
        Analysis ID:1483409
        Start date and time:2024-07-27 11:19:08 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 5m 56s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:10
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:oz9Blof9tN.msi
        renamed because original name is a hash value
        Original Sample Name:65bd52c6c75354696a891efbf47be141837d095953366f5dec823a0257126840.msi
        Detection:MAL
        Classification:mal100.troj.evad.mine.winMSI@8/27@0/1
        EGA Information:
        • Successful, ratio: 100%
        HCA Information:
        • Successful, ratio: 98%
        • Number of executed functions: 16
        • Number of non-executed functions: 184
        Cookbook Comments:
        • Found application associated with file extension: .msi

        Warnings

        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 2.19.126.163, 2.19.126.137
        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net
        • Not all processes where analyzed, report is missing behavior information
        • Report size getting too big, too many NtDeviceIoControlFile calls found.
        • Report size getting too big, too many NtOpenKeyEx calls found.
        • Report size getting too big, too many NtQueryValueKey calls found.

        Simulations

        Behavior and APIs

        TimeTypeDescription
        05:19:58API Interceptor1x Sleep call for process: ImmEnumInputContext9ed8e2f7ae.exe modified

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        156.255.2.1001x6jzcZeRu.exeGet hashmaliciousCobaltStrikeBrowse

          Domains

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          bg.microsoft.map.fastly.netQUOTATION_JULQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
          • 199.232.210.172
          invoker.ps1Get hashmaliciousUnknownBrowse
          • 199.232.210.172
          http://investors.spotify.com.th.wuush.us.kg/Get hashmaliciousUnknownBrowse
          • 199.232.214.172
          http://cache.netflix.com.sg3.wuush.us.kg/Get hashmaliciousUnknownBrowse
          • 199.232.210.172
          http://apple.vn377.com/Get hashmaliciousUnknownBrowse
          • 199.232.214.172
          http://apple.dogwog.com/Get hashmaliciousUnknownBrowse
          • 199.232.210.172
          https://phhqqzqh7ydp8nreby0mq5yfr8su0h93.ocalam.com:8443/impact?impact=shanmugasundaramGet hashmaliciousHTMLPhisherBrowse
          • 199.232.214.172
          http://apple.fnf478.com/Get hashmaliciousUnknownBrowse
          • 199.232.210.172
          http://apple.eph167.com/Get hashmaliciousUnknownBrowse
          • 199.232.210.172
          http://www.linktr.ee/debank.notificationGet hashmaliciousUnknownBrowse
          • 199.232.214.172

          ASNs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          ANCHGLOBAL-AS-APAnchnetAsiaLimitedHK1x6jzcZeRu.exeGet hashmaliciousCobaltStrikeBrowse
          • 156.255.2.100
          stock request.exeGet hashmaliciousFormBookBrowse
          • 154.204.175.188
          LisectAVT_2403002B_92.exeGet hashmaliciousUnknownBrowse
          • 154.91.34.211
          LisectAVT_2403002B_92.exeGet hashmaliciousUnknownBrowse
          • 154.91.34.211
          94.156.8.9-skid.arm-2024-07-23T17_40_08.elfGet hashmaliciousMirai, MoobotBrowse
          • 156.241.153.118
          94.156.8.9-skid.x86-2024-07-23T17_40_07.elfGet hashmaliciousMirai, MoobotBrowse
          • 156.253.18.69
          94.156.8.9-skid.ppc-2024-07-23T17_40_07.elfGet hashmaliciousMirai, MoobotBrowse
          • 118.184.11.245
          45.66.231.148-sparc-2024-07-21T13_11_25.elfGet hashmaliciousMiraiBrowse
          • 156.241.153.166
          nell.docGet hashmaliciousFormBookBrowse
          • 156.241.141.214
          95DVgihS4k.elfGet hashmaliciousUnknownBrowse
          • 103.73.160.117

          JA3 Fingerprints

          No context

          Dropped Files

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          C:\Windows\Installer\MSI4440.tmpintimacion6532.msi_intimacion6532.msi_84784.msiGet hashmaliciousUnknownBrowse
            factura546532.msi_factura546532.msi_78870.msiGet hashmaliciousUnknownBrowse
              FactuBoletaEletricidadCgeMAYO.msi_FactuBoletaEletricidadCgeMAYO.msi_49684.msiGet hashmaliciousUnknownBrowse
                setup.msiGet hashmaliciousUnknownBrowse
                  setup.msiGet hashmaliciousUnknownBrowse
                    setup.msiGet hashmaliciousUnknownBrowse
                      Xih96kXne2.msiGet hashmaliciousUnknownBrowse
                        setup.msiGet hashmaliciousUnknownBrowse
                          0Q9vOYCeed.msiGet hashmaliciousUnknownBrowse
                            f1kqfrs9ME.msiGet hashmaliciousUnknownBrowse
                              C:\Windows\Installer\MSI43E2.tmpintimacion6532.msi_intimacion6532.msi_84784.msiGet hashmaliciousUnknownBrowse
                                factura546532.msi_factura546532.msi_78870.msiGet hashmaliciousUnknownBrowse
                                  FactuBoletaEletricidadCgeMAYO.msi_FactuBoletaEletricidadCgeMAYO.msi_49684.msiGet hashmaliciousUnknownBrowse
                                    setup.msiGet hashmaliciousUnknownBrowse
                                      setup.msiGet hashmaliciousUnknownBrowse
                                        setup.msiGet hashmaliciousUnknownBrowse
                                          Xih96kXne2.msiGet hashmaliciousUnknownBrowse
                                            setup.msiGet hashmaliciousUnknownBrowse
                                              0Q9vOYCeed.msiGet hashmaliciousUnknownBrowse
                                                f1kqfrs9ME.msiGet hashmaliciousUnknownBrowse

                                                  Created / dropped Files

                                                  C:\Config.Msi\4b42f9.rbs

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:data
                                                  Category:modified
                                                  Size (bytes):1382
                                                  Entropy (8bit):5.859081504848103
                                                  Encrypted:false
                                                  SSDEEP:24:2gVD8IkQdase5LN6dBHhh8I+sV8I9a8IbnAGHrz4o6X//GHrLwGHrrBpGHrpeGH0:27IQ4d9cdGVynfYIgL+
                                                  MD5:8867F995CF08C92C2EE6CB0D575777C2
                                                  SHA1:F82859DE82BAC53B0A32EB2C92F19B59104263D7
                                                  SHA-256:FE6707862A038F5AC0FA1CA8DECDF34A8FC39AFB434602B75B4659176350F514
                                                  SHA-512:72F9D9AB156CCA2DB595F9BB04F9344D6A398444D7D86A491EFFED9D58D7905D9E3399354EED95E8C7E80860875C57F11F180705CCD1724F4B31F771FDD09CFC
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:...@IXOS.@.....@|*.X.@.....@.....@.....@.....@.....@......&.{0915C26A-4838-446F-95D6-9061AE0B204B}..cloudchat..oz9Blof9tN.msi.@.....@.....@.....@........&.{1CF5B253-45C8-4A59-ABDD-E1EC47B34789}.....@.....@.....@.....@.......@.....@.....@.......@......cloudchat......Rollback..ck(W.V.n.d\O:.....RollbackCleanup..ck(W Rd..Y.N.e.N...e.N:. .[.1.].....ProcessComponents..ck(W.f.e.~.N.l.Qh...&.{4D359527-4796-42E6-A80B-DF38DA71194C}&.{0915C26A-4838-446F-95D6-9061AE0B204B}.@......&.{620F558B-A16C-4E1F-8AF2-A1F97E56D1C9}&.{0915C26A-4838-446F-95D6-9061AE0B204B}.@......&.{E68DA7B8-376F-4D15-9D90-724A4BDF73A0}&.{0915C26A-4838-446F-95D6-9061AE0B204B}.@........CreateFolders..ck(W.R.^.e.N9Y...e.N9Y:. .[.1.].#.8.C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\.@........InstallFiles..ck(W.Y6R.e.e.N...e.N:. .[.1.]....vU_:. .[.9.]...'Y.\:. .[.6.]...8.C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\....Y.C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exe

                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                  Download File
                                                  Process:C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exe
                                                  File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                  Category:dropped
                                                  Size (bytes):71954
                                                  Entropy (8bit):7.996617769952133
                                                  Encrypted:true
                                                  SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                  MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                  SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                  SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                  SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                  Malicious:false
                                                  Reputation:high, very likely benign file
                                                  Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                  Download File
                                                  Process:C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exe
                                                  File Type:data
                                                  Category:modified
                                                  Size (bytes):328
                                                  Entropy (8bit):3.100560621597864
                                                  Encrypted:false
                                                  SSDEEP:6:kKlI9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:dDnLNkPlE99SNxAhUe/3
                                                  MD5:20DF464651B910E919452E20A905129B
                                                  SHA1:853EF5EDAA74DE99A023F8F64FE7E895B7406EA8
                                                  SHA-256:EE040440922327E7B2E6EFAC52625B4FD88095F7E39B2979C8F59021C1A7412D
                                                  SHA-512:0219A0F11DE13ED4CC5AFDD46B0FE77DACFA6F8915092F3B5D1C7CDB8BE4186F70C04F952BB2152491614B055433E56D08A918AB4F9294F7051AD692E98B55B3
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:p...... .........w.&....(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                  C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exe

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):1625600
                                                  Entropy (8bit):6.517580564741937
                                                  Encrypted:false
                                                  SSDEEP:24576:7iU7pMzxRZ09VSkbDj9yOVQNs8cotbCXcOhJJpQaoLJi7:mVR+9VSkvjRQNsLotuPfKJ
                                                  MD5:92FFD5A24BF3942FFA7AC182E4E0C171
                                                  SHA1:7C69105624BB5C58643288BB8D419ABFD3CD6E1E
                                                  SHA-256:7266644B3B822760ED8FE66104251BEC8BA51F8F01581D40E1E807CA82DD09D8
                                                  SHA-512:E3FEF5AABD9FB64227AA6F4D4D372DA998871FFEC8F985396D56E04B395942A7DF47D800BB330E3509BA60021832F19CCB9B705547E81F394EA88F095D55028E
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 47%
                                                  • Antivirus: Virustotal, Detection: 60%, Browse
                                                  Reputation:low
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................."......,... .......e........@...............................!...........`... ..............................................P!.T.............!..<...........`!..1...................................................Q...............................text....+.......,.................. ..`.rdata.......@.......2..............@..@.data.......P... ...4..............@....pdata...<....!..>...T..............@..@.xdata.......@!.....................@..@.idata..T....P!.....................@....reloc...1...`!..2..................@..B.symtab.......!........................B................................................................................................................................................................................................................................................................................................

                                                  C:\Windows\Installer\4b42f7.msi

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 936, Revision Number: {1CF5B253-45C8-4A59-ABDD-E1EC47B34789}, Number of Words: 10, Subject: cloudchat, Author: cloudchat.inc, Name of Creating Application: cloudchat, Template: ;2052, Comments: Installer cloudchat , Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Mon Jul 8 03:46:57 2024, Last Saved Time/Date: Mon Jul 8 03:46:57 2024, Last Printed: Mon Jul 8 03:46:57 2024, Number of Pages: 450
                                                  Category:dropped
                                                  Size (bytes):2541568
                                                  Entropy (8bit):7.255363583796247
                                                  Encrypted:false
                                                  SSDEEP:49152:8lweWK9YwPhH9D+g5jvPm36W547vzV6fxhbFjDm5sL8KmypeKKR:rmD+2mqJgXbpS5jKml
                                                  MD5:54E6BCB33159C34E4E35FC27073786FB
                                                  SHA1:74B6384F931CFD1C37E86BF62699D657B38FAAD2
                                                  SHA-256:65BD52C6C75354696A891EFBF47BE141837D095953366F5DEC823A0257126840
                                                  SHA-512:0BDB594BE4FB8FC35AB1E3926A16605B49906FA2952BB5512286989B17780964C8380C4CDEB3A030473C4177A1F550CB2333BACD94A316F2052CEA2F9BD61559
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:......................>...................'...................................D.......a.......t...............................>...?...@...A...B...C...D...E...F...G...H...I...............................................................................................................................................................................................................................................................................................................................................................m..............."...5........................................................................................... ...!...,...2...$...%...&...'...(...)...*...+.......-......./...0...1...6...3...4...;...=...7...8...9...:...C...<.......>...?...@...A...B......./.......F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                  C:\Windows\Installer\MSI43E2.tmp

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):756576
                                                  Entropy (8bit):6.616629532136608
                                                  Encrypted:false
                                                  SSDEEP:12288:+0WEHqIw3Gy6hFWBZGNTph0lhSMXle1Gf5PsTcuvX:+xDf3z6hFWHah0lhSMXlKW547vX
                                                  MD5:B158D8D605571EA47A238DF5AB43DFAA
                                                  SHA1:BB91AE1F2F7142B9099E3CC285F4F5B84DE568E4
                                                  SHA-256:CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504
                                                  SHA-512:56AEF59C198ACF2FCD0D95EA6E32CE1C706E5098A0800FEFF13DDB427BFB4D538DE1C415A5CB5496B09A5825155E3ABB1C13C8C37DC31549604BD4D63CB70591
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                  Joe Sandbox View:
                                                  • Filename: intimacion6532.msi_intimacion6532.msi_84784.msi, Detection: malicious, Browse
                                                  • Filename: factura546532.msi_factura546532.msi_78870.msi, Detection: malicious, Browse
                                                  • Filename: FactuBoletaEletricidadCgeMAYO.msi_FactuBoletaEletricidadCgeMAYO.msi_49684.msi, Detection: malicious, Browse
                                                  • Filename: setup.msi, Detection: malicious, Browse
                                                  • Filename: setup.msi, Detection: malicious, Browse
                                                  • Filename: setup.msi, Detection: malicious, Browse
                                                  • Filename: Xih96kXne2.msi, Detection: malicious, Browse
                                                  • Filename: setup.msi, Detection: malicious, Browse
                                                  • Filename: 0Q9vOYCeed.msi, Detection: malicious, Browse
                                                  • Filename: f1kqfrs9ME.msi, Detection: malicious, Browse
                                                  Reputation:moderate, very likely benign file
                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......+.ZRo.4.o.4.o.4...7.d.4...1...4.iV0.}.4.iV7.x.4.iV1.!.4...0.v.4...2.n.4...5.F.4.o.5...4..V=...4..V4.n.4..V..n.4.o..n.4..V6.n.4.Richo.4.........................PE..L.....e.........."!...&............................................................bL....@A........................ ..........,....................N..`=.......x..p...p...............................@...............x............................text...j........................... ..`.rdata..H...........................@..@.data....%..........................@....rsrc...............................@..@.reloc...x.......z..................@..B........................................................................................................................................................................................................................................................................

                                                  C:\Windows\Installer\MSI4440.tmp

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):756576
                                                  Entropy (8bit):6.616629532136608
                                                  Encrypted:false
                                                  SSDEEP:12288:+0WEHqIw3Gy6hFWBZGNTph0lhSMXle1Gf5PsTcuvX:+xDf3z6hFWHah0lhSMXlKW547vX
                                                  MD5:B158D8D605571EA47A238DF5AB43DFAA
                                                  SHA1:BB91AE1F2F7142B9099E3CC285F4F5B84DE568E4
                                                  SHA-256:CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504
                                                  SHA-512:56AEF59C198ACF2FCD0D95EA6E32CE1C706E5098A0800FEFF13DDB427BFB4D538DE1C415A5CB5496B09A5825155E3ABB1C13C8C37DC31549604BD4D63CB70591
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                  Joe Sandbox View:
                                                  • Filename: intimacion6532.msi_intimacion6532.msi_84784.msi, Detection: malicious, Browse
                                                  • Filename: factura546532.msi_factura546532.msi_78870.msi, Detection: malicious, Browse
                                                  • Filename: FactuBoletaEletricidadCgeMAYO.msi_FactuBoletaEletricidadCgeMAYO.msi_49684.msi, Detection: malicious, Browse
                                                  • Filename: setup.msi, Detection: malicious, Browse
                                                  • Filename: setup.msi, Detection: malicious, Browse
                                                  • Filename: setup.msi, Detection: malicious, Browse
                                                  • Filename: Xih96kXne2.msi, Detection: malicious, Browse
                                                  • Filename: setup.msi, Detection: malicious, Browse
                                                  • Filename: 0Q9vOYCeed.msi, Detection: malicious, Browse
                                                  • Filename: f1kqfrs9ME.msi, Detection: malicious, Browse
                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......+.ZRo.4.o.4.o.4...7.d.4...1...4.iV0.}.4.iV7.x.4.iV1.!.4...0.v.4...2.n.4...5.F.4.o.5...4..V=...4..V4.n.4..V..n.4.o..n.4..V6.n.4.Richo.4.........................PE..L.....e.........."!...&............................................................bL....@A........................ ..........,....................N..`=.......x..p...p...............................@...............x............................text...j........................... ..`.rdata..H...........................@..@.data....%..........................@....rsrc...............................@..@.reloc...x.......z..................@..B........................................................................................................................................................................................................................................................................

                                                  C:\Windows\Installer\MSI4480.tmp

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):756576
                                                  Entropy (8bit):6.616629532136608
                                                  Encrypted:false
                                                  SSDEEP:12288:+0WEHqIw3Gy6hFWBZGNTph0lhSMXle1Gf5PsTcuvX:+xDf3z6hFWHah0lhSMXlKW547vX
                                                  MD5:B158D8D605571EA47A238DF5AB43DFAA
                                                  SHA1:BB91AE1F2F7142B9099E3CC285F4F5B84DE568E4
                                                  SHA-256:CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504
                                                  SHA-512:56AEF59C198ACF2FCD0D95EA6E32CE1C706E5098A0800FEFF13DDB427BFB4D538DE1C415A5CB5496B09A5825155E3ABB1C13C8C37DC31549604BD4D63CB70591
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......+.ZRo.4.o.4.o.4...7.d.4...1...4.iV0.}.4.iV7.x.4.iV1.!.4...0.v.4...2.n.4...5.F.4.o.5...4..V=...4..V4.n.4..V..n.4.o..n.4..V6.n.4.Richo.4.........................PE..L.....e.........."!...&............................................................bL....@A........................ ..........,....................N..`=.......x..p...p...............................@...............x............................text...j........................... ..`.rdata..H...........................@..@.data....%..........................@....rsrc...............................@..@.reloc...x.......z..................@..B........................................................................................................................................................................................................................................................................

                                                  C:\Windows\Installer\MSI44DF.tmp

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):756576
                                                  Entropy (8bit):6.616629532136608
                                                  Encrypted:false
                                                  SSDEEP:12288:+0WEHqIw3Gy6hFWBZGNTph0lhSMXle1Gf5PsTcuvX:+xDf3z6hFWHah0lhSMXlKW547vX
                                                  MD5:B158D8D605571EA47A238DF5AB43DFAA
                                                  SHA1:BB91AE1F2F7142B9099E3CC285F4F5B84DE568E4
                                                  SHA-256:CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504
                                                  SHA-512:56AEF59C198ACF2FCD0D95EA6E32CE1C706E5098A0800FEFF13DDB427BFB4D538DE1C415A5CB5496B09A5825155E3ABB1C13C8C37DC31549604BD4D63CB70591
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......+.ZRo.4.o.4.o.4...7.d.4...1...4.iV0.}.4.iV7.x.4.iV1.!.4...0.v.4...2.n.4...5.F.4.o.5...4..V=...4..V4.n.4..V..n.4.o..n.4..V6.n.4.Richo.4.........................PE..L.....e.........."!...&............................................................bL....@A........................ ..........,....................N..`=.......x..p...p...............................@...............x............................text...j........................... ..`.rdata..H...........................@..@.data....%..........................@....rsrc...............................@..@.reloc...x.......z..................@..B........................................................................................................................................................................................................................................................................

                                                  C:\Windows\Installer\MSI452E.tmp

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):756576
                                                  Entropy (8bit):6.616629532136608
                                                  Encrypted:false
                                                  SSDEEP:12288:+0WEHqIw3Gy6hFWBZGNTph0lhSMXle1Gf5PsTcuvX:+xDf3z6hFWHah0lhSMXlKW547vX
                                                  MD5:B158D8D605571EA47A238DF5AB43DFAA
                                                  SHA1:BB91AE1F2F7142B9099E3CC285F4F5B84DE568E4
                                                  SHA-256:CA763693CC25D316F14A9EBAD80EBF00590329550C45ADB7E5205486533C2504
                                                  SHA-512:56AEF59C198ACF2FCD0D95EA6E32CE1C706E5098A0800FEFF13DDB427BFB4D538DE1C415A5CB5496B09A5825155E3ABB1C13C8C37DC31549604BD4D63CB70591
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......+.ZRo.4.o.4.o.4...7.d.4...1...4.iV0.}.4.iV7.x.4.iV1.!.4...0.v.4...2.n.4...5.F.4.o.5...4..V=...4..V4.n.4..V..n.4.o..n.4..V6.n.4.Richo.4.........................PE..L.....e.........."!...&............................................................bL....@A........................ ..........,....................N..`=.......x..p...p...............................@...............x............................text...j........................... ..`.rdata..H...........................@..@.data....%..........................@....rsrc...............................@..@.reloc...x.......z..................@..B........................................................................................................................................................................................................................................................................

                                                  C:\Windows\Installer\MSI458D.tmp

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):417562
                                                  Entropy (8bit):6.501449948012274
                                                  Encrypted:false
                                                  SSDEEP:12288:x9x/jGiu4WkT19YwPhHk2D+F8p7cM53BoUvie:x9pjGiHWK9YwPhH9D+ij5xxvn
                                                  MD5:E4BBBDABD66C3CE6E64410D4E764A9D6
                                                  SHA1:A85BAC37AC0DF63A35F3227D4D887CE18A37A271
                                                  SHA-256:01006CDB2A9B7D06891D7858264F334136ACBD0CBE6BB93D618AA0C22DA3E565
                                                  SHA-512:47D5B1856A9727F34C9CF832C098CEB4D00F392516E1DF250A0105A95CB08A909567C281B170F44A517F232D4B4B3A8E4FA27773AF95C31A4B9541136E2F2941
                                                  Malicious:false
                                                  Preview:...@IXOS.@.....@|*.X.@.....@.....@.....@.....@.....@......&.{0915C26A-4838-446F-95D6-9061AE0B204B}..cloudchat..oz9Blof9tN.msi.@.....@.....@.....@........&.{1CF5B253-45C8-4A59-ABDD-E1EC47B34789}.....@.....@.....@.....@.......@.....@.....@.......@......cloudchat......Rollback..ck(W.V.n.d\O:.....RollbackCleanup..ck(W Rd..Y.N.e.N...e.N:. .[.1.]....@.......@........ProcessComponents..ck(W.f.e.~.N.l.Qh....@.....@.....@.]....&.{4D359527-4796-42E6-A80B-DF38DA71194C}8.C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\.@.......@.....@.....@......&.{620F558B-A16C-4E1F-8AF2-A1F97E56D1C9},.01:\Software\cloudchat.inc\cloudchat\Version.@.......@.....@.....@......&.{E68DA7B8-376F-4D15-9D90-724A4BDF73A0}Y.C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exe.@.......@.....@.....@........CreateFolders..ck(W.R.^.e.N9Y...e.N9Y:. .[.1.].".8.C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\.@........InstallFiles..ck(W.Y6R.e.e.N...e.N:. .[.1.]....vU_:. .[.9.].

                                                  C:\Windows\Installer\MSI460B.tmp

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):415744
                                                  Entropy (8bit):6.49844264773912
                                                  Encrypted:false
                                                  SSDEEP:12288:U9x/jGiu4WkT19YwPhHk2D+F8p7cM53BoUvi:U9pjGiHWK9YwPhH9D+ij5xxv
                                                  MD5:C846B15B4C1FFFD0FB6B438E71670953
                                                  SHA1:EFD399F2934465961B7DA2A4B2CC9BD2D39E1A95
                                                  SHA-256:28FCE21E5421C9C6DDF735C0CE4FA51767CA302802E3C0249631088AAB23AD90
                                                  SHA-512:0C2C5C15B625A9C670E0DE26CC899A1AD1D9F62ED4E28EF6ED5FD479B15435F83975A9C1EFDC98889F3A7F5EB323C5C7441631776287C8BE50AA8581A2D01667
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|M.~...~...~..]....~..]... ~.......~.......~.......~..]....~..]....~..]....~...~..A~.......~.......~...~...~.......~..Rich.~..................PE..L.....e.........."....&..........................@.......................................@..........................................P..8....................`..,;......p..............................@...............l............................text...:........................... ..`.rdata...".......$..................@..@.data...08..........................@....rsrc...8....P......................@..@.reloc..,;...`...<..................@..B........................................................................................................................................................................................................................................................................................

                                                  C:\Windows\Installer\SourceHash{0915C26A-4838-446F-95D6-9061AE0B204B}

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                  Category:dropped
                                                  Size (bytes):20480
                                                  Entropy (8bit):1.1632557568521529
                                                  Encrypted:false
                                                  SSDEEP:12:JSbX72FjIFiAGiLIlHVRpZh/7777777777777777777777777vDHFRKa3qit/l0G:JtQI5t3h7iF
                                                  MD5:8A5B89D03945015D55FCDCEDD6D79014
                                                  SHA1:B270F45DE83F829F338937C3417DBDAB0C8F1509
                                                  SHA-256:99AD2234203EA8E9E9F6F3D273ABF5E6A09783CF5BCBA50A5A1D12670D82A1E3
                                                  SHA-512:659D409A9D1C22ADD1BDB3EA378A56F20F9E78AD049FCEB5DE32C56C6C405FF53364C532EC218C20C63B9BDC538F5B724D996D4B59864F59EE2D507BD64D5963
                                                  Malicious:false
                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Windows\Installer\inprogressinstallinfo.ipi

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                  Category:dropped
                                                  Size (bytes):20480
                                                  Entropy (8bit):1.5404144408633549
                                                  Encrypted:false
                                                  SSDEEP:48:38PhquRc06WXJWnT5YZqSFAErCycDSZT2:2hq1tnTmZqzwCf
                                                  MD5:9987D3418139385F7C23A4EE2E4A8D58
                                                  SHA1:740CD7F0165102E1E331AA2984DD3ABC7ABB9A4F
                                                  SHA-256:5FF2047088C756F856E5B2339A1012D9CFB766869471AB9F85F9D22ADA6C8938
                                                  SHA-512:80FE47BFFE144FEACF371E21256B62D67C14A57471CC8D39C0EC97883385340C61545DF61F871892AD7F0579AE43E34360B7AABED4DC3CB22B82FE50F4148549
                                                  Malicious:false
                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):364484
                                                  Entropy (8bit):5.3654936845182615
                                                  Encrypted:false
                                                  SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgau2:zTtbmkExhMJCIpEx
                                                  MD5:F926184AA8F757EA9F9A9A68E529FA5D
                                                  SHA1:1708D02754D64F41630BCF1C86E6686051A1AC6B
                                                  SHA-256:B6264B172D231A62BC7FDDE80C4546C6158310CF988E382E6CFF8D79B251D0F4
                                                  SHA-512:FEC4CCF1B41EE01D931ECAA011A4284CFDC620EFCC69E6F0E70975933E263369D98889E7ACC33318A2381F679DFFD3781F3720A5EE9453F0369E4CC27806C81D
                                                  Malicious:false
                                                  Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                  C:\Windows\Temp\~DF26A03A8EF478E99D.TMP

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):512
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3::
                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                  Malicious:false
                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Windows\Temp\~DF34DB424D6AAC3B2C.TMP

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):32768
                                                  Entropy (8bit):0.0709750900743109
                                                  Encrypted:false
                                                  SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOR6NT5oIKR7gVky6lit/:2F0i8n0itFzDHFRKa39it/
                                                  MD5:33FC5C3669EB2F5C75366B4F89625103
                                                  SHA1:1244863F5034679D16CB556AA26F68A3A697BD79
                                                  SHA-256:833C552DBC9A67872628CC2A94998C3A3C3F47CDC65672E8FF54AE6D8F3771A8
                                                  SHA-512:5497932B579CEC42B1060A390F98FF9FD6EB2CC593E426458A0B00D62CBE7B2A9B78DBDB1F97B874C25196AA3FBEC56CD33775F2DBA548926145EC73E88093A5
                                                  Malicious:false
                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Windows\Temp\~DF3703E31376DDDE90.TMP

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                  Category:dropped
                                                  Size (bytes):20480
                                                  Entropy (8bit):1.5404144408633549
                                                  Encrypted:false
                                                  SSDEEP:48:38PhquRc06WXJWnT5YZqSFAErCycDSZT2:2hq1tnTmZqzwCf
                                                  MD5:9987D3418139385F7C23A4EE2E4A8D58
                                                  SHA1:740CD7F0165102E1E331AA2984DD3ABC7ABB9A4F
                                                  SHA-256:5FF2047088C756F856E5B2339A1012D9CFB766869471AB9F85F9D22ADA6C8938
                                                  SHA-512:80FE47BFFE144FEACF371E21256B62D67C14A57471CC8D39C0EC97883385340C61545DF61F871892AD7F0579AE43E34360B7AABED4DC3CB22B82FE50F4148549
                                                  Malicious:false
                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Windows\Temp\~DF375A5FCA068E513A.TMP

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):512
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3::
                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                  Malicious:false
                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Windows\Temp\~DF3BA5F8BFCCD9AB7E.TMP

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):512
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3::
                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                  Malicious:false
                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Windows\Temp\~DF5FBFD5FAEC5D1C7A.TMP

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                  Category:dropped
                                                  Size (bytes):20480
                                                  Entropy (8bit):1.5404144408633549
                                                  Encrypted:false
                                                  SSDEEP:48:38PhquRc06WXJWnT5YZqSFAErCycDSZT2:2hq1tnTmZqzwCf
                                                  MD5:9987D3418139385F7C23A4EE2E4A8D58
                                                  SHA1:740CD7F0165102E1E331AA2984DD3ABC7ABB9A4F
                                                  SHA-256:5FF2047088C756F856E5B2339A1012D9CFB766869471AB9F85F9D22ADA6C8938
                                                  SHA-512:80FE47BFFE144FEACF371E21256B62D67C14A57471CC8D39C0EC97883385340C61545DF61F871892AD7F0579AE43E34360B7AABED4DC3CB22B82FE50F4148549
                                                  Malicious:false
                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Windows\Temp\~DF61026EF737EB17DF.TMP

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                  Category:dropped
                                                  Size (bytes):32768
                                                  Entropy (8bit):1.236911821584706
                                                  Encrypted:false
                                                  SSDEEP:24:JEj2hU31iuxTihipjWs2xza2tzhALZdagUMClXtrC2U+uY0tgipV0tiAEV0yjCyV:O1iuhM+CFXJ1T5wZqSFAErCycDSZT2
                                                  MD5:B3D160DC9BCC7B4E7C49006B99872B2F
                                                  SHA1:9491704698C850E6B6B6849816542E69EB8D7B14
                                                  SHA-256:FC877CE34757C5E1374130EEF4F32D7BCA470FDBB8D018302CB11076E831AE51
                                                  SHA-512:FB678CE76FEB1EAFEF9B770F92389A9BE1625331B289E413C13BB3E74790E47B0D0F840B756B2BE4FADD6830289C840253EF0CFD108A5CD8357C05BA4204C9C5
                                                  Malicious:false
                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Windows\Temp\~DF9106CB87AB2F9244.TMP

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                  Category:dropped
                                                  Size (bytes):32768
                                                  Entropy (8bit):1.236911821584706
                                                  Encrypted:false
                                                  SSDEEP:24:JEj2hU31iuxTihipjWs2xza2tzhALZdagUMClXtrC2U+uY0tgipV0tiAEV0yjCyV:O1iuhM+CFXJ1T5wZqSFAErCycDSZT2
                                                  MD5:B3D160DC9BCC7B4E7C49006B99872B2F
                                                  SHA1:9491704698C850E6B6B6849816542E69EB8D7B14
                                                  SHA-256:FC877CE34757C5E1374130EEF4F32D7BCA470FDBB8D018302CB11076E831AE51
                                                  SHA-512:FB678CE76FEB1EAFEF9B770F92389A9BE1625331B289E413C13BB3E74790E47B0D0F840B756B2BE4FADD6830289C840253EF0CFD108A5CD8357C05BA4204C9C5
                                                  Malicious:false
                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Windows\Temp\~DF92B3FF885428F156.TMP

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):512
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3::
                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                  Malicious:false
                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Windows\Temp\~DF94672BF2CC789CA1.TMP

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):512
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3::
                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                  Malicious:false
                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Windows\Temp\~DFE56DB21FD109D40A.TMP

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                  Category:dropped
                                                  Size (bytes):32768
                                                  Entropy (8bit):1.236911821584706
                                                  Encrypted:false
                                                  SSDEEP:24:JEj2hU31iuxTihipjWs2xza2tzhALZdagUMClXtrC2U+uY0tgipV0tiAEV0yjCyV:O1iuhM+CFXJ1T5wZqSFAErCycDSZT2
                                                  MD5:B3D160DC9BCC7B4E7C49006B99872B2F
                                                  SHA1:9491704698C850E6B6B6849816542E69EB8D7B14
                                                  SHA-256:FC877CE34757C5E1374130EEF4F32D7BCA470FDBB8D018302CB11076E831AE51
                                                  SHA-512:FB678CE76FEB1EAFEF9B770F92389A9BE1625331B289E413C13BB3E74790E47B0D0F840B756B2BE4FADD6830289C840253EF0CFD108A5CD8357C05BA4204C9C5
                                                  Malicious:false
                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Windows\Temp\~DFF5CEB662862EABEF.TMP

                                                  Download File
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):73728
                                                  Entropy (8bit):0.1289461058305571
                                                  Encrypted:false
                                                  SSDEEP:24:wHGrTx0tgipV0tK0tgipV0tiAEV0yjCycVQwG5/+uo:w0TvSbSFAErCycKZ
                                                  MD5:AA850DF52FF7FAF8D52C1C945E705B51
                                                  SHA1:38994D7DFCFA1A95DCADF29F3DDD80086E68F564
                                                  SHA-256:2C9DCA803B91ACDCE12818CFD3DD1AAAA057F7BE725D1013EC3F594D25A77945
                                                  SHA-512:BE956B9E17A117695FFF8EF02ACF4DF90476C39779F9C3CF5E573070F8CBE4312E56D69910A2E4C8C818F2B1F087A40D0B2DACFDD5244425DAB88304132D10F3
                                                  Malicious:false
                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  Static File Info

                                                  General

                                                  File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 936, Revision Number: {1CF5B253-45C8-4A59-ABDD-E1EC47B34789}, Number of Words: 10, Subject: cloudchat, Author: cloudchat.inc, Name of Creating Application: cloudchat, Template: ;2052, Comments: Installer cloudchat , Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Mon Jul 8 03:46:57 2024, Last Saved Time/Date: Mon Jul 8 03:46:57 2024, Last Printed: Mon Jul 8 03:46:57 2024, Number of Pages: 450
                                                  Entropy (8bit):7.255363583796247
                                                  TrID:
                                                  • Windows SDK Setup Transform Script (63028/2) 47.91%
                                                  • Microsoft Windows Installer (60509/1) 46.00%
                                                  • Generic OLE2 / Multistream Compound File (8008/1) 6.09%
                                                  File name:oz9Blof9tN.msi
                                                  File size:2'541'568 bytes
                                                  MD5:54e6bcb33159c34e4e35fc27073786fb
                                                  SHA1:74b6384f931cfd1c37e86bf62699d657b38faad2
                                                  SHA256:65bd52c6c75354696a891efbf47be141837d095953366f5dec823a0257126840
                                                  SHA512:0bdb594be4fb8fc35ab1e3926a16605b49906fa2952bb5512286989b17780964c8380c4cdeb3a030473c4177a1f550cb2333bacd94a316f2052cea2f9bd61559
                                                  SSDEEP:49152:8lweWK9YwPhH9D+g5jvPm36W547vzV6fxhbFjDm5sL8KmypeKKR:rmD+2mqJgXbpS5jKml
                                                  TLSH:95C5CF21B2C7C126D56D0177EAA8FE1E193DEE77073046D7B7E4796A58B08C1A239B03
                                                  File Content Preview:........................>...................'...................................D.......a.......t...............................>...?...@...A...B...C...D...E...F...G...H...I..................................................................................

                                                  File Icon

                                                  Icon Hash:2d2e3797b32b2b99

                                                  Network Behavior

                                                  Suricata IDS Alerts

                                                  TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                                                  2024-07-27T11:19:56.672500+0200TCP2028765ET JA3 Hash - [Abuse.ch] Possible Dridex4970418896192.168.2.5156.255.2.100
                                                  2024-07-27T11:20:14.760009+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434971320.114.59.183192.168.2.5
                                                  2024-07-27T11:20:52.809081+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434973920.114.59.183192.168.2.5
                                                  2024-07-27T11:19:58.073924+0200TCP2841527ETPRO MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)1889649704156.255.2.100192.168.2.5

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Jul 27, 2024 11:19:55.745937109 CEST4970418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:19:55.751854897 CEST1889649704156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:19:55.751985073 CEST4970418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:19:55.799623966 CEST4970418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:19:55.804764986 CEST1889649704156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:19:56.672439098 CEST1889649704156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:19:56.672499895 CEST4970418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:19:56.954617977 CEST1889649704156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:19:56.954685926 CEST4970418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:19:58.067882061 CEST4970418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:19:58.073924065 CEST1889649704156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:19:58.397138119 CEST1889649704156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:19:58.397203922 CEST4970418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:19:58.670953035 CEST1889649704156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:19:58.671276093 CEST4970418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:19:58.672724009 CEST4970418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:19:58.677669048 CEST1889649704156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:19:59.009521961 CEST1889649704156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:19:59.009622097 CEST4970418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:19:59.010968924 CEST1889649704156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:19:59.011308908 CEST1889649704156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:19:59.011324883 CEST1889649704156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:19:59.011373997 CEST4970418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:19:59.012478113 CEST1889649704156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:19:59.012499094 CEST1889649704156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:19:59.012506008 CEST4970418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:19:59.012515068 CEST1889649704156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:19:59.012553930 CEST4970418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:19:59.012614012 CEST4970418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:19:59.012851000 CEST4970418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:19:59.012980938 CEST4970418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:19:59.017626047 CEST1889649704156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:19:59.017823935 CEST4970418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:19:59.127867937 CEST4970618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:19:59.133093119 CEST1889649706156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:19:59.133186102 CEST4970618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:19:59.133676052 CEST4970618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:19:59.138837099 CEST1889649706156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:19:59.138850927 CEST1889649706156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:00.070586920 CEST1889649706156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:00.070656061 CEST4970618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:00.348647118 CEST1889649706156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:00.348754883 CEST4970618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:00.349047899 CEST4970618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:00.349992037 CEST4970618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:00.353799105 CEST1889649706156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:00.354834080 CEST1889649706156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:00.918739080 CEST1889649706156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:00.918806076 CEST4970618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:00.919156075 CEST1889649706156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:00.919200897 CEST4970618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:00.919495106 CEST1889649706156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:00.919509888 CEST1889649706156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:00.919532061 CEST4970618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:00.919559956 CEST4970618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:00.920300007 CEST1889649706156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:00.920315027 CEST1889649706156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:00.920339108 CEST4970618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:00.920365095 CEST4970618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:00.921554089 CEST1889649706156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:00.921570063 CEST1889649706156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:00.921598911 CEST4970618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:00.921631098 CEST4970618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:00.925245047 CEST4970618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:00.930135965 CEST1889649706156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:00.956306934 CEST4970718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:00.961517096 CEST1889649707156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:00.961597919 CEST4970718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:00.961822987 CEST4970718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:00.966651917 CEST1889649707156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:00.966739893 CEST1889649707156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:01.901803017 CEST1889649707156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:01.902085066 CEST4970718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:02.179244041 CEST1889649707156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:02.179521084 CEST4970718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:02.179744959 CEST4970718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:02.180720091 CEST4970718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:02.184633970 CEST1889649707156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:02.186106920 CEST1889649707156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:02.859483004 CEST1889649707156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:02.859539986 CEST1889649707156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:02.859798908 CEST1889649707156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:02.859803915 CEST4970718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:02.859832048 CEST1889649707156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:02.859949112 CEST4970718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:02.861087084 CEST1889649707156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:02.861123085 CEST1889649707156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:02.861157894 CEST1889649707156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:02.861161947 CEST4970718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:02.861188889 CEST1889649707156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:02.861202955 CEST4970718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:02.861223936 CEST1889649707156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:02.861248970 CEST4970718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:02.861318111 CEST4970718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:02.861749887 CEST4970718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:02.861778021 CEST4970718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:02.862092972 CEST1889649707156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:02.862200975 CEST4970718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:02.866590023 CEST1889649707156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:02.866677999 CEST4970718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:02.893425941 CEST4970818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:02.898391962 CEST1889649708156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:02.898483038 CEST4970818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:02.898767948 CEST4970818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:02.903599977 CEST1889649708156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:02.903744936 CEST1889649708156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:03.796231985 CEST1889649708156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:03.796540976 CEST4970818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:04.062324047 CEST1889649708156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:04.062747002 CEST4970818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:04.062951088 CEST4970818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:04.064671993 CEST4970818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:04.068331003 CEST1889649708156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:04.069842100 CEST1889649708156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:04.594631910 CEST1889649708156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:04.594863892 CEST1889649708156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:04.595213890 CEST4970818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:04.595385075 CEST1889649708156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:04.595448971 CEST1889649708156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:04.595577955 CEST4970818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:04.595577955 CEST4970818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:04.596143007 CEST1889649708156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:04.596303940 CEST4970818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:04.596513987 CEST1889649708156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:04.596556902 CEST1889649708156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:04.596584082 CEST4970818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:04.596613884 CEST4970818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:04.596640110 CEST1889649708156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:04.596700907 CEST4970818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:04.596863031 CEST4970818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:04.596889973 CEST4970818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:04.601912022 CEST1889649708156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:04.601999998 CEST4970818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:04.627640963 CEST4970918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:04.632992029 CEST1889649709156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:04.633095026 CEST4970918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:04.633320093 CEST4970918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:04.638314009 CEST1889649709156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:04.638377905 CEST1889649709156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:05.526762009 CEST1889649709156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:05.526885033 CEST4970918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:05.815969944 CEST1889649709156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:05.816051006 CEST4970918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:05.816587925 CEST4970918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:05.817811966 CEST4970918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:05.821352005 CEST1889649709156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:05.822653055 CEST1889649709156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:06.359828949 CEST1889649709156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:06.360040903 CEST4970918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:06.360321045 CEST1889649709156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:06.360398054 CEST1889649709156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:06.360555887 CEST4970918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:06.360555887 CEST4970918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:06.360821962 CEST1889649709156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:06.361073017 CEST4970918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:06.361346006 CEST1889649709156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:06.361396074 CEST1889649709156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:06.361445904 CEST1889649709156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:06.361483097 CEST4970918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:06.361483097 CEST4970918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:06.361511946 CEST4970918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:06.361803055 CEST4970918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:06.361830950 CEST4970918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:06.366846085 CEST1889649709156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:06.367011070 CEST4970918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:06.424734116 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:06.431215048 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:06.431361914 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:06.431549072 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:06.437114954 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:06.438941956 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:08.073820114 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:08.074007034 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:08.074429035 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:08.074510098 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:08.074552059 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:08.074606895 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:08.074775934 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:08.075628996 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:08.075670958 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:08.075690985 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:08.082720041 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:08.082779884 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:08.083040953 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:08.083295107 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:09.330259085 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:09.330307961 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:09.330430984 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:09.330431938 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:09.331543922 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:09.331593037 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:09.331603050 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:09.331638098 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:09.331640005 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:09.331687927 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:09.332777023 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:09.332828045 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:09.332828999 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:09.332869053 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:09.332878113 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:09.332910061 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:09.332926989 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:09.332952023 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:09.332952976 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:09.332997084 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:09.333203077 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:09.333228111 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:09.393585920 CEST4971118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:09.619117022 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:09.619204998 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:09.620387077 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:09.620434046 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:09.620435953 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:09.620476961 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:09.620502949 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:09.620551109 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:09.620611906 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:09.620661974 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:09.620701075 CEST1889649711156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:09.620774031 CEST4971118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:09.621028900 CEST4971118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:09.621756077 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:09.621798992 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:09.621804953 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:09.621848106 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:09.622936010 CEST1889649710156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:09.622978926 CEST4971018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:09.627662897 CEST1889649711156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:09.627758980 CEST1889649711156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:10.524683952 CEST1889649711156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:10.524966955 CEST4971118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:10.784655094 CEST1889649711156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:10.784723043 CEST4971118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:10.785104036 CEST4971118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:10.786072969 CEST4971118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:10.789966106 CEST1889649711156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:10.790992975 CEST1889649711156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:11.314711094 CEST1889649711156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:11.314795017 CEST4971118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:11.315701962 CEST1889649711156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:11.315887928 CEST4971118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:11.316015959 CEST1889649711156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:11.316057920 CEST1889649711156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:11.316080093 CEST4971118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:11.316119909 CEST4971118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:11.317759991 CEST1889649711156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:11.317806959 CEST1889649711156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:11.317826986 CEST4971118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:11.317862034 CEST4971118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:11.317949057 CEST1889649711156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:11.318005085 CEST4971118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:11.318038940 CEST4971118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:11.318038940 CEST4971118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:11.323246956 CEST1889649711156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:11.323312998 CEST4971118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:11.393215895 CEST4971218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:11.399621964 CEST1889649712156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:11.399746895 CEST4971218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:11.399974108 CEST4971218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:11.406002045 CEST1889649712156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:11.407504082 CEST1889649712156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:12.311611891 CEST1889649712156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:12.311841965 CEST4971218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:12.592124939 CEST1889649712156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:12.592221975 CEST4971218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:12.592621088 CEST4971218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:12.593677998 CEST4971218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:12.597507000 CEST1889649712156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:12.598584890 CEST1889649712156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:13.158133030 CEST1889649712156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:13.158221006 CEST1889649712156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:13.158256054 CEST1889649712156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:13.158298016 CEST4971218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:13.158334970 CEST4971218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:13.160382032 CEST1889649712156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:13.160433054 CEST1889649712156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:13.160506964 CEST1889649712156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:13.160552025 CEST4971218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:13.160552025 CEST4971218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:13.160562038 CEST4971218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:13.160598040 CEST1889649712156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:13.160656929 CEST4971218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:13.160774946 CEST4971218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:13.160797119 CEST4971218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:13.166049004 CEST1889649712156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:13.166140079 CEST4971218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:13.252965927 CEST4971418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:13.258069038 CEST1889649714156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:13.258171082 CEST4971418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:13.258529902 CEST4971418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:13.263521910 CEST1889649714156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:13.263592005 CEST1889649714156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:14.161986113 CEST1889649714156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:14.162100077 CEST4971418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:14.422641993 CEST1889649714156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:14.422938108 CEST4971418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:14.423535109 CEST4971418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:14.428937912 CEST1889649714156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:14.542124987 CEST4971418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:14.547101974 CEST1889649714156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:14.957720041 CEST1889649714156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:14.957830906 CEST4971418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:14.958139896 CEST1889649714156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:14.958204031 CEST4971418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:14.958606005 CEST1889649714156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:14.958657980 CEST1889649714156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:14.958715916 CEST4971418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:14.959836006 CEST1889649714156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:14.959896088 CEST4971418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:14.960601091 CEST1889649714156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:14.960648060 CEST1889649714156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:14.960658073 CEST4971418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:14.960701942 CEST4971418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:14.961136103 CEST4971418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:14.961195946 CEST4971418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:14.966388941 CEST1889649714156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:14.966461897 CEST4971418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:15.050163984 CEST4971818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:15.055100918 CEST1889649718156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:15.055180073 CEST4971818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:15.055919886 CEST4971818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:15.060797930 CEST1889649718156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:15.060889006 CEST1889649718156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:16.150345087 CEST1889649718156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:16.150610924 CEST4971818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:16.402360916 CEST1889649718156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:16.402445078 CEST4971818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:16.403891087 CEST4971818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:16.408750057 CEST1889649718156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:16.429083109 CEST4971818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:16.434026957 CEST1889649718156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:16.930140972 CEST1889649718156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:16.930321932 CEST4971818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:16.930610895 CEST1889649718156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:16.930674076 CEST4971818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:16.930960894 CEST1889649718156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:16.931014061 CEST1889649718156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:16.931016922 CEST4971818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:16.931066990 CEST4971818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:16.932245970 CEST1889649718156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:16.932301044 CEST4971818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:16.932686090 CEST1889649718156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:16.932729959 CEST1889649718156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:16.932739973 CEST4971818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:16.932779074 CEST4971818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:16.933083057 CEST4971818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:16.933120966 CEST4971818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:16.933382034 CEST1889649718156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:16.933444023 CEST4971818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:16.937961102 CEST1889649718156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:16.938030958 CEST4971818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:17.033885002 CEST4972018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:17.039448023 CEST1889649720156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:17.039647102 CEST4972018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:17.039936066 CEST4972018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:17.044948101 CEST1889649720156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:17.045017958 CEST1889649720156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:17.911317110 CEST1889649720156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:17.911483049 CEST4972018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:18.166546106 CEST1889649720156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:18.166635990 CEST4972018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:18.166853905 CEST4972018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:18.167926073 CEST4972018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:18.172342062 CEST1889649720156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:18.172842979 CEST1889649720156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:18.692737103 CEST1889649720156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:18.692827940 CEST1889649720156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:18.692848921 CEST4972018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:18.692929029 CEST4972018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:18.693401098 CEST1889649720156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:18.693435907 CEST1889649720156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:18.693464041 CEST4972018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:18.693495035 CEST4972018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:18.694860935 CEST1889649720156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:18.694896936 CEST1889649720156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:18.694924116 CEST4972018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:18.694926977 CEST1889649720156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:18.694946051 CEST4972018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:18.694961071 CEST1889649720156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:18.694988012 CEST4972018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:18.695038080 CEST4972018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:18.695200920 CEST4972018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:18.695234060 CEST4972018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:18.695811033 CEST1889649720156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:18.695874929 CEST4972018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:18.700120926 CEST1889649720156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:18.700184107 CEST4972018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:18.753367901 CEST4972118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:18.758533001 CEST1889649721156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:18.758615017 CEST4972118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:18.758799076 CEST4972118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:18.763750076 CEST1889649721156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:18.763781071 CEST1889649721156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:19.650911093 CEST1889649721156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:19.651211023 CEST4972118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:19.923851967 CEST1889649721156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:19.923975945 CEST4972118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:19.928268909 CEST4972118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:19.930351019 CEST4972118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:19.933104038 CEST1889649721156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:19.936920881 CEST1889649721156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:20.465581894 CEST1889649721156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:20.465892076 CEST4972118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:20.466021061 CEST1889649721156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:20.466057062 CEST1889649721156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:20.466073036 CEST1889649721156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:20.466187954 CEST4972118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:20.466187954 CEST4972118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:20.466187954 CEST4972118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:20.467051983 CEST1889649721156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:20.467075109 CEST1889649721156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:20.467217922 CEST4972118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:20.467217922 CEST4972118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:20.467350960 CEST4972118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:20.467372894 CEST4972118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:20.468028069 CEST1889649721156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:20.468086958 CEST4972118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:20.472230911 CEST1889649721156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:20.472367048 CEST4972118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:20.549572945 CEST4972218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:20.554718971 CEST1889649722156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:20.554802895 CEST4972218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:20.555083990 CEST4972218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:20.560069084 CEST1889649722156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:20.560086012 CEST1889649722156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:21.493072987 CEST1889649722156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:21.493354082 CEST4972218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:21.770781040 CEST1889649722156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:21.770845890 CEST4972218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:21.771558046 CEST4972218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:21.773658991 CEST4972218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:21.776526928 CEST1889649722156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:21.778801918 CEST1889649722156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:22.341645956 CEST1889649722156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:22.341716051 CEST4972218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:22.342009068 CEST1889649722156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:22.342070103 CEST4972218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:22.342389107 CEST1889649722156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:22.342406034 CEST1889649722156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:22.342443943 CEST4972218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:22.342480898 CEST4972218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:22.343775034 CEST1889649722156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:22.343791962 CEST1889649722156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:22.343806982 CEST1889649722156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:22.343820095 CEST1889649722156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:22.343858004 CEST4972218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:22.343894005 CEST4972218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:22.344312906 CEST4972218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:22.344353914 CEST4972218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:22.349205971 CEST1889649722156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:22.349270105 CEST4972218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:22.364542007 CEST4972318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:22.369658947 CEST1889649723156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:22.369754076 CEST4972318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:22.381087065 CEST4972318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:22.386817932 CEST1889649723156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:22.386846066 CEST1889649723156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:23.246558905 CEST1889649723156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:23.246670008 CEST4972318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:23.772337914 CEST1889649723156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:23.772603989 CEST4972318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:23.772711992 CEST1889649723156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:23.772787094 CEST4972318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:23.772871971 CEST4972318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:23.774013042 CEST4972318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:23.782203913 CEST1889649723156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:23.782480955 CEST1889649723156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:24.302495956 CEST1889649723156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:24.302845001 CEST4972318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:24.303091049 CEST1889649723156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:24.303282022 CEST4972318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:24.303292990 CEST1889649723156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:24.303324938 CEST1889649723156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:24.303358078 CEST4972318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:24.303380013 CEST4972318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:24.304107904 CEST1889649723156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:24.304160118 CEST1889649723156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:24.304348946 CEST4972318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:24.304348946 CEST4972318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:24.305284023 CEST1889649723156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:24.305320978 CEST1889649723156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:24.305354118 CEST1889649723156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:24.305469036 CEST4972318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:24.305469036 CEST4972318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:24.305469036 CEST4972318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:24.305771112 CEST4972318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:24.305807114 CEST4972318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:24.311338902 CEST1889649723156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:24.311680079 CEST4972318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:24.393712044 CEST4972418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:24.399655104 CEST1889649724156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:24.399888992 CEST4972418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:24.400319099 CEST4972418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:24.406353951 CEST1889649724156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:24.406397104 CEST1889649724156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:25.314084053 CEST1889649724156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:25.314418077 CEST4972418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:25.593715906 CEST1889649724156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:25.594119072 CEST4972418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:25.594455004 CEST4972418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:25.596087933 CEST4972418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:25.599570990 CEST1889649724156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:25.601627111 CEST1889649724156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:26.160897017 CEST1889649724156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:26.160988092 CEST4972418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:26.161300898 CEST1889649724156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:26.161365032 CEST4972418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:26.161638021 CEST1889649724156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:26.161674976 CEST1889649724156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:26.161700964 CEST4972418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:26.161729097 CEST4972418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:26.162947893 CEST1889649724156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:26.163011074 CEST4972418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:26.163378954 CEST1889649724156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:26.163409948 CEST1889649724156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:26.163441896 CEST4972418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:26.163441896 CEST1889649724156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:26.163466930 CEST4972418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:26.163501978 CEST4972418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:26.163804054 CEST4972418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:26.163837910 CEST4972418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:26.168637991 CEST1889649724156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:26.168704987 CEST4972418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:26.268629074 CEST4972518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:26.275250912 CEST1889649725156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:26.275374889 CEST4972518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:26.275870085 CEST4972518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:26.282461882 CEST1889649725156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:26.284277916 CEST1889649725156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:27.185837030 CEST1889649725156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:27.186052084 CEST4972518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:27.457658052 CEST1889649725156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:27.458081007 CEST4972518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:27.458537102 CEST4972518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:27.460031033 CEST4972518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:27.464387894 CEST1889649725156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:27.465037107 CEST1889649725156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:28.005290031 CEST1889649725156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:28.005386114 CEST1889649725156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:28.005662918 CEST4972518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:28.005662918 CEST4972518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:28.005992889 CEST1889649725156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:28.006037951 CEST1889649725156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:28.006359100 CEST4972518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:28.006359100 CEST4972518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:28.006722927 CEST1889649725156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:28.006768942 CEST1889649725156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:28.006910086 CEST4972518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:28.006910086 CEST4972518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:28.007986069 CEST1889649725156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:28.008023977 CEST1889649725156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:28.008069038 CEST4972518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:28.008109093 CEST4972518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:28.008356094 CEST4972518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:28.008384943 CEST4972518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:28.013467073 CEST1889649725156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:28.013667107 CEST4972518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:28.080974102 CEST4972618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:28.087130070 CEST1889649726156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:28.087480068 CEST4972618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:28.087830067 CEST4972618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:28.093943119 CEST1889649726156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:28.093986034 CEST1889649726156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:29.150593042 CEST1889649726156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:29.150732040 CEST4972618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:29.283417940 CEST1889649726156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:29.283821106 CEST4972618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:29.284228086 CEST4972618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:29.285363913 CEST4972618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:29.289546967 CEST1889649726156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:29.290370941 CEST1889649726156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:29.853863955 CEST1889649726156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:29.854176044 CEST1889649726156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:29.854573011 CEST1889649726156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:29.854609013 CEST1889649726156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:29.855885983 CEST1889649726156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:29.855920076 CEST1889649726156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:29.855951071 CEST1889649726156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:29.856946945 CEST1889649726156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:29.859461069 CEST4972618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:29.859961033 CEST4972618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:29.865739107 CEST1889649726156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:29.924734116 CEST4972718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:29.930175066 CEST1889649727156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:29.930280924 CEST4972718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:29.932977915 CEST4972718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:29.938390970 CEST1889649727156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:29.938420057 CEST1889649727156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:30.818116903 CEST1889649727156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:30.818198919 CEST4972718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:31.104315996 CEST1889649727156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:31.104513884 CEST4972718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:31.104816914 CEST4972718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:31.105824947 CEST4972718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:31.110548973 CEST1889649727156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:31.111766100 CEST1889649727156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:31.630812883 CEST1889649727156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:31.631019115 CEST4972718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:31.631264925 CEST1889649727156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:31.631424904 CEST4972718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:31.631436110 CEST1889649727156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:31.631475925 CEST1889649727156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:31.631490946 CEST4972718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:31.631529093 CEST4972718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:31.632711887 CEST1889649727156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:31.632822990 CEST4972718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:31.633089066 CEST1889649727156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:31.633121014 CEST1889649727156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:31.633145094 CEST4972718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:31.633152008 CEST1889649727156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:31.633167982 CEST4972718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:31.633203983 CEST4972718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:31.633405924 CEST4972718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:31.633429050 CEST4972718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:31.638314962 CEST1889649727156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:31.638396978 CEST4972718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:31.737226009 CEST4972818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:31.743171930 CEST1889649728156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:31.743297100 CEST4972818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:31.743659973 CEST4972818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:31.749160051 CEST1889649728156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:31.749459028 CEST1889649728156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:32.632124901 CEST1889649728156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:32.632352114 CEST4972818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:32.889764071 CEST1889649728156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:32.889919996 CEST4972818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:32.890326977 CEST4972818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:32.891781092 CEST4972818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:32.895253897 CEST1889649728156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:32.896656990 CEST1889649728156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:33.419368982 CEST1889649728156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:33.419598103 CEST4972818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:33.419689894 CEST1889649728156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:33.419727087 CEST1889649728156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:33.419990063 CEST4972818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:33.420862913 CEST1889649728156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:33.420897961 CEST1889649728156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:33.420933008 CEST1889649728156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:33.420969963 CEST4972818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:33.421005964 CEST4972818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:33.421307087 CEST4972818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:33.421343088 CEST4972818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:33.426706076 CEST1889649728156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:33.426800966 CEST4972818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:33.471812010 CEST4972918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:33.477402925 CEST1889649729156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:33.477528095 CEST4972918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:33.477844000 CEST4972918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:33.483248949 CEST1889649729156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:33.483263016 CEST1889649729156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:34.355345964 CEST1889649729156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:34.355602026 CEST4972918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:34.622210979 CEST1889649729156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:34.622500896 CEST4972918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:34.622778893 CEST4972918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:34.623790026 CEST4972918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:34.627672911 CEST1889649729156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:34.628643036 CEST1889649729156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:35.184350967 CEST1889649729156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:35.184377909 CEST1889649729156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:35.184681892 CEST4972918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:35.185045004 CEST1889649729156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:35.185060024 CEST1889649729156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:35.185143948 CEST4972918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:35.186625004 CEST1889649729156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:35.186641932 CEST1889649729156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:35.186655998 CEST1889649729156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:35.186670065 CEST1889649729156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:35.186685085 CEST1889649729156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:35.186696053 CEST4972918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:35.186768055 CEST4972918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:35.187032938 CEST4972918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:35.187067986 CEST4972918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:35.187417984 CEST1889649729156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:35.187491894 CEST4972918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:35.191987038 CEST1889649729156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:35.192049026 CEST4972918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:35.236831903 CEST4973018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:35.241909981 CEST1889649730156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:35.242029905 CEST4973018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:35.242172003 CEST4973018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:35.249664068 CEST1889649730156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:35.249892950 CEST1889649730156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:36.166048050 CEST1889649730156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:36.166256905 CEST4973018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:36.441869974 CEST1889649730156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:36.442020893 CEST4973018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:36.481596947 CEST4973018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:36.485505104 CEST4973018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:36.488171101 CEST1889649730156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:36.492666006 CEST1889649730156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:37.065757036 CEST1889649730156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:37.065779924 CEST1889649730156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:37.065792084 CEST1889649730156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:37.065800905 CEST1889649730156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:37.065813065 CEST1889649730156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:37.065840006 CEST4973018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:37.065912962 CEST4973018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:37.065912962 CEST4973018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:37.066060066 CEST1889649730156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:37.066071987 CEST1889649730156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:37.066108942 CEST4973018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:37.066143036 CEST4973018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:37.066425085 CEST4973018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:37.066453934 CEST4973018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:37.074341059 CEST1889649730156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:37.074502945 CEST4973018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:37.159723043 CEST4973118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:37.167987108 CEST1889649731156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:37.168159962 CEST4973118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:37.170002937 CEST4973118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:37.177453995 CEST1889649731156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:37.178723097 CEST1889649731156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:38.050919056 CEST1889649731156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:38.051114082 CEST4973118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:38.310223103 CEST1889649731156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:38.310421944 CEST4973118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:38.310815096 CEST4973118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:38.311815977 CEST4973118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:38.315603971 CEST1889649731156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:38.316734076 CEST1889649731156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:38.848069906 CEST1889649731156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:38.848427057 CEST1889649731156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:38.848726988 CEST1889649731156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:38.848737955 CEST1889649731156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:38.849422932 CEST1889649731156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:38.850090027 CEST1889649731156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:38.850102901 CEST1889649731156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:38.850111008 CEST1889649731156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:38.850115061 CEST1889649731156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:38.853492022 CEST4973118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:38.853492022 CEST4973118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:38.860850096 CEST4973118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:38.866027117 CEST1889649731156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:38.964587927 CEST4973218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:38.970386028 CEST1889649732156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:38.970457077 CEST4973218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:38.974538088 CEST4973218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:38.979528904 CEST1889649732156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:38.979540110 CEST1889649732156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:40.027811050 CEST1889649732156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:40.028076887 CEST4973218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:40.309861898 CEST1889649732156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:40.309957027 CEST4973218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:40.310302973 CEST4973218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:40.311459064 CEST4973218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:40.315943003 CEST1889649732156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:40.316265106 CEST1889649732156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:40.877995014 CEST1889649732156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:40.878212929 CEST4973218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:40.878415108 CEST1889649732156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:40.878441095 CEST1889649732156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:40.878451109 CEST1889649732156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:40.878592968 CEST4973218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:40.879507065 CEST1889649732156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:40.879519939 CEST1889649732156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:40.879667044 CEST4973218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:40.880660057 CEST1889649732156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:40.880669117 CEST1889649732156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:40.880727053 CEST4973218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:40.880916119 CEST4973218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:40.880948067 CEST4973218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:40.885838032 CEST1889649732156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:40.885955095 CEST4973218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:40.924478054 CEST4973318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:40.929776907 CEST1889649733156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:40.929883003 CEST4973318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:40.930103064 CEST4973318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:40.936239004 CEST1889649733156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:40.936252117 CEST1889649733156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:41.823045969 CEST1889649733156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:41.823178053 CEST4973318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:42.058464050 CEST1889649733156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:42.058526993 CEST4973318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:42.058830976 CEST4973318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:42.059693098 CEST4973318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:42.063679934 CEST1889649733156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:42.065813065 CEST1889649733156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:42.582310915 CEST1889649733156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:42.582385063 CEST4973318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:42.582815886 CEST1889649733156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:42.582870960 CEST4973318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:42.583229065 CEST1889649733156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:42.583240032 CEST1889649733156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:42.583283901 CEST4973318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:42.584515095 CEST1889649733156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:42.584525108 CEST1889649733156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:42.584534883 CEST1889649733156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:42.584579945 CEST4973318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:42.584579945 CEST4973318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:42.584860086 CEST4973318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:42.584892988 CEST4973318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:42.585585117 CEST1889649733156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:42.585647106 CEST4973318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:42.589704037 CEST1889649733156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:42.589761019 CEST4973318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:42.690156937 CEST4973418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:42.695400000 CEST1889649734156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:42.695502043 CEST4973418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:42.695717096 CEST4973418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:42.700614929 CEST1889649734156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:42.700634003 CEST1889649734156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:43.642859936 CEST1889649734156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:43.643270016 CEST4973418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:43.929872036 CEST1889649734156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:43.933257103 CEST4973418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:43.933638096 CEST4973418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:43.935224056 CEST4973418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:44.178421974 CEST1889649734156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:44.178504944 CEST4973418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:44.179692030 CEST1889649734156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:44.179702044 CEST1889649734156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:44.515404940 CEST1889649734156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:44.515479088 CEST4973418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:44.515964985 CEST1889649734156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:44.516011000 CEST4973418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:44.516347885 CEST1889649734156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:44.516360998 CEST1889649734156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:44.516410112 CEST4973418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:44.517704010 CEST1889649734156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:44.517714977 CEST1889649734156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:44.517723083 CEST1889649734156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:44.517762899 CEST4973418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:44.517779112 CEST4973418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:44.518202066 CEST4973418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:44.518223047 CEST4973418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:44.518740892 CEST1889649734156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:44.518802881 CEST4973418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:44.523022890 CEST1889649734156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:44.523068905 CEST4973418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:44.580703974 CEST4973518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:44.585640907 CEST1889649735156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:44.585851908 CEST4973518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:44.586108923 CEST4973518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:44.591825008 CEST1889649735156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:44.592374086 CEST1889649735156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:45.495471001 CEST1889649735156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:45.495738983 CEST4973518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:45.797986031 CEST1889649735156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:45.801409006 CEST4973518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:45.823967934 CEST4973518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:45.829018116 CEST1889649735156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:45.830209017 CEST4973518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:45.835274935 CEST1889649735156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:46.388808966 CEST1889649735156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:46.389030933 CEST1889649735156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:46.389221907 CEST4973518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:46.389461040 CEST1889649735156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:46.389477015 CEST1889649735156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:46.389651060 CEST4973518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:46.390764952 CEST1889649735156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:46.390827894 CEST4973518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:46.391132116 CEST1889649735156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:46.391143084 CEST1889649735156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:46.391149998 CEST1889649735156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:46.391211987 CEST4973518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:46.391419888 CEST4973518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:46.391448975 CEST4973518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:46.397902966 CEST1889649735156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:46.401287079 CEST4973518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:46.473330975 CEST4973618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:46.480606079 CEST1889649736156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:46.481200933 CEST4973618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:46.481667995 CEST4973618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:46.486643076 CEST1889649736156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:46.486680031 CEST1889649736156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:47.401983023 CEST1889649736156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:47.402188063 CEST4973618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:47.673466921 CEST1889649736156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:47.673831940 CEST4973618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:47.674997091 CEST4973618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:47.675898075 CEST4973618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:47.679956913 CEST1889649736156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:47.680835962 CEST1889649736156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:48.246426105 CEST1889649736156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:48.246515036 CEST4973618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:48.246686935 CEST1889649736156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:48.246706009 CEST1889649736156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:48.246746063 CEST4973618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:48.246746063 CEST4973618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:48.247941017 CEST1889649736156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:48.247984886 CEST4973618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:48.248572111 CEST1889649736156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:48.248589993 CEST1889649736156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:48.248615026 CEST4973618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:48.248631954 CEST4973618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:48.260229111 CEST4973618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:48.260242939 CEST4973618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:48.265022993 CEST1889649736156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:48.265078068 CEST4973618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:48.336349964 CEST4973718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:48.341588020 CEST1889649737156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:48.341686964 CEST4973718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:48.344809055 CEST4973718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:48.350084066 CEST1889649737156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:48.350703001 CEST1889649737156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:49.292557955 CEST1889649737156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:49.292673111 CEST4973718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:49.580419064 CEST1889649737156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:49.580763102 CEST4973718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:49.580924988 CEST4973718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:49.581938028 CEST4973718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:49.585762978 CEST1889649737156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:49.586958885 CEST1889649737156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:50.147541046 CEST1889649737156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:50.147644997 CEST1889649737156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:50.147763968 CEST4973718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:50.148092985 CEST1889649737156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:50.148108959 CEST1889649737156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:50.148165941 CEST4973718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:50.148201942 CEST4973718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:50.148897886 CEST1889649737156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:50.148914099 CEST1889649737156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:50.148963928 CEST4973718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:50.148994923 CEST4973718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:50.149836063 CEST1889649737156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:50.149848938 CEST1889649737156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:50.149863005 CEST1889649737156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:50.149899006 CEST4973718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:50.149935961 CEST4973718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:50.150161982 CEST4973718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:50.150190115 CEST4973718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:50.155174017 CEST1889649737156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:50.155411959 CEST4973718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:50.190279961 CEST4973818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:50.197864056 CEST1889649738156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:50.198024035 CEST4973818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:50.198519945 CEST4973818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:50.205859900 CEST1889649738156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:50.205879927 CEST1889649738156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:51.098082066 CEST1889649738156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:51.098160982 CEST4973818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:51.357779026 CEST1889649738156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:51.358037949 CEST4973818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:51.358549118 CEST4973818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:51.359983921 CEST4973818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:51.363442898 CEST1889649738156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:51.364938021 CEST1889649738156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:51.887939930 CEST1889649738156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:51.887959957 CEST1889649738156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:51.887974977 CEST1889649738156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:51.887989044 CEST1889649738156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:51.888149977 CEST4973818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:51.888149977 CEST4973818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:51.888865948 CEST1889649738156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:51.888928890 CEST4973818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:51.889003992 CEST1889649738156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:51.889060020 CEST4973818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:51.890209913 CEST1889649738156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:51.890223980 CEST1889649738156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:51.890269995 CEST4973818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:51.890307903 CEST4973818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:51.890537977 CEST4973818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:51.890568972 CEST4973818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:51.895363092 CEST1889649738156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:51.895437956 CEST4973818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:51.924802065 CEST4974018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:51.929795027 CEST1889649740156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:51.929874897 CEST4974018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:51.930331945 CEST4974018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:51.935405016 CEST1889649740156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:51.935417891 CEST1889649740156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:52.849070072 CEST1889649740156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:52.852456093 CEST4974018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:53.143538952 CEST1889649740156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:53.143605947 CEST4974018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:53.143976927 CEST4974018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:53.146416903 CEST4974018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:53.149161100 CEST1889649740156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:53.151338100 CEST1889649740156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:53.714546919 CEST1889649740156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:53.714770079 CEST4974018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:53.714966059 CEST1889649740156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:53.714982986 CEST1889649740156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:53.715133905 CEST4974018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:53.715133905 CEST4974018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:53.716418982 CEST1889649740156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:53.716437101 CEST1889649740156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:53.716449976 CEST1889649740156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:53.716461897 CEST1889649740156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:53.716583967 CEST4974018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:53.716583967 CEST4974018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:53.716583967 CEST4974018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:53.716583967 CEST4974018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:53.716722012 CEST4974018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:53.716753006 CEST4974018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:53.721605062 CEST1889649740156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:53.721668959 CEST4974018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:53.753629923 CEST4974118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:53.760160923 CEST1889649741156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:53.760382891 CEST4974118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:53.760763884 CEST4974118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:53.766423941 CEST1889649741156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:53.766438961 CEST1889649741156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:54.927002907 CEST1889649741156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:54.927357912 CEST4974118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:55.206084967 CEST1889649741156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:55.208369970 CEST4974118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:55.208547115 CEST4974118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:55.209585905 CEST4974118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:55.214237928 CEST1889649741156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:55.215337038 CEST1889649741156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:55.861954927 CEST1889649741156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:55.861972094 CEST1889649741156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:55.862359047 CEST4974118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:55.862909079 CEST1889649741156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:55.862925053 CEST1889649741156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:55.863322020 CEST4974118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:55.864479065 CEST1889649741156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:55.864504099 CEST1889649741156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:55.864516973 CEST1889649741156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:55.864530087 CEST1889649741156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:55.864542007 CEST1889649741156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:55.864783049 CEST4974118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:55.864994049 CEST4974118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:55.865027905 CEST4974118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:55.870052099 CEST1889649741156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:55.870254993 CEST4974118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:55.941312075 CEST4974218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:55.946407080 CEST1889649742156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:55.946717978 CEST4974218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:55.946809053 CEST4974218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:55.951847076 CEST1889649742156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:55.951860905 CEST1889649742156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:56.878804922 CEST1889649742156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:56.878897905 CEST4974218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:57.157161951 CEST1889649742156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:57.157408953 CEST4974218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:57.157591105 CEST4974218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:57.158612967 CEST4974218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:57.178955078 CEST1889649742156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:57.178970098 CEST1889649742156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:57.513221979 CEST1889649742156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:57.513421059 CEST4974218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:57.513676882 CEST1889649742156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:57.513741970 CEST4974218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:57.514116049 CEST1889649742156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:57.514130116 CEST1889649742156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:57.514178991 CEST4974218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:57.515542984 CEST1889649742156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:57.515558958 CEST1889649742156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:57.515600920 CEST4974218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:57.515633106 CEST4974218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:57.515896082 CEST4974218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:57.515928984 CEST4974218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:57.516767025 CEST1889649742156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:57.516830921 CEST4974218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:57.524167061 CEST1889649742156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:57.524221897 CEST4974218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:57.565829039 CEST4974318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:57.570816040 CEST1889649743156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:57.570928097 CEST4974318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:57.571250916 CEST4974318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:57.576407909 CEST1889649743156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:57.576518059 CEST1889649743156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:58.671281099 CEST1889649743156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:58.671365976 CEST4974318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:58.937144995 CEST1889649743156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:58.937248945 CEST4974318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:58.937566996 CEST4974318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:58.938688993 CEST4974318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:58.942365885 CEST1889649743156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:58.943701029 CEST1889649743156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:59.464178085 CEST1889649743156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:59.464396000 CEST4974318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:59.465095997 CEST1889649743156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:59.465285063 CEST4974318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:59.465421915 CEST1889649743156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:59.465434074 CEST1889649743156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:59.465491056 CEST4974318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:59.466659069 CEST1889649743156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:59.466672897 CEST1889649743156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:59.466726065 CEST4974318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:59.466900110 CEST4974318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:59.466938019 CEST4974318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:59.467854023 CEST1889649743156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:59.467924118 CEST4974318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:59.471682072 CEST1889649743156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:59.471757889 CEST4974318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:59.534504890 CEST4974418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:59.539470911 CEST1889649744156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:59.539561987 CEST4974418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:59.539813995 CEST4974418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:20:59.544645071 CEST1889649744156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:20:59.544751883 CEST1889649744156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:00.622211933 CEST1889649744156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:00.622529030 CEST4974418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:00.686533928 CEST1889649744156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:00.686903000 CEST4974418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:00.687455893 CEST4974418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:00.688364983 CEST4974418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:00.692444086 CEST1889649744156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:00.693377972 CEST1889649744156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:01.212045908 CEST1889649744156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:01.212378025 CEST4974418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:01.212534904 CEST1889649744156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:01.212833881 CEST4974418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:01.212863922 CEST1889649744156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:01.212878942 CEST1889649744156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:01.212933064 CEST4974418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:01.213490009 CEST1889649744156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:01.213501930 CEST1889649744156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:01.213666916 CEST4974418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:01.215038061 CEST1889649744156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:01.215049028 CEST1889649744156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:01.215213060 CEST4974418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:01.215326071 CEST4974418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:01.215363979 CEST4974418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:01.220163107 CEST1889649744156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:01.220227957 CEST4974418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:01.316099882 CEST4974518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:01.321278095 CEST1889649745156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:01.321388006 CEST4974518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:01.321727037 CEST4974518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:01.327153921 CEST1889649745156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:01.327167988 CEST1889649745156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:02.269066095 CEST1889649745156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:02.269138098 CEST4974518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:02.554085016 CEST1889649745156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:02.554147005 CEST4974518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:02.554487944 CEST4974518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:02.555624008 CEST4974518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:02.559402943 CEST1889649745156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:02.560499907 CEST1889649745156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:03.129076958 CEST1889649745156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:03.129283905 CEST4974518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:03.129458904 CEST1889649745156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:03.129518032 CEST4974518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:03.129864931 CEST1889649745156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:03.129879951 CEST1889649745156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:03.129916906 CEST4974518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:03.129935980 CEST4974518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:03.131334066 CEST1889649745156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:03.131386995 CEST4974518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:03.131701946 CEST1889649745156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:03.131711960 CEST1889649745156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:03.131762028 CEST4974518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:03.131975889 CEST4974518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:03.131999969 CEST4974518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:03.132488966 CEST1889649745156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:03.132569075 CEST4974518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:03.141758919 CEST1889649745156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:03.141830921 CEST4974518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:03.237799883 CEST4974618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:03.242809057 CEST1889649746156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:03.242887974 CEST4974618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:03.243134975 CEST4974618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:03.248024940 CEST1889649746156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:03.248042107 CEST1889649746156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:04.166174889 CEST1889649746156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:04.166332006 CEST4974618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:04.440212011 CEST1889649746156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:04.440597057 CEST4974618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:04.441046953 CEST4974618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:04.442452908 CEST4974618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:04.447568893 CEST1889649746156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:04.447608948 CEST1889649746156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:04.780144930 CEST1889649746156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:04.780225039 CEST4974618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:04.780565023 CEST1889649746156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:04.780630112 CEST4974618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:04.781016111 CEST1889649746156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:04.781064034 CEST1889649746156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:04.781076908 CEST4974618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:04.781114101 CEST4974618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:04.782288074 CEST1889649746156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:04.782335997 CEST1889649746156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:04.782344103 CEST4974618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:04.782728910 CEST4974618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:04.783251047 CEST1889649746156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:04.783286095 CEST1889649746156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:04.783312082 CEST4974618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:04.783354044 CEST4974618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:04.783598900 CEST4974618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:04.783633947 CEST4974618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:04.788642883 CEST1889649746156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:04.788712025 CEST4974618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:04.800453901 CEST4974718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:04.805882931 CEST1889649747156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:04.806102991 CEST4974718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:04.806456089 CEST4974718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:04.811785936 CEST1889649747156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:04.811825991 CEST1889649747156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:05.684238911 CEST1889649747156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:05.684566975 CEST4974718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:05.948662996 CEST1889649747156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:05.948884964 CEST4974718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:05.949412107 CEST4974718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:05.950588942 CEST4974718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:05.954588890 CEST1889649747156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:05.955678940 CEST1889649747156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:06.471733093 CEST1889649747156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:06.471952915 CEST4974718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:06.472317934 CEST1889649747156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:06.472364902 CEST1889649747156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:06.472400904 CEST1889649747156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:06.472554922 CEST4974718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:06.472556114 CEST4974718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:06.472556114 CEST4974718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:06.473570108 CEST1889649747156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:06.473618031 CEST1889649747156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:06.473762989 CEST4974718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:06.473762989 CEST4974718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:06.474808931 CEST1889649747156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:06.474853039 CEST1889649747156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:06.474885941 CEST4974718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:06.474921942 CEST4974718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:06.475147963 CEST4974718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:06.475177050 CEST4974718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:06.480269909 CEST1889649747156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:06.480468988 CEST4974718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:06.503714085 CEST4974818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:06.510086060 CEST1889649748156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:06.510289907 CEST4974818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:06.510587931 CEST4974818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:06.515805960 CEST1889649748156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:06.515841961 CEST1889649748156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:07.447436094 CEST1889649748156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:07.447643042 CEST4974818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:07.722050905 CEST1889649748156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:07.722249031 CEST4974818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:07.722569942 CEST4974818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:07.724262953 CEST4974818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:07.727432013 CEST1889649748156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:07.729198933 CEST1889649748156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:08.339911938 CEST1889649748156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:08.340001106 CEST4974818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:08.341378927 CEST1889649748156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:08.341542959 CEST4974818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:08.342473030 CEST1889649748156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:08.342509985 CEST1889649748156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:08.342530012 CEST4974818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:08.342560053 CEST4974818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:08.343261957 CEST1889649748156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:08.343297005 CEST1889649748156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:08.343314886 CEST4974818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:08.343348980 CEST4974818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:08.343523979 CEST4974818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:08.343543053 CEST4974818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:08.344388962 CEST1889649748156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:08.344455004 CEST4974818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:08.349750996 CEST1889649748156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:08.349822044 CEST4974818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:08.378547907 CEST4974918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:08.384936094 CEST1889649749156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:08.385202885 CEST4974918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:08.385346889 CEST4974918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:08.391463995 CEST1889649749156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:08.391544104 CEST1889649749156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:09.310940981 CEST1889649749156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:09.311271906 CEST4974918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:09.564258099 CEST1889649749156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:09.564589024 CEST4974918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:09.564991951 CEST4974918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:09.566848040 CEST4974918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:09.569992065 CEST1889649749156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:09.571805954 CEST1889649749156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:10.097270012 CEST1889649749156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:10.097345114 CEST4974918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:10.097675085 CEST1889649749156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:10.097723007 CEST4974918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:10.098069906 CEST1889649749156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:10.098086119 CEST1889649749156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:10.098117113 CEST4974918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:10.098131895 CEST4974918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:10.099550009 CEST1889649749156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:10.099566936 CEST1889649749156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:10.099581957 CEST1889649749156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:10.099596024 CEST4974918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:10.099615097 CEST4974918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:10.099627018 CEST4974918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:10.099847078 CEST4974918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:10.099880934 CEST4974918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:10.100752115 CEST1889649749156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:10.100812912 CEST4974918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:10.104605913 CEST1889649749156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:10.104712009 CEST4974918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:10.159526110 CEST4975018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:10.164433956 CEST1889649750156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:10.164530039 CEST4975018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:10.164793015 CEST4975018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:10.169631004 CEST1889649750156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:10.169750929 CEST1889649750156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:11.044404030 CEST1889649750156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:11.044644117 CEST4975018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:11.310070992 CEST1889649750156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:11.310286999 CEST4975018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:11.310815096 CEST4975018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:11.311955929 CEST4975018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:11.315764904 CEST1889649750156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:11.317004919 CEST1889649750156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:11.836330891 CEST1889649750156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:11.836770058 CEST4975018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:11.836932898 CEST1889649750156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:11.837166071 CEST4975018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:11.837548971 CEST1889649750156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:11.837599993 CEST1889649750156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:11.837750912 CEST4975018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:11.837750912 CEST4975018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:11.838522911 CEST1889649750156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:11.838561058 CEST1889649750156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:11.838603973 CEST4975018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:11.838638067 CEST4975018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:11.838891983 CEST4975018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:11.838926077 CEST4975018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:11.839550018 CEST1889649750156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:11.839620113 CEST4975018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:11.844158888 CEST1889649750156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:11.844223976 CEST4975018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:11.925793886 CEST4975118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:11.931390047 CEST1889649751156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:11.931636095 CEST4975118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:11.932041883 CEST4975118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:11.937262058 CEST1889649751156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:11.937299013 CEST1889649751156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:12.865348101 CEST1889649751156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:12.865674973 CEST4975118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:13.145781994 CEST1889649751156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:13.146063089 CEST4975118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:13.146497011 CEST4975118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:13.147876024 CEST4975118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:13.151752949 CEST1889649751156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:13.152997017 CEST1889649751156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:13.716873884 CEST1889649751156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:13.717037916 CEST4975118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:13.717214108 CEST1889649751156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:13.717286110 CEST4975118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:13.717437983 CEST1889649751156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:13.717469931 CEST1889649751156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:13.717500925 CEST4975118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:13.717540026 CEST4975118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:13.718847990 CEST1889649751156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:13.718914032 CEST4975118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:13.719304085 CEST1889649751156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:13.719336033 CEST1889649751156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:13.719367981 CEST1889649751156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:13.719372034 CEST4975118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:13.719403982 CEST4975118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:13.719424963 CEST4975118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:13.719669104 CEST4975118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:13.719698906 CEST4975118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:13.724869013 CEST1889649751156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:13.724963903 CEST4975118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:13.800595999 CEST4975218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:13.805691004 CEST1889649752156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:13.805982113 CEST4975218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:13.806348085 CEST4975218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:13.811395884 CEST1889649752156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:13.811429024 CEST1889649752156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:14.941011906 CEST1889649752156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:14.941118002 CEST4975218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:15.018577099 CEST1889649752156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:15.018673897 CEST4975218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:15.019459009 CEST4975218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:15.020946026 CEST4975218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:15.024561882 CEST1889649752156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:15.026140928 CEST1889649752156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:15.586447954 CEST1889649752156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:15.586793900 CEST4975218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:15.586996078 CEST1889649752156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:15.587037086 CEST1889649752156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:15.587089062 CEST4975218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:15.587110996 CEST4975218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:15.587454081 CEST1889649752156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:15.587544918 CEST4975218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:15.587765932 CEST1889649752156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:15.587784052 CEST1889649752156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:15.587837934 CEST4975218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:15.589190960 CEST1889649752156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:15.589207888 CEST1889649752156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:15.589260101 CEST4975218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:15.589298010 CEST4975218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:15.589505911 CEST4975218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:15.589534998 CEST4975218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:15.594335079 CEST1889649752156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:15.594427109 CEST4975218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:15.628988028 CEST4975318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:15.636193991 CEST1889649753156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:15.636523008 CEST4975318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:15.636987925 CEST4975318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:15.647917032 CEST1889649753156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:15.647932053 CEST1889649753156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:16.579628944 CEST1889649753156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:16.579998016 CEST4975318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:16.864208937 CEST1889649753156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:16.864568949 CEST4975318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:16.864985943 CEST4975318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:16.866247892 CEST4975318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:16.870177031 CEST1889649753156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:16.871618032 CEST1889649753156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:17.435643911 CEST1889649753156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:17.435971022 CEST4975318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:17.436111927 CEST1889649753156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:17.436161041 CEST1889649753156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:17.436197042 CEST1889649753156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:17.436306000 CEST4975318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:17.436306000 CEST4975318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:17.436306000 CEST4975318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:17.437289000 CEST1889649753156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:17.437330961 CEST1889649753156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:17.437470913 CEST4975318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:17.437470913 CEST4975318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:17.438575983 CEST1889649753156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:17.438592911 CEST1889649753156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:17.438606977 CEST1889649753156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:17.438644886 CEST4975318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:17.438683033 CEST4975318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:17.440738916 CEST4975318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:17.445946932 CEST1889649753156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:17.550749063 CEST4975418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:17.556528091 CEST1889649754156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:17.556906939 CEST4975418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:17.557404041 CEST4975418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:17.563884020 CEST1889649754156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:17.565046072 CEST1889649754156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:18.442790031 CEST1889649754156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:18.443065882 CEST4975418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:18.700031996 CEST1889649754156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:18.700459003 CEST4975418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:18.701019049 CEST4975418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:18.702465057 CEST4975418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:18.706224918 CEST1889649754156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:18.707762957 CEST1889649754156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:19.227781057 CEST1889649754156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:19.228152037 CEST4975418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:19.229371071 CEST1889649754156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:19.229577065 CEST1889649754156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:19.229615927 CEST1889649754156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:19.229679108 CEST4975418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:19.229800940 CEST4975418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:19.229800940 CEST4975418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:19.230835915 CEST1889649754156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:19.230873108 CEST1889649754156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:19.231066942 CEST4975418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:19.231066942 CEST4975418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:19.231256962 CEST4975418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:19.231295109 CEST4975418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:19.231954098 CEST1889649754156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:19.232027054 CEST4975418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:19.236053944 CEST1889649754156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:19.236124039 CEST4975418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:19.254223108 CEST4975518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:19.259579897 CEST1889649755156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:19.259689093 CEST4975518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:19.259970903 CEST4975518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:19.265182972 CEST1889649755156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:19.265221119 CEST1889649755156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:20.160645008 CEST1889649755156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:20.160763025 CEST4975518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:20.422604084 CEST1889649755156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:20.422692060 CEST4975518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:20.427295923 CEST4975518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:20.428806067 CEST4975518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:20.432146072 CEST1889649755156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:20.433599949 CEST1889649755156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:20.957945108 CEST1889649755156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:20.957998991 CEST1889649755156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:20.958034992 CEST4975518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:20.958076954 CEST4975518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:20.958792925 CEST1889649755156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:20.958808899 CEST1889649755156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:20.958857059 CEST4975518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:20.960278034 CEST1889649755156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:20.960294008 CEST1889649755156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:20.960305929 CEST1889649755156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:20.960321903 CEST4975518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:20.960325956 CEST1889649755156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:20.960345984 CEST4975518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:20.960371017 CEST4975518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:20.960648060 CEST4975518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:20.960676908 CEST4975518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:20.965518951 CEST1889649755156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:20.965632915 CEST4975518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:21.025027037 CEST4975618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:21.030065060 CEST1889649756156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:21.030143976 CEST4975618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:21.030915976 CEST4975618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:21.036096096 CEST1889649756156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:21.036199093 CEST1889649756156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:21.945029020 CEST1889649756156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:21.945300102 CEST4975618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:22.213424921 CEST1889649756156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:22.213624954 CEST4975618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:22.214027882 CEST4975618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:22.215822935 CEST4975618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:22.219072104 CEST1889649756156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:22.221365929 CEST1889649756156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:22.760562897 CEST1889649756156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:22.760857105 CEST4975618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:22.761106014 CEST1889649756156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:22.761317015 CEST4975618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:22.761332035 CEST1889649756156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:22.761346102 CEST1889649756156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:22.761399031 CEST4975618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:22.761423111 CEST4975618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:22.762207985 CEST1889649756156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:22.762222052 CEST1889649756156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:22.762264967 CEST4975618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:22.762296915 CEST4975618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:22.763629913 CEST1889649756156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:22.763658047 CEST1889649756156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:22.763694048 CEST4975618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:22.763719082 CEST4975618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:22.764069080 CEST4975618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:22.764252901 CEST4975618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:22.768863916 CEST1889649756156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:22.769047976 CEST4975618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:22.816483021 CEST4975718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:22.823920965 CEST1889649757156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:22.824011087 CEST4975718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:22.824369907 CEST4975718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:22.829459906 CEST1889649757156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:22.829901934 CEST1889649757156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:23.701347113 CEST1889649757156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:23.701678038 CEST4975718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:23.965663910 CEST1889649757156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:23.965790033 CEST4975718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:23.966161013 CEST4975718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:23.967195988 CEST4975718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:23.970953941 CEST1889649757156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:23.972081900 CEST1889649757156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:24.490895033 CEST1889649757156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:24.490933895 CEST1889649757156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:24.491130114 CEST4975718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:24.491130114 CEST4975718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:24.491381884 CEST1889649757156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:24.491550922 CEST4975718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:24.492027044 CEST1889649757156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:24.492046118 CEST1889649757156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:24.492187023 CEST4975718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:24.493345022 CEST1889649757156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:24.493360996 CEST1889649757156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:24.493508101 CEST4975718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:24.493508101 CEST4975718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:24.493649006 CEST4975718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:24.493674040 CEST4975718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:24.498672962 CEST1889649757156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:24.498748064 CEST4975718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:24.566152096 CEST4975818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:24.571199894 CEST1889649758156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:24.571276903 CEST4975818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:24.571541071 CEST4975818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:24.576658010 CEST1889649758156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:24.576670885 CEST1889649758156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:25.457546949 CEST1889649758156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:25.457870960 CEST4975818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:25.718919992 CEST1889649758156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:25.719305992 CEST4975818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:25.736175060 CEST4975818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:25.737987995 CEST4975818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:25.741462946 CEST1889649758156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:25.743417025 CEST1889649758156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:26.265933037 CEST1889649758156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:26.266184092 CEST4975818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:26.266486883 CEST1889649758156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:26.266695976 CEST4975818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:26.266923904 CEST1889649758156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:26.266947985 CEST1889649758156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:26.267086983 CEST4975818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:26.267087936 CEST4975818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:26.268127918 CEST1889649758156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:26.268587112 CEST1889649758156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:26.268600941 CEST1889649758156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:26.268615961 CEST1889649758156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:26.268661976 CEST4975818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:26.268701077 CEST4975818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:26.269068003 CEST4975818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:26.269103050 CEST4975818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:26.274401903 CEST1889649758156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:26.277209997 CEST4975818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:26.347445965 CEST4975918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:26.352662086 CEST1889649759156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:26.355986118 CEST4975918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:26.356353045 CEST4975918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:26.361603975 CEST1889649759156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:26.362205982 CEST1889649759156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:27.244216919 CEST1889649759156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:27.244577885 CEST4975918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:27.499504089 CEST1889649759156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:27.499737978 CEST4975918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:27.500291109 CEST4975918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:27.501600981 CEST4975918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:27.506213903 CEST1889649759156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:27.507281065 CEST1889649759156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:28.028044939 CEST1889649759156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:28.028259993 CEST1889649759156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:28.028456926 CEST4975918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:28.028655052 CEST1889649759156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:28.028671026 CEST1889649759156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:28.028701067 CEST4975918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:28.028755903 CEST4975918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:28.030062914 CEST1889649759156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:28.030155897 CEST4975918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:28.030504942 CEST1889649759156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:28.030518055 CEST1889649759156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:28.030531883 CEST1889649759156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:28.030606031 CEST4975918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:28.030663967 CEST4975918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:28.030867100 CEST4975918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:28.030898094 CEST4975918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:28.036596060 CEST1889649759156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:28.036695004 CEST4975918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:28.098995924 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:28.104312897 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:28.104836941 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:28.105439901 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:28.110543013 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:28.110559940 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:28.980540037 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:28.981136084 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:29.261202097 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:29.261363983 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:29.261890888 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:29.263345003 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:29.279464960 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:29.279483080 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:29.916333914 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:29.916383028 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:29.916522026 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:29.916522026 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:29.916939020 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:29.917112112 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:29.919415951 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:29.919430971 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:29.919585943 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:29.919744968 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:29.919759989 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:29.919775009 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:29.919796944 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:29.919804096 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:29.919816971 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:29.919851065 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:29.919871092 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:29.919917107 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:29.920144081 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:29.920173883 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:29.925941944 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:29.926033974 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:29.926285982 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:29.926304102 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:29.926455021 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:29.926455021 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:29.927575111 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:29.927589893 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:29.927642107 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:29.927642107 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:29.928013086 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:29.928025961 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:29.928076982 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:29.928137064 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:29.929032087 CEST1889649760156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:29.929090023 CEST4976018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:30.019115925 CEST4976118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:30.024338007 CEST1889649761156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:30.024756908 CEST4976118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:30.025047064 CEST4976118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:30.030215979 CEST1889649761156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:30.030235052 CEST1889649761156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:30.915915012 CEST1889649761156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:30.916282892 CEST4976118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:31.177687883 CEST1889649761156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:31.177901030 CEST4976118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:31.178241968 CEST4976118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:31.179929018 CEST4976118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:31.183372974 CEST1889649761156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:31.185555935 CEST1889649761156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:31.724966049 CEST1889649761156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:31.725053072 CEST4976118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:31.725919008 CEST1889649761156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:31.725986958 CEST4976118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:31.726350069 CEST1889649761156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:31.726387978 CEST1889649761156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:31.726414919 CEST4976118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:31.726438046 CEST4976118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:31.727869034 CEST1889649761156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:31.727904081 CEST1889649761156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:31.727931023 CEST4976118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:31.727958918 CEST4976118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:31.728379011 CEST4976118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:31.728411913 CEST4976118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:31.728904963 CEST1889649761156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:31.728976965 CEST4976118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:31.734149933 CEST1889649761156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:31.734215975 CEST4976118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:31.753578901 CEST4976218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:31.760801077 CEST1889649762156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:31.760894060 CEST4976218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:31.761284113 CEST4976218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:31.769303083 CEST1889649762156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:31.769332886 CEST1889649762156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:32.639466047 CEST1889649762156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:32.639851093 CEST4976218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:32.901840925 CEST1889649762156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:32.902159929 CEST4976218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:32.902508020 CEST4976218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:32.903481960 CEST4976218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:32.907608032 CEST1889649762156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:32.908574104 CEST1889649762156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:33.426058054 CEST1889649762156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:33.426304102 CEST4976218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:33.427330971 CEST1889649762156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:33.427351952 CEST1889649762156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:33.427640915 CEST4976218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:33.427640915 CEST4976218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:33.428611040 CEST1889649762156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:33.428798914 CEST4976218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:33.429028988 CEST1889649762156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:33.429043055 CEST1889649762156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:33.429056883 CEST1889649762156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:33.429188013 CEST4976218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:33.429188013 CEST4976218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:33.429400921 CEST4976218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:33.429431915 CEST4976218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:33.434556961 CEST1889649762156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:33.434636116 CEST4976218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:33.487916946 CEST4976318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:33.493690968 CEST1889649763156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:33.494100094 CEST4976318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:33.494543076 CEST4976318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:33.499690056 CEST1889649763156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:33.500003099 CEST1889649763156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:34.395708084 CEST1889649763156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:34.396004915 CEST4976318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:34.664244890 CEST1889649763156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:34.664446115 CEST4976318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:34.669987917 CEST4976318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:34.675410032 CEST1889649763156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:34.686570883 CEST4976318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:34.692421913 CEST1889649763156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:35.213296890 CEST1889649763156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:35.213390112 CEST1889649763156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:35.213579893 CEST4976318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:35.213579893 CEST4976318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:35.214016914 CEST1889649763156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:35.214061022 CEST1889649763156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:35.214204073 CEST4976318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:35.214204073 CEST4976318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:35.215450048 CEST1889649763156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:35.215495110 CEST1889649763156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:35.215528965 CEST1889649763156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:35.215562105 CEST1889649763156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:35.215631008 CEST4976318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:35.215631008 CEST4976318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:35.215631008 CEST4976318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:35.215915918 CEST4976318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:35.215915918 CEST4976318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:35.215972900 CEST4976318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:35.221329927 CEST1889649763156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:35.221538067 CEST4976318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:35.300436974 CEST4976418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:35.306377888 CEST1889649764156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:35.306479931 CEST4976418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:35.307003975 CEST4976418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:35.315095901 CEST1889649764156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:35.315118074 CEST1889649764156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:36.206490040 CEST1889649764156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:36.206873894 CEST4976418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:36.476211071 CEST1889649764156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:36.476272106 CEST4976418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:36.476716042 CEST4976418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:36.477740049 CEST4976418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:36.481528997 CEST1889649764156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:36.483374119 CEST1889649764156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:37.018764973 CEST1889649764156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:37.019148111 CEST1889649764156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:37.019293070 CEST4976418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:37.019386053 CEST4976418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:37.019577026 CEST1889649764156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:37.019875050 CEST4976418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:37.020090103 CEST1889649764156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:37.020107985 CEST1889649764156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:37.020389080 CEST4976418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:37.021272898 CEST1889649764156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:37.021286964 CEST1889649764156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:37.021301031 CEST1889649764156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:37.021351099 CEST4976418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:37.021385908 CEST4976418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:37.072591066 CEST4976418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:37.072618008 CEST4976418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:37.093828917 CEST1889649764156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:37.093988895 CEST4976418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:37.128454924 CEST4976518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:37.379246950 CEST1889649765156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:37.379336119 CEST4976518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:37.395112991 CEST4976518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:37.406501055 CEST1889649765156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:37.407043934 CEST1889649765156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:38.501029015 CEST1889649765156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:38.501127958 CEST4976518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:38.763720036 CEST1889649765156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:38.763833046 CEST4976518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:38.764111996 CEST4976518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:38.765202045 CEST4976518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:38.769004107 CEST1889649765156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:38.770235062 CEST1889649765156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:39.294795990 CEST1889649765156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:39.295022964 CEST4976518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:39.295279980 CEST1889649765156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:39.295474052 CEST4976518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:39.295695066 CEST1889649765156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:39.295717955 CEST1889649765156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:39.295862913 CEST4976518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:39.296539068 CEST1889649765156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:39.296552896 CEST1889649765156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:39.296600103 CEST4976518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:39.298176050 CEST1889649765156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:39.298194885 CEST1889649765156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:39.298211098 CEST1889649765156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:39.298223972 CEST4976518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:39.298259974 CEST4976518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:39.298491955 CEST4976518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:39.298518896 CEST4976518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:39.305066109 CEST1889649765156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:39.305146933 CEST4976518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:39.393847942 CEST4976618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:39.398875952 CEST1889649766156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:39.399055004 CEST4976618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:39.399306059 CEST4976618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:39.404150009 CEST1889649766156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:39.404741049 CEST1889649766156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:40.687946081 CEST1889649766156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:40.688360929 CEST4976618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:40.688631058 CEST1889649766156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:40.688648939 CEST1889649766156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:40.688811064 CEST4976618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:40.688811064 CEST4976618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:40.688913107 CEST4976618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:40.690206051 CEST4976618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:40.693854094 CEST1889649766156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:40.695178986 CEST1889649766156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:41.219938993 CEST1889649766156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:41.220257998 CEST4976618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:41.223880053 CEST1889649766156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:41.224064112 CEST4976618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:41.224276066 CEST1889649766156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:41.224298000 CEST1889649766156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:41.224350929 CEST4976618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:41.224385977 CEST4976618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:41.224807978 CEST1889649766156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:41.224823952 CEST1889649766156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:41.224841118 CEST1889649766156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:41.224872112 CEST4976618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:41.224908113 CEST4976618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:41.225843906 CEST1889649766156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:41.225857973 CEST1889649766156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:41.225873947 CEST1889649766156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:41.225908995 CEST4976618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:41.225945950 CEST4976618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:41.226258993 CEST4976618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:41.226320028 CEST4976618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:41.232026100 CEST1889649766156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:41.232356071 CEST4976618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:41.269622087 CEST4976718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:41.275365114 CEST1889649767156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:41.275718927 CEST4976718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:41.276192904 CEST4976718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:41.281678915 CEST1889649767156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:41.281698942 CEST1889649767156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:42.158302069 CEST1889649767156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:42.158579111 CEST4976718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:42.374325037 CEST1889649767156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:42.374428988 CEST4976718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:42.374803066 CEST4976718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:42.375885963 CEST4976718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:42.379718065 CEST1889649767156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:42.380991936 CEST1889649767156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:42.898749113 CEST1889649767156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:42.899118900 CEST4976718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:42.899203062 CEST1889649767156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:42.899471998 CEST4976718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:42.899558067 CEST1889649767156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:42.899575949 CEST1889649767156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:42.899631023 CEST4976718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:42.900974989 CEST1889649767156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:42.901015043 CEST4976718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:42.901043892 CEST4976718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:42.901412010 CEST1889649767156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:42.901426077 CEST1889649767156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:42.901442051 CEST1889649767156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:42.901573896 CEST4976718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:42.901829004 CEST4976718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:42.901869059 CEST4976718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:42.906722069 CEST1889649767156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:42.906800985 CEST4976718896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:42.972472906 CEST4976818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:42.977727890 CEST1889649768156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:42.978013992 CEST4976818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:42.978250980 CEST4976818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:42.986354113 CEST1889649768156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:42.986393929 CEST1889649768156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:44.278614044 CEST1889649768156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:44.278681040 CEST4976818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:44.280489922 CEST1889649768156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:44.280539989 CEST4976818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:44.283149958 CEST1889649768156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:44.283200979 CEST4976818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:44.289988041 CEST4976818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:44.295099020 CEST4976818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:44.296545982 CEST1889649768156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:44.300189972 CEST1889649768156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:44.873868942 CEST1889649768156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:44.873955965 CEST4976818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:44.874510050 CEST1889649768156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:44.874574900 CEST4976818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:44.874669075 CEST1889649768156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:44.874681950 CEST1889649768156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:44.874732018 CEST4976818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:44.876389980 CEST1889649768156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:44.876401901 CEST1889649768156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:44.876405954 CEST1889649768156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:44.876416922 CEST1889649768156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:44.876475096 CEST4976818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:44.877095938 CEST4976818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:44.877095938 CEST4976818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:44.882908106 CEST1889649768156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:44.882983923 CEST4976818896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:44.959084988 CEST4976918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:44.964854002 CEST1889649769156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:44.964940071 CEST4976918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:44.965322018 CEST4976918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:44.970784903 CEST1889649769156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:44.970925093 CEST1889649769156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:45.868056059 CEST1889649769156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:45.868154049 CEST4976918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:46.132127047 CEST1889649769156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:46.132200003 CEST4976918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:46.132857084 CEST4976918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:46.134773970 CEST4976918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:46.137867928 CEST1889649769156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:46.139656067 CEST1889649769156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:46.679363966 CEST1889649769156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:46.679430962 CEST1889649769156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:46.679502010 CEST4976918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:46.679585934 CEST4976918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:46.680042982 CEST1889649769156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:46.680058002 CEST1889649769156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:46.680104017 CEST4976918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:46.681490898 CEST1889649769156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:46.681557894 CEST4976918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:46.682185888 CEST1889649769156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:46.682194948 CEST1889649769156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:46.682246923 CEST4976918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:46.685261011 CEST4976918896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:46.690718889 CEST1889649769156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:46.753135920 CEST4977018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:46.758054018 CEST1889649770156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:46.758135080 CEST4977018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:46.758413076 CEST4977018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:46.763298988 CEST1889649770156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:46.763320923 CEST1889649770156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:48.664537907 CEST1889649770156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:48.664815903 CEST4977018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:48.666606903 CEST1889649770156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:48.666903019 CEST4977018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:48.667771101 CEST1889649770156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:48.667848110 CEST4977018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:48.668190002 CEST4977018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:48.668668985 CEST1889649770156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:48.669188976 CEST4977018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:48.669750929 CEST4977018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:48.671021938 CEST1889649770156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:48.671082973 CEST4977018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:48.917373896 CEST1889649770156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:48.917391062 CEST1889649770156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:48.917397976 CEST1889649770156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:48.917574883 CEST4977018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:49.385541916 CEST1889649770156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:49.385581970 CEST1889649770156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:49.385611057 CEST4977018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:49.385696888 CEST4977018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:49.386327982 CEST1889649770156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:49.386341095 CEST1889649770156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:49.386373043 CEST4977018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:49.386415005 CEST4977018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:49.387904882 CEST1889649770156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:49.387918949 CEST1889649770156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:49.387928963 CEST1889649770156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:49.387940884 CEST1889649770156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:49.387964010 CEST4977018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:49.388012886 CEST4977018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:49.388972044 CEST1889649770156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:49.389034986 CEST4977018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:49.391536951 CEST4977018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:49.391563892 CEST4977018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:49.396512032 CEST1889649770156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:49.396578074 CEST4977018896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:49.426354885 CEST4977118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:49.431324959 CEST1889649771156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:49.431411982 CEST4977118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:49.431747913 CEST4977118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:49.436674118 CEST1889649771156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:49.436688900 CEST1889649771156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:50.341121912 CEST1889649771156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:50.341339111 CEST4977118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:50.597239017 CEST1889649771156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:50.597445011 CEST4977118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:50.597882986 CEST4977118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:50.599318027 CEST4977118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:50.602847099 CEST1889649771156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:50.604332924 CEST1889649771156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:51.134763002 CEST1889649771156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:51.134854078 CEST4977118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:51.134923935 CEST1889649771156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:51.134972095 CEST4977118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:51.135507107 CEST1889649771156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:51.135516882 CEST1889649771156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:51.135550022 CEST4977118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:51.135565042 CEST4977118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:51.136914968 CEST1889649771156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:51.136960030 CEST4977118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:51.137335062 CEST1889649771156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:51.137346029 CEST1889649771156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:51.137355089 CEST1889649771156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:51.137382030 CEST4977118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:51.137408972 CEST4977118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:51.137677908 CEST4977118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:51.137712955 CEST4977118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:51.142426014 CEST1889649771156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:51.142503023 CEST4977118896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:51.159811020 CEST4977218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:51.164841890 CEST1889649772156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:51.165054083 CEST4977218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:51.166392088 CEST4977218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:51.171478987 CEST1889649772156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:51.171489954 CEST1889649772156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:52.033396959 CEST1889649772156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:52.033483028 CEST4977218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:52.293101072 CEST1889649772156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:52.293236017 CEST4977218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:52.293757915 CEST4977218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:52.295116901 CEST4977218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:52.301520109 CEST1889649772156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:52.301559925 CEST1889649772156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:52.610918999 CEST1889649772156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:52.610980988 CEST1889649772156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:52.611011028 CEST4977218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:52.611089945 CEST4977218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:52.611655951 CEST1889649772156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:52.611675024 CEST1889649772156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:52.611715078 CEST4977218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:52.611745119 CEST4977218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:52.613192081 CEST1889649772156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:52.613209009 CEST1889649772156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:52.613223076 CEST1889649772156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:52.613245010 CEST4977218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:52.613270998 CEST4977218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:52.613529921 CEST4977218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:52.613560915 CEST4977218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:52.614293098 CEST1889649772156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:52.614357948 CEST4977218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:52.619745016 CEST1889649772156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:52.619812965 CEST4977218896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:52.691087008 CEST4977318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:52.699541092 CEST1889649773156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:52.699630976 CEST4977318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:52.699978113 CEST4977318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:52.704835892 CEST1889649773156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:52.704946995 CEST1889649773156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:53.622370958 CEST1889649773156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:53.622550964 CEST4977318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:53.909735918 CEST1889649773156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:53.909794092 CEST4977318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:53.910130978 CEST4977318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:53.911005020 CEST4977318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:53.915174007 CEST1889649773156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:53.916156054 CEST1889649773156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:54.477556944 CEST1889649773156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:54.477632046 CEST4977318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:54.478380919 CEST1889649773156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:54.478439093 CEST4977318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:54.478585958 CEST1889649773156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:54.478601933 CEST1889649773156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:54.478632927 CEST4977318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:54.478653908 CEST4977318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:54.479969025 CEST1889649773156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:54.479984999 CEST1889649773156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:54.480015039 CEST4977318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:54.480036974 CEST4977318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:54.481332064 CEST1889649773156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:54.481379986 CEST4977318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:54.481719971 CEST4977318896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:54.486540079 CEST1889649773156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:54.518887997 CEST4977418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:54.525613070 CEST1889649774156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:54.525705099 CEST4977418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:54.526074886 CEST4977418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:54.530932903 CEST1889649774156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:54.531033039 CEST1889649774156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:55.455440044 CEST1889649774156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:55.455827951 CEST4977418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:55.739718914 CEST1889649774156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:55.739794016 CEST4977418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:55.740232944 CEST4977418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:55.741193056 CEST4977418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:55.745138884 CEST1889649774156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:55.746088982 CEST1889649774156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:56.584813118 CEST1889649774156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:56.584865093 CEST1889649774156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:56.585156918 CEST4977418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:56.585525036 CEST1889649774156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:56.585570097 CEST1889649774156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:56.585823059 CEST4977418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:56.587009907 CEST1889649774156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:56.587053061 CEST1889649774156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:56.587084055 CEST1889649774156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:56.587116003 CEST1889649774156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:56.587152958 CEST1889649774156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:56.587207079 CEST4977418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:56.587207079 CEST4977418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:56.587555885 CEST4977418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:56.587555885 CEST4977418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:56.587555885 CEST4977418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:56.588056087 CEST1889649774156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:56.588085890 CEST1889649774156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:56.588112116 CEST4977418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:56.588135958 CEST4977418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:56.592693090 CEST1889649774156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:56.593307972 CEST4977418896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:56.703237057 CEST4977518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:56.708801031 CEST1889649775156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:56.709348917 CEST4977518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:56.738889933 CEST4977518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:56.744580984 CEST1889649775156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:56.745172977 CEST1889649775156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:57.653285980 CEST1889649775156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:57.653682947 CEST4977518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:57.929474115 CEST1889649775156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:57.930039883 CEST4977518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:57.930773973 CEST4977518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:57.933862925 CEST4977518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:57.935753107 CEST1889649775156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:57.938982964 CEST1889649775156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:58.502448082 CEST1889649775156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:58.502635956 CEST4977518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:58.503314018 CEST1889649775156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:58.503560066 CEST1889649775156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:58.503556013 CEST4977518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:58.503597021 CEST1889649775156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:58.503858089 CEST4977518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:58.503859043 CEST4977518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:58.504868984 CEST1889649775156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:58.504904032 CEST1889649775156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:58.504931927 CEST4977518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:58.504940033 CEST1889649775156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:58.504951954 CEST4977518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:58.504996061 CEST4977518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:58.505178928 CEST4977518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:58.505211115 CEST4977518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:58.513027906 CEST1889649775156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:58.513202906 CEST4977518896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:58.566433907 CEST4977618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:58.572006941 CEST1889649776156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:58.572263002 CEST4977618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:58.572508097 CEST4977618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:58.578152895 CEST1889649776156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:58.578196049 CEST1889649776156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:59.528964043 CEST1889649776156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:59.529189110 CEST4977618896192.168.2.5156.255.2.100
                                                  Jul 27, 2024 11:21:59.816378117 CEST1889649776156.255.2.100192.168.2.5
                                                  Jul 27, 2024 11:21:59.816463947 CEST4977618896192.168.2.5156.255.2.100

                                                  DNS Answers

                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                  Jul 27, 2024 11:20:13.969898939 CEST1.1.1.1192.168.2.50x4980No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                  Jul 27, 2024 11:20:13.969898939 CEST1.1.1.1192.168.2.50x4980No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

                                                  Statistics

                                                  CPU Usage

                                                  Click to jump to process

                                                  Memory Usage

                                                  Click to jump to process

                                                  Behavior

                                                  Click to jump to process

                                                  System Behavior

                                                  General

                                                  Target ID:0
                                                  Start time:05:19:53
                                                  Start date:27/07/2024
                                                  Path:C:\Windows\System32\msiexec.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\oz9Blof9tN.msi"
                                                  Imagebase:0x7ff75f380000
                                                  File size:69'632 bytes
                                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:1
                                                  Start time:05:19:53
                                                  Start date:27/07/2024
                                                  Path:C:\Windows\System32\msiexec.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\msiexec.exe /V
                                                  Imagebase:0x7ff75f380000
                                                  File size:69'632 bytes
                                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:false

                                                  General

                                                  Target ID:3
                                                  Start time:05:19:54
                                                  Start date:27/07/2024
                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 2FB75800E24C988F6C303CBA6166C7C4
                                                  Imagebase:0xbf0000
                                                  File size:59'904 bytes
                                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:4
                                                  Start time:05:19:54
                                                  Start date:27/07/2024
                                                  Path:C:\Windows\Installer\MSI460B.tmp
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Windows\Installer\MSI460B.tmp" /DontWait /HideWindow "C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exe"
                                                  Imagebase:0x500000
                                                  File size:415'744 bytes
                                                  MD5 hash:C846B15B4C1FFFD0FB6B438E71670953
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Antivirus matches:
                                                  • Detection: 0%, ReversingLabs
                                                  • Detection: 0%, Virustotal, Browse
                                                  Reputation:low
                                                  Has exited:true

                                                  General

                                                  Target ID:5
                                                  Start time:05:19:54
                                                  Start date:27/07/2024
                                                  Path:C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exe"
                                                  Imagebase:0xfd0000
                                                  File size:1'625'600 bytes
                                                  MD5 hash:92FFD5A24BF3942FFA7AC182E4E0C171
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:Go lang
                                                  Yara matches:
                                                  • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000005.00000002.3239674052.0000025F7D900000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_CobaltStrike_b54b94ac, Description: Rule for beacon sleep obfuscation routine, Source: 00000005.00000002.3239674052.0000025F7D900000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                                                  • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                                                  • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000005.00000002.3238249247.000000C000100000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000005.00000002.3238249247.000000C000100000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000005.00000002.3238249247.000000C000100000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000005.00000002.3238249247.000000C000100000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                  • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000005.00000002.3239202728.0000025F7CBD1000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000005.00000003.2002510111.0000025F7CB50000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000005.00000003.2002510111.0000025F7CB50000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000005.00000003.2002510111.0000025F7CB50000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000005.00000003.2002510111.0000025F7CB50000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
                                                  Antivirus matches:
                                                  • Detection: 47%, ReversingLabs
                                                  • Detection: 60%, Virustotal, Browse
                                                  Reputation:low
                                                  Has exited:false

                                                  General

                                                  Target ID:6
                                                  Start time:05:19:54
                                                  Start date:27/07/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff6d64d0000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:false

                                                  Disassembly

                                                  Reset < >

                                                    Execution Graph

                                                    Execution Coverage:1.3%
                                                    Dynamic/Decrypted Code Coverage:0%
                                                    Signature Coverage:26.7%
                                                    Total number of Nodes:333
                                                    Total number of Limit Nodes:5
                                                    execution_graph 34818 529a42 34819 529a4e __FrameHandler3::FrameUnwindToState 34818->34819 34844 529592 34819->34844 34821 529a55 34822 529ba8 34821->34822 34833 529a7f ___scrt_is_nonwritable_in_current_image __FrameHandler3::FrameUnwindToState ___scrt_release_startup_lock 34821->34833 34891 529fb1 4 API calls 2 library calls 34822->34891 34824 529baf 34892 539d82 23 API calls __FrameHandler3::FrameUnwindToState 34824->34892 34826 529bb5 34893 539d46 23 API calls __FrameHandler3::FrameUnwindToState 34826->34893 34828 529bbd 34829 529a9e 34830 529b1f 34855 52a0c6 34830->34855 34832 529b25 34859 512050 GetCommandLineW 34832->34859 34833->34829 34833->34830 34890 539d5c 41 API calls 3 library calls 34833->34890 34845 52959b 34844->34845 34894 529bfc IsProcessorFeaturePresent 34845->34894 34847 5295a7 34895 52ca69 10 API calls 2 library calls 34847->34895 34849 5295ac 34854 5295b0 34849->34854 34896 53a805 34849->34896 34852 5295c7 34852->34821 34854->34821 34955 52ac60 34855->34955 34857 52a0d9 GetStartupInfoW 34858 52a0ec 34857->34858 34858->34832 34860 512090 34859->34860 34956 504f90 LocalAlloc 34860->34956 34862 5120a1 34957 508e30 34862->34957 34864 5120f9 34865 51210d 34864->34865 34866 5120fd 34864->34866 34965 5111b0 LocalAlloc LocalAlloc 34865->34965 35012 508a20 81 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 34866->35012 34869 512106 34871 512256 ExitProcess 34869->34871 34870 512119 34966 5114d0 34870->34966 34877 51215b 34984 50af00 34877->34984 34879 5121b2 34880 502b10 42 API calls 34879->34880 34882 5121e4 34879->34882 34880->34882 34884 512238 34882->34884 34990 5090b0 34882->34990 34883 51221f 34883->34884 34885 51222b 34883->34885 35014 504110 42 API calls 34884->35014 35013 511a30 CreateFileW SetFilePointer WriteFile CloseHandle 34885->35013 34888 512247 35015 512260 LocalFree LocalFree 34888->35015 34890->34830 34891->34824 34892->34826 34893->34828 34894->34847 34895->34849 34900 54199a 34896->34900 34899 52ca88 7 API calls 2 library calls 34899->34854 34901 5419aa 34900->34901 34902 5295b9 34900->34902 34901->34902 34904 53db80 34901->34904 34902->34852 34902->34899 34905 53db8c __FrameHandler3::FrameUnwindToState 34904->34905 34916 538af1 EnterCriticalSection 34905->34916 34907 53db93 34917 541f08 34907->34917 34910 53dbb1 34932 53dbd7 LeaveCriticalSection std::_Lockit::~_Lockit 34910->34932 34913 53dbac 34931 53dacf GetStdHandle GetFileType 34913->34931 34914 53dbc2 34914->34901 34916->34907 34918 541f14 __FrameHandler3::FrameUnwindToState 34917->34918 34919 541f1d 34918->34919 34920 541f3e 34918->34920 34941 52e2e0 14 API calls __dosmaperr 34919->34941 34933 538af1 EnterCriticalSection 34920->34933 34923 541f22 34942 52e1e2 41 API calls __cftoe 34923->34942 34925 53dba2 34925->34910 34930 53da19 44 API calls 34925->34930 34926 541f76 34943 541f9d LeaveCriticalSection std::_Lockit::~_Lockit 34926->34943 34928 541f4a 34928->34926 34934 541e58 34928->34934 34930->34913 34931->34910 34932->34914 34933->34928 34944 53dfb5 34934->34944 34936 541e6a 34940 541e77 34936->34940 34951 53e66a 6 API calls std::_Lockit::_Lockit 34936->34951 34939 541ecc 34939->34928 34952 53c288 14 API calls __dosmaperr 34940->34952 34941->34923 34942->34925 34943->34925 34948 53dfc2 __cftoe 34944->34948 34945 53e002 34954 52e2e0 14 API calls __dosmaperr 34945->34954 34946 53dfed RtlAllocateHeap 34947 53e000 34946->34947 34946->34948 34947->34936 34948->34945 34948->34946 34953 541a42 EnterCriticalSection LeaveCriticalSection __cftoe 34948->34953 34951->34936 34952->34939 34953->34948 34954->34947 34955->34857 34956->34862 34958 508e82 34957->34958 34959 508ec4 34958->34959 34962 508eb2 34958->34962 34960 5293fe __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 34959->34960 34961 508ed2 34960->34961 34961->34864 35016 5293fe 34962->35016 34964 508ec0 34964->34864 34965->34870 34967 5114e4 34966->34967 34968 511882 34966->34968 34967->34968 34969 5118e0 34967->34969 34973 502b10 34968->34973 35024 508670 9 API calls 34969->35024 34971 5118ea RegOpenKeyExW 34971->34968 34972 511905 RegQueryValueExW 34971->34972 34972->34968 34974 502b31 34973->34974 34974->34974 35025 503bb0 34974->35025 34976 502b49 34977 5093e0 34976->34977 35033 502b50 34977->35033 34979 509426 35051 509ba0 34979->35051 34985 50af0a 34984->34985 34986 50af0d 34984->34986 34985->34879 34987 50af1a ___vcrt_InitializeCriticalSectionEx 34986->34987 35099 532b4e 42 API calls 2 library calls 34986->35099 34987->34879 34989 50af2d 34989->34879 34991 5090e4 34990->34991 34992 5090f9 34990->34992 34991->34883 35100 506080 GetCurrentProcess OpenProcessToken 34992->35100 34994 50910c 34995 5091e6 34994->34995 34997 509126 34994->34997 34996 501fe0 62 API calls 34995->34996 34998 50920d 34996->34998 35105 501fe0 34997->35105 35000 501fe0 62 API calls 34998->35000 35002 509222 35000->35002 35001 50913a 35003 501fe0 62 API calls 35001->35003 35004 501fe0 62 API calls 35002->35004 35005 509157 35003->35005 35006 509233 35004->35006 35007 501fe0 62 API calls 35005->35007 35171 507840 35006->35171 35009 509165 35007->35009 35124 507020 35009->35124 35011 50917d 35011->34883 35012->34869 35013->34884 35014->34888 35015->34871 35017 529406 35016->35017 35018 529407 IsProcessorFeaturePresent 35016->35018 35017->34964 35020 5297aa 35018->35020 35023 52976d SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 35020->35023 35022 52988d 35022->34964 35023->35022 35024->34971 35026 503c85 35025->35026 35029 503bc4 __Strxfrm 35025->35029 35032 503720 42 API calls 35026->35032 35029->34976 35036 502b76 35033->35036 35034 502c37 35089 503720 42 API calls 35034->35089 35035 502b92 35035->34979 35036->35034 35036->35035 35038 502bb2 35036->35038 35041 502c32 35036->35041 35044 502bfc 35036->35044 35038->35041 35045 502be4 LocalAlloc 35038->35045 35039 502c3c 35090 52e1f2 41 API calls 2 library calls 35039->35090 35088 503b90 RaiseException Concurrency::cancel_current_task 35041->35088 35047 502c00 LocalAlloc 35044->35047 35050 502c0d __Strxfrm 35044->35050 35045->35039 35046 502bf1 35045->35046 35046->35050 35047->35050 35050->34979 35052 509bfa ___vcrt_InitializeCriticalSectionEx 35051->35052 35057 509d62 ___vcrt_InitializeCriticalSectionEx 35051->35057 35055 509c25 35052->35055 35052->35057 35053 509d49 35054 5293fe __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 35053->35054 35056 50943b 35054->35056 35058 509ea1 35055->35058 35059 509c42 35055->35059 35078 509ec0 35056->35078 35057->35053 35060 509eab 35057->35060 35061 509dbb 35057->35061 35094 504720 42 API calls 35058->35094 35062 503bb0 42 API calls 35059->35062 35096 504720 42 API calls 35060->35096 35066 503bb0 42 API calls 35061->35066 35067 509c66 35062->35067 35064 509ea6 35095 52e1f2 41 API calls 2 library calls 35064->35095 35070 509ddf 35066->35070 35091 50a1c0 45 API calls __Strxfrm 35067->35091 35093 503d60 42 API calls 35070->35093 35073 509c81 35092 503d60 42 API calls 35073->35092 35075 509cca 35075->35053 35075->35064 35076 509d3e 35075->35076 35076->35053 35077 509d42 LocalFree 35076->35077 35077->35053 35087 509f3c __Strxfrm 35078->35087 35079 509453 35079->34877 35080 50a165 35080->35079 35082 50a17f LocalFree 35080->35082 35081 50a1af 35097 52e1f2 41 API calls 2 library calls 35081->35097 35082->35079 35084 50a1b4 35098 504720 42 API calls 35084->35098 35087->35079 35087->35080 35087->35081 35087->35084 35091->35073 35092->35075 35093->35053 35099->34989 35101 5060a1 35100->35101 35102 5060a7 GetTokenInformation 35100->35102 35101->34994 35103 5060d6 35102->35103 35104 5060de CloseHandle 35102->35104 35103->35104 35104->34994 35221 5025b0 35105->35221 35108 502119 35240 5018f0 LocalFree RaiseException Concurrency::cancel_current_task 35108->35240 35111 50212d 35112 50201a 35115 5020cb 35112->35115 35236 501cd0 10 API calls 35112->35236 35114 502058 35114->35115 35116 502062 FindResourceW 35114->35116 35115->35001 35116->35115 35117 50207a 35116->35117 35237 501d90 LoadResource LockResource SizeofResource 35117->35237 35119 502084 35119->35115 35120 5020ab 35119->35120 35238 502840 41 API calls 35119->35238 35239 52e5c5 41 API calls 3 library calls 35120->35239 35123 5020bb 35123->35115 35241 5018f0 LocalFree RaiseException Concurrency::cancel_current_task 35123->35241 35125 506080 4 API calls 35124->35125 35126 50706a 35125->35126 35127 507070 35126->35127 35128 507092 CoInitialize CoCreateInstance 35126->35128 35129 507840 85 API calls 35127->35129 35130 5070d5 VariantInit 35128->35130 35136 5070cc 35128->35136 35131 50708a 35129->35131 35132 507123 35130->35132 35134 5293fe __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 35131->35134 35137 507132 IUnknown_QueryService 35132->35137 35143 507129 VariantClear 35132->35143 35133 5076c9 CoUninitialize 35133->35131 35135 5076e9 35134->35135 35135->35011 35136->35131 35136->35133 35139 507161 35137->35139 35137->35143 35140 5071ea IUnknown_QueryInterface_Proxy 35139->35140 35139->35143 35141 5071f9 35140->35141 35140->35143 35142 50724c IUnknown_QueryInterface_Proxy 35141->35142 35141->35143 35142->35143 35144 50725b CoAllowSetForegroundWindow 35142->35144 35143->35136 35145 5072d2 SysAllocString 35144->35145 35146 50726f SysAllocString 35144->35146 35145->35146 35148 5076f2 _com_issue_error 35145->35148 35149 5072a2 SysAllocString 35146->35149 35150 50729a 35146->35150 35253 5018f0 LocalFree RaiseException Concurrency::cancel_current_task 35148->35253 35152 5072c8 35149->35152 35153 5072eb VariantInit 35149->35153 35150->35148 35150->35149 35152->35148 35152->35153 35157 507371 35153->35157 35154 507706 35154->35011 35155 507377 VariantClear VariantClear VariantClear VariantClear SysFreeString 35155->35143 35157->35155 35163 5073c2 35157->35163 35158 503bb0 42 API calls 35158->35163 35162 507468 LocalFree 35162->35163 35163->35155 35163->35157 35163->35158 35163->35162 35164 5076ed 35163->35164 35166 5074bd OpenProcess WaitForSingleObject 35163->35166 35169 507557 LocalFree 35163->35169 35170 50750c CloseHandle 35163->35170 35248 5041b0 48 API calls 2 library calls 35163->35248 35249 5062e0 89 API calls 2 library calls 35163->35249 35250 503d60 42 API calls 35163->35250 35251 506ba0 10 API calls 35163->35251 35252 52e1f2 41 API calls 2 library calls 35164->35252 35166->35163 35168 5074f2 GetExitCodeProcess 35166->35168 35168->35163 35169->35163 35170->35163 35172 5078b4 35171->35172 35254 502130 42 API calls 4 library calls 35172->35254 35174 5078cc 35255 502130 42 API calls 4 library calls 35174->35255 35176 5078e3 35256 508000 54 API calls 2 library calls 35176->35256 35178 5078fb 35179 507ccb 35178->35179 35180 50792a 35178->35180 35257 502840 41 API calls 35178->35257 35265 5018f0 LocalFree RaiseException Concurrency::cancel_current_task 35179->35265 35258 532969 43 API calls 35180->35258 35183 507cd5 GetWindowThreadProcessId 35185 507d31 35183->35185 35186 507cfe GetWindowLongW 35183->35186 35185->35011 35186->35011 35187 507938 35187->35179 35188 507949 35187->35188 35259 502130 42 API calls 4 library calls 35188->35259 35190 507aa6 35192 507ab6 ShellExecuteExW 35190->35192 35191 507a9d GetForegroundWindow 35191->35190 35193 507ad0 35192->35193 35194 507ac7 35192->35194 35198 507b0b 35193->35198 35200 507ae6 ShellExecuteExW 35193->35200 35262 507e80 6 API calls 35194->35262 35195 50795e 35196 507a0f GetWindowsDirectoryW 35195->35196 35206 507a48 35195->35206 35260 501960 65 API calls 35196->35260 35205 507b37 GetModuleHandleW GetProcAddress 35198->35205 35208 507bee 35198->35208 35200->35198 35202 507b02 35200->35202 35201 507a30 35261 501960 65 API calls 35201->35261 35263 507e80 6 API calls 35202->35263 35210 507b5b AllowSetForegroundWindow 35205->35210 35206->35190 35206->35191 35207 507c18 35264 507f80 CloseHandle 35207->35264 35208->35207 35209 507c02 WaitForSingleObject GetExitCodeProcess 35208->35209 35209->35207 35210->35208 35213 507b6f 35210->35213 35213->35208 35215 507b78 GetModuleHandleW GetProcAddress 35213->35215 35214 507c27 35216 5293fe __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 35214->35216 35215->35208 35218 507b96 35215->35218 35217 507cc3 35216->35217 35217->35011 35218->35208 35219 507bac Sleep EnumWindows 35218->35219 35219->35218 35220 507bd8 SetWindowPos 35219->35220 35220->35208 35222 5025e8 35221->35222 35234 50263c 35221->35234 35242 5294b8 AcquireSRWLockExclusive ReleaseSRWLockExclusive SleepConditionVariableSRW 35222->35242 35224 5025f2 35226 5025fe GetProcessHeap 35224->35226 35224->35234 35243 529758 44 API calls 35226->35243 35228 502656 35235 502010 35228->35235 35246 529758 44 API calls 35228->35246 35229 50262b 35244 529467 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 35229->35244 35231 5026b6 35247 529467 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 35231->35247 35234->35235 35245 5294b8 AcquireSRWLockExclusive ReleaseSRWLockExclusive SleepConditionVariableSRW 35234->35245 35235->35108 35235->35112 35236->35114 35237->35119 35238->35120 35239->35123 35240->35123 35241->35111 35242->35224 35243->35229 35244->35234 35245->35228 35246->35231 35247->35235 35248->35163 35249->35163 35250->35163 35251->35163 35253->35154 35254->35174 35255->35176 35256->35178 35257->35180 35258->35187 35259->35195 35260->35201 35261->35206 35262->35193 35263->35198 35264->35214 35265->35183 35266 508200 35269 508260 GetTokenInformation 35266->35269 35270 508238 35269->35270 35271 5082de GetLastError 35269->35271 35271->35270 35272 5082e9 35271->35272 35273 50832e GetTokenInformation 35272->35273 35274 508309 35272->35274 35275 5082f9 codecvt 35272->35275 35273->35270 35278 5084f0 47 API calls 2 library calls 35274->35278 35275->35273 35277 508312 35277->35273 35278->35277

                                                    Executed Functions

                                                    Function 00507020 Relevance: 47.8, APIs: 25, Strings: 2, Instructions: 559comCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 0 507020-50706e call 506080 3 507070-50708d call 507840 0->3 4 507092-5070ca CoInitialize CoCreateInstance 0->4 13 5076d2-5076ec call 5293fe 3->13 6 5070d5-507127 VariantInit 4->6 7 5070cc-5070d0 4->7 20 507132-507156 IUnknown_QueryService 6->20 21 507129-50712d 6->21 9 5076a1-5076aa 7->9 11 5076bc-5076c7 9->11 12 5076ac-5076ba 9->12 14 5076c9 CoUninitialize 11->14 15 5076cf 11->15 12->11 14->15 15->13 23 507161-507185 20->23 24 507158-50715c 20->24 22 507675-50767e 21->22 25 507690-50769b VariantClear 22->25 26 507680-50768e 22->26 33 507190-5071bb 23->33 34 507187-50718b 23->34 27 50765a-507663 24->27 25->9 26->25 27->22 28 507665-507673 27->28 28->22 40 5071c6-5071ee IUnknown_QueryInterface_Proxy 33->40 41 5071bd-5071c1 33->41 35 50763f-507648 34->35 35->27 36 50764a-507658 35->36 36->27 45 5071f0-5071f4 40->45 46 5071f9-50721d 40->46 42 507624-50762d 41->42 42->35 44 50762f-50763d 42->44 44->35 47 507609-507612 45->47 53 507228-507250 IUnknown_QueryInterface_Proxy 46->53 54 50721f-507223 46->54 47->42 49 507614-507622 47->49 49->42 58 507252-507256 53->58 59 50725b-50726d CoAllowSetForegroundWindow 53->59 55 5075ee-5075f7 54->55 55->47 56 5075f9-507607 55->56 56->47 60 5075d3-5075dc 58->60 61 5072d2-5072e3 SysAllocString 59->61 62 50726f-507271 59->62 60->55 65 5075de-5075ec 60->65 66 5072e9 61->66 67 5076fc-507742 call 5018f0 61->67 64 507277-507298 SysAllocString 62->64 68 5072a2-5072c6 SysAllocString 64->68 69 50729a-50729c 64->69 65->55 66->64 78 507754-507763 67->78 79 507744-507752 67->79 72 5072c8-5072ca 68->72 73 5072eb-507375 VariantInit 68->73 69->68 71 5076f2-5076f7 call 5122e0 69->71 71->67 72->71 76 5072d0 72->76 83 507380-507384 73->83 84 507377-50737b 73->84 76->73 79->78 86 507580 83->86 87 50738a-50738f 83->87 85 507584-5075cd VariantClear * 4 SysFreeString 84->85 85->60 86->85 88 507392-5073b1 87->88 89 5073b7-5073c0 88->89 89->89 90 5073c2-50743e call 503bb0 call 5041b0 call 5062e0 call 503d60 89->90 99 507440-507451 90->99 100 50746f-50748b 90->100 103 507453-50745e 99->103 104 507464-507466 99->104 101 507492 100->101 102 50748d-507490 100->102 106 507499-50749b 101->106 102->106 103->104 107 5076ed call 52e1f2 103->107 104->100 105 507468-507469 LocalFree 104->105 105->100 108 507520-50752f 106->108 109 5074a1-5074ab 106->109 107->71 113 507531-507540 108->113 114 507573-50757a 108->114 111 5074bd-5074f0 OpenProcess WaitForSingleObject 109->111 112 5074ad-5074bb call 506ba0 109->112 118 5074f2-5074f4 GetExitCodeProcess 111->118 119 5074fa-50750a 111->119 112->111 115 507542-50754d 113->115 116 507553-507555 113->116 114->86 114->88 115->107 115->116 120 507557-507558 LocalFree 116->120 121 50755e-50756c 116->121 118->119 123 50750c-507513 CloseHandle 119->123 124 50751d 119->124 120->121 121->114 123->124 124->108
                                                    APIs
                                                      • Part of subcall function 00506080: GetCurrentProcess.KERNEL32(00000008,?,9052A7D0), ref: 00506090
                                                      • Part of subcall function 00506080: OpenProcessToken.ADVAPI32(00000000), ref: 00506097
                                                    • CoInitialize.OLE32(00000000), ref: 00507092
                                                    • CoCreateInstance.OLE32(0054ED30,00000000,00000004,00559370,00000000,?), ref: 005070C2
                                                    • CoUninitialize.OLE32 ref: 005076C9
                                                    • _com_issue_error.COMSUPP ref: 005076F7
                                                      • Part of subcall function 005018F0: LocalFree.KERNEL32(?,9052A7D0,?,00000000,00549FF0,000000FF,?,?,0055F358,?,?,005016B6,80004005), ref: 0050193C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Process$CreateCurrentFreeInitializeInstanceLocalOpenTokenUninitialize_com_issue_error
                                                    • String ID: $$PwU
                                                    • API String ID: 2507920217-3404735050
                                                    • Opcode ID: 753a4f3c1a0de0378bb1ee60a77c8febf0c1a786048f1bab1f9479df4d607362
                                                    • Instruction ID: 568af6fa26c2124664457f4ffbc153b1cc9089f67384352c9c7e3d9b7f23a89a
                                                    • Opcode Fuzzy Hash: 753a4f3c1a0de0378bb1ee60a77c8febf0c1a786048f1bab1f9479df4d607362
                                                    • Instruction Fuzzy Hash: CA32CE74E08258DFEB11CBA8C809B9DBFB8BF19308F148189E405AB2D1DB756E49DB51
                                                    Function 00506080 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 125 506080-50609f GetCurrentProcess OpenProcessToken 126 5060a1-5060a6 125->126 127 5060a7-5060d4 GetTokenInformation 125->127 128 5060d6-5060db 127->128 129 5060de-5060ee CloseHandle 127->129 128->129
                                                    APIs
                                                    • GetCurrentProcess.KERNEL32(00000008,?,9052A7D0), ref: 00506090
                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 00506097
                                                    • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?), ref: 005060CC
                                                    • CloseHandle.KERNEL32(?), ref: 005060E2
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                    • String ID:
                                                    • API String ID: 215268677-0
                                                    • Opcode ID: ff414101d02ed0be67c3e1dfd9870ba76abb47f83019c06c8981f1d7fa75197a
                                                    • Instruction ID: f24e1a659fb60b0d33c86b5e1dd45dd389cc940d1cca3262a109245f07a801ad
                                                    • Opcode Fuzzy Hash: ff414101d02ed0be67c3e1dfd9870ba76abb47f83019c06c8981f1d7fa75197a
                                                    • Instruction Fuzzy Hash: 8FF01278144301ABEB109F10EC49B9ABBE8BB55704F548819F994C21A0D7B9951CEA63
                                                    Function 00512050 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    • GetCommandLineW.KERNEL32(9052A7D0,?,0000FFFF), ref: 0051207D
                                                      • Part of subcall function 00504F90: LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,00000000,00000000,?,?), ref: 00504FAD
                                                    • ExitProcess.KERNEL32 ref: 00512257
                                                      • Part of subcall function 00508A20: CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00508A9D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: AllocCommandCreateExitFileLineLocalProcess
                                                    • String ID: Full command line:
                                                    • API String ID: 1878577176-831861440
                                                    • Opcode ID: ad1ce25933554558745532a7c18c5b6754a11ec7ebd9a73589557b15f4b35679
                                                    • Instruction ID: 2dc876602c93a2177c6e0292497e397f866d6e9594c6ae8439a2025105f7df48
                                                    • Opcode Fuzzy Hash: ad1ce25933554558745532a7c18c5b6754a11ec7ebd9a73589557b15f4b35679
                                                    • Instruction Fuzzy Hash: 7C517D319001599BDB25EB20CC9DBEEBBB5BF91340F0441D8E10967292EF745F89CB92
                                                    Function 00508260 Relevance: 4.6, APIs: 3, Instructions: 85COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 188 508260-5082dc GetTokenInformation 189 508340-508353 188->189 190 5082de-5082e7 GetLastError 188->190 190->189 191 5082e9-5082f7 190->191 192 5082f9-5082fc 191->192 193 5082fe 191->193 194 50832b 192->194 195 508300-508307 193->195 196 50832e-50833a GetTokenInformation 193->196 194->196 197 508317-508328 call 52ac60 195->197 198 508309-508315 call 5084f0 195->198 196->189 197->194 198->196
                                                    APIs
                                                    • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00508238,9052A7D0), ref: 005082D4
                                                    • GetLastError.KERNEL32(?,TokenIntegrityLevel,00000000,00000000,00508238,9052A7D0), ref: 005082DE
                                                    • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),?,00000000,00000000,?,TokenIntegrityLevel,00000000,00000000,00508238,9052A7D0), ref: 0050833A
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: InformationToken$ErrorLast
                                                    • String ID:
                                                    • API String ID: 2567405617-0
                                                    • Opcode ID: 08c5f951ef8fc79072b31ea36feabaab151f469273f0caeaf4045c8225732fbb
                                                    • Instruction ID: cfdf62e09c175e934234171c67227ce64cf273d7f04e02970058d2984f281e88
                                                    • Opcode Fuzzy Hash: 08c5f951ef8fc79072b31ea36feabaab151f469273f0caeaf4045c8225732fbb
                                                    • Instruction Fuzzy Hash: FC313071A006059FDB24CF59CC45FBFFBB9FB84B14F10492DE455A7281DBB5A9048B90
                                                    Function 0053DFB5 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 246 53dfb5-53dfc0 247 53dfc2-53dfcc 246->247 248 53dfce-53dfd4 246->248 247->248 249 53e002-53e00d call 52e2e0 247->249 250 53dfd6-53dfd7 248->250 251 53dfed-53dffe RtlAllocateHeap 248->251 255 53e00f-53e011 249->255 250->251 252 53e000 251->252 253 53dfd9-53dfe0 call 53c110 251->253 252->255 253->249 259 53dfe2-53dfeb call 541a42 253->259 259->249 259->251
                                                    APIs
                                                    • RtlAllocateHeap.NTDLL(00000008,?,?,?,0053C847,00000001,00000364,?,00000006,000000FF,?,0052DEB2,?,?,?), ref: 0053DFF6
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: AllocateHeap
                                                    • String ID:
                                                    • API String ID: 1279760036-0
                                                    • Opcode ID: c0f2462ffc2abd03c28056095cfbbfa5f942f4db49650467d229cef90f9a0618
                                                    • Instruction ID: 3940df056807b29ea13cf634cb0bef39b4097587642107eb1acdcfeb5910e97a
                                                    • Opcode Fuzzy Hash: c0f2462ffc2abd03c28056095cfbbfa5f942f4db49650467d229cef90f9a0618
                                                    • Instruction Fuzzy Hash: 17F0E23160462567EB265B66AC4FE5B3FA8BF817A0F188421FC06E71C1EA70DC0192F0

                                                    Non-executed Functions

                                                    Function 00507840 Relevance: 42.4, APIs: 16, Strings: 8, Instructions: 417libraryloadersleepCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 397 507840-5078ac 398 5078af-50790b call 5087c0 call 502130 * 2 call 508000 397->398 406 507911-507920 398->406 407 507ccb-507cfc call 5018f0 GetWindowThreadProcessId 398->407 408 507922-50792a call 502840 406->408 409 50792d-507943 call 532969 406->409 415 507d31-507d38 407->415 416 507cfe-507d2e GetWindowLongW 407->416 408->409 409->407 418 507949-507979 call 502130 409->418 421 507996-50799a 418->421 422 50797b-507993 418->422 423 5079a0-5079a5 421->423 424 507a4e-507a9b 421->424 422->421 428 5079a7-5079ad 423->428 425 507aa6-507aa8 424->425 426 507a9d-507aa3 GetForegroundWindow 424->426 431 507ab6-507ac5 ShellExecuteExW 425->431 432 507aaa-507ab4 call 507d40 425->432 426->425 429 5079cd-5079cf 428->429 430 5079af-5079b2 428->430 435 5079d2-5079d4 429->435 433 5079b4-5079bc 430->433 434 5079c9-5079cb 430->434 437 507ad5-507ad7 431->437 438 507ac7-507ad2 call 507e80 431->438 432->431 433->429 440 5079be-5079c7 433->440 434->435 441 5079d6-5079dd 435->441 442 507a0f-507a4b GetWindowsDirectoryW call 501960 * 2 435->442 445 507ad9-507adf 437->445 446 507b0b-507b31 call 508180 437->446 438->437 440->428 440->434 448 5079e0-5079e6 441->448 442->424 451 507ae1-507ae4 445->451 452 507ae6-507b00 ShellExecuteExW 445->452 460 507bf1-507bf6 446->460 461 507b37-507b69 GetModuleHandleW GetProcAddress AllowSetForegroundWindow 446->461 456 507a06-507a08 448->456 457 5079e8-5079eb 448->457 451->446 451->452 452->446 454 507b02-507b06 call 507e80 452->454 454->446 464 507a0b-507a0d 456->464 462 507a02-507a04 457->462 463 5079ed-5079f5 457->463 466 507c18-507c3b call 507f80 460->466 467 507bf8-507c00 460->467 461->460 478 507b6f-507b76 461->478 462->464 463->456 468 5079f7-507a00 463->468 464->424 464->442 474 507c54-507c65 466->474 475 507c3d-507c51 466->475 467->466 469 507c02-507c12 WaitForSingleObject GetExitCodeProcess 467->469 468->448 468->462 469->466 476 507c67-507c77 474->476 477 507c7b-507c90 474->477 475->474 476->477 479 507c92-507ca2 477->479 480 507ca6-507cca call 5293fe 477->480 478->460 481 507b78-507b94 GetModuleHandleW GetProcAddress 478->481 479->480 485 507b96-507ba5 481->485 486 507bee 481->486 492 507ba7-507baa 485->492 486->460 492->486 493 507bac-507bd6 Sleep EnumWindows 492->493 493->492 494 507bd8-507be8 SetWindowPos 493->494 494->486
                                                    APIs
                                                    • GetWindowsDirectoryW.KERNEL32(00000010,00000104,?,?,?), ref: 00507A18
                                                    • GetForegroundWindow.USER32(?,?,?), ref: 00507A9D
                                                    • ShellExecuteExW.SHELL32(?), ref: 00507ABA
                                                    • ShellExecuteExW.SHELL32(?), ref: 00507AF8
                                                    • GetModuleHandleW.KERNEL32(Kernel32.dll,GetProcessId,?,?,?,?), ref: 00507B41
                                                    • GetProcAddress.KERNEL32(00000000), ref: 00507B48
                                                    • AllowSetForegroundWindow.USER32(00000000), ref: 00507B5E
                                                    • GetModuleHandleW.KERNEL32(Kernel32.dll,GetProcessId,?,?,?,?), ref: 00507B82
                                                    • GetProcAddress.KERNEL32(00000000), ref: 00507B89
                                                    • Sleep.KERNEL32(00000064,?,?,?,?), ref: 00507BAE
                                                    • EnumWindows.USER32(00507CE0,?), ref: 00507BCA
                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00004003,?,?,?,?), ref: 00507BE8
                                                    • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?), ref: 00507C05
                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 00507C12
                                                    • GetWindowThreadProcessId.USER32(?,?), ref: 00507CEC
                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00507D04
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Window$AddressExecuteForegroundHandleModuleProcProcessShellWindows$AllowCodeDirectoryEnumExitLongObjectSingleSleepThreadWait
                                                    • String ID: %s\System32\cmd.exe$.bat$.cmd$/C ""%s" %s"$GetProcessId$Kernel32.dll$open$runas
                                                    • API String ID: 3646750338-986041216
                                                    • Opcode ID: 92bf9ea5f86e554e236b455449111a5553f2d92fc9a9439e8cb5fe8fbdd3987b
                                                    • Instruction ID: a2407b6afe74edccebed8459ff0ca825b7765f4d156bf4a593adb262d2fb49df
                                                    • Opcode Fuzzy Hash: 92bf9ea5f86e554e236b455449111a5553f2d92fc9a9439e8cb5fe8fbdd3987b
                                                    • Instruction Fuzzy Hash: 90F1EE75E0420ADFDB10DFA8C889AEEBBB5FF19314F144569E515E7291DB30AE04CB60
                                                    Function 005062E0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 232processCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00506352
                                                    • CloseHandle.KERNEL32(00000000), ref: 00506393
                                                    • Process32FirstW.KERNEL32(?,0000022C), ref: 005063D5
                                                    • OpenProcess.KERNEL32(00000410,00000000,?), ref: 005063F0
                                                    • CloseHandle.KERNEL32(?), ref: 00506547
                                                    • Process32NextW.KERNEL32(?,0000022C), ref: 00506564
                                                    • CloseHandle.KERNEL32(?), ref: 00506595
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle$Process32$CreateFirstNextOpenProcessSnapshotToolhelp32
                                                    • String ID: PwU$PwU
                                                    • API String ID: 708755948-1627264920
                                                    • Opcode ID: 27c853a4759a685e9df8cd334810ffd14552818372d6727634e78a5458cdae01
                                                    • Instruction ID: 794141e0febbde892f3845709ff637f68040c33bc8d1b48c59c8209f6c9f4f26
                                                    • Opcode Fuzzy Hash: 27c853a4759a685e9df8cd334810ffd14552818372d6727634e78a5458cdae01
                                                    • Instruction Fuzzy Hash: D2A16A709052599FDB20DF68DD8CBDEBBB8FB45304F1042DAE419A7290DBB49A88CF50
                                                    Function 0050D510 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 467COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _swprintf.LIBCMT ref: 0050D6AF
                                                    • LocalFree.KERNEL32(00000000,?,?,?,?,?,00000000,00000000,00000000), ref: 0050D71F
                                                    • _swprintf.LIBCMT ref: 0050D8FF
                                                    • LocalFree.KERNEL32(00000000,?,?,?,?,?,00000000,00000000,00000000,?,?,?,?,?,?,?), ref: 0050D96F
                                                    • _swprintf.LIBCMT ref: 0050DA48
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: _swprintf$FreeLocal
                                                    • String ID: %$+
                                                    • API String ID: 2429749586-2626897407
                                                    • Opcode ID: 74cf58153a04606a9d64b95bbb2abef7a7c67bf7177bbf3f4ba9eac5a45182c9
                                                    • Instruction ID: e505cb3fca2981a72049458b29593af0bbc9a4e7261e14f927e83ac33c304ef3
                                                    • Opcode Fuzzy Hash: 74cf58153a04606a9d64b95bbb2abef7a7c67bf7177bbf3f4ba9eac5a45182c9
                                                    • Instruction Fuzzy Hash: 6502DE71D002199FDF19DFA8DC45BAEBBB5FF89300F048629F800AB281DB359945CBA1
                                                    Function 00544A9F Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: __floor_pentium4
                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                    • API String ID: 4168288129-2761157908
                                                    • Opcode ID: f1554d62a04b1b53d3d8b09196eaa85794893ecb75f3890763c13b6f9cc7deed
                                                    • Instruction ID: b51f9c03ea147a1afdd1b4f5ee852c83006ac39614efbc57e524cb27d33e6c13
                                                    • Opcode Fuzzy Hash: f1554d62a04b1b53d3d8b09196eaa85794893ecb75f3890763c13b6f9cc7deed
                                                    • Instruction Fuzzy Hash: EFD23972E086298FDB25CE28CC447EABBB5FB84309F1445EAD44DE7241E774AE858F41
                                                    Function 00544039 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLocaleInfoW.KERNEL32(?,2000000B,00544357,00000002,00000000,?,?,?,00544357,?,00000000), ref: 005440D2
                                                    • GetLocaleInfoW.KERNEL32(?,20001004,00544357,00000002,00000000,?,?,?,00544357,?,00000000), ref: 005440FB
                                                    • GetACP.KERNEL32(?,?,00544357,?,00000000), ref: 00544110
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: InfoLocale
                                                    • String ID: ACP$OCP
                                                    • API String ID: 2299586839-711371036
                                                    • Opcode ID: b8c02e10ed95f6a829ee5d69b20750f6dfe9b3492dc832444488661cceb18fb7
                                                    • Instruction ID: 44badc31a5d1f8db3fded228d3e01c8cb44dfdc11ccacf9d2fd8838da16df3bf
                                                    • Opcode Fuzzy Hash: b8c02e10ed95f6a829ee5d69b20750f6dfe9b3492dc832444488661cceb18fb7
                                                    • Instruction Fuzzy Hash: 3E217136680100A7DB34CF54C909BD77AA6FB64B5CB56C424EA0EDB110E733DD91CB50
                                                    Function 0054420E Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0053C6A9: GetLastError.KERNEL32(?,00000008,005407E0), ref: 0053C6AD
                                                      • Part of subcall function 0053C6A9: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 0053C74F
                                                    • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0054431A
                                                    • IsValidCodePage.KERNEL32(00000000), ref: 00544363
                                                    • IsValidLocale.KERNEL32(?,00000001), ref: 00544372
                                                    • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 005443BA
                                                    • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 005443D9
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                    • String ID:
                                                    • API String ID: 415426439-0
                                                    • Opcode ID: f7e07b5270e15906da42265f9f0072f408a599492cf27834daf182c384f9e907
                                                    • Instruction ID: 432a7415bfc8f939b51b40a2ee79c6bd49f6e58a787ec8191368ac8b179c5a54
                                                    • Opcode Fuzzy Hash: f7e07b5270e15906da42265f9f0072f408a599492cf27834daf182c384f9e907
                                                    • Instruction Fuzzy Hash: 17518F75A40216ABEB10DFA5DC46BEE7BB8FF58705F540829B910E7190EBB09A44CF60
                                                    Function 005354D0 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 449COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: K]T$K]T
                                                    • API String ID: 0-2523881571
                                                    • Opcode ID: 0074a70378773aafd8187e78ede71c9e02f86e0a97c0b61baedc2bbdfe1bf4c3
                                                    • Instruction ID: 0415b11066a3c70e59299b1d4c401da421a63a0aa40f01eced7a3a904264535b
                                                    • Opcode Fuzzy Hash: 0074a70378773aafd8187e78ede71c9e02f86e0a97c0b61baedc2bbdfe1bf4c3
                                                    • Instruction Fuzzy Hash: 5EF12F71E006199FDF14CF69D8806ADFBB1FF88324F259269E915AB391E730AD05CB90
                                                    Function 0054388F Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 257COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0053C6A9: GetLastError.KERNEL32(?,00000008,005407E0), ref: 0053C6AD
                                                      • Part of subcall function 0053C6A9: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 0053C74F
                                                    • GetACP.KERNEL32(?,?,?,?,?,?,0053B1A4,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00543950
                                                    • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,0053B1A4,?,?,?,00000055,?,-00000050,?,?), ref: 0054397B
                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00543AE4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$CodeInfoLocalePageValid
                                                    • String ID: utf8
                                                    • API String ID: 607553120-905460609
                                                    • Opcode ID: 7627afc8dd8e11af2efe6a2176133580dfecf6058d7fc6b2624c155734215ca8
                                                    • Instruction ID: cc595ce15b9009873b1b1ddb3fe52adccfe262d7ce4460e222378172be58148d
                                                    • Opcode Fuzzy Hash: 7627afc8dd8e11af2efe6a2176133580dfecf6058d7fc6b2624c155734215ca8
                                                    • Instruction Fuzzy Hash: 1771E471A44202AAEB24AF35CC8ABEA7FA8FF94748F144429F545D71A1FBB0DA44C750
                                                    Function 005124B5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00511140: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,9052A7D0,?,0054A0E0,000000FF), ref: 00511167
                                                      • Part of subcall function 00511140: GetLastError.KERNEL32(?,00000000,00000000,9052A7D0,?,0054A0E0,000000FF), ref: 00511171
                                                    • IsDebuggerPresent.KERNEL32(?,?,0055DB48), ref: 005124E8
                                                    • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,0055DB48), ref: 005124F7
                                                    Strings
                                                    • DT, xrefs: 005124D8
                                                    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 005124F2
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                    • String ID: DT$ERROR : Unable to initialize critical section in CAtlBaseModule
                                                    • API String ID: 3511171328-1646148439
                                                    • Opcode ID: 7edf006423d2ffb631b0f951c0f84995870e5d294e80604cbf1ab22de92724cd
                                                    • Instruction ID: 176ac2f3a8638a1e72ee2d1e1b8e97881a9e6c5c116f2ef18102fc2b69141dc3
                                                    • Opcode Fuzzy Hash: 7edf006423d2ffb631b0f951c0f84995870e5d294e80604cbf1ab22de92724cd
                                                    • Instruction Fuzzy Hash: 40E09B746007028FE3209F29D8197C6BEE4FF10708F00886CD455C7640DBF4D488DB52
                                                    Function 0053CBA9 Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: _strrchr
                                                    • String ID:
                                                    • API String ID: 3213747228-0
                                                    • Opcode ID: 9d3b857c03dc2dea600ebcc52408cceb5c43a748acc98c2b1de5e99707f341c3
                                                    • Instruction ID: 627d22dfeb6d78c18b8d69425f27789985bb1fd6ad3dbf79701058b4b828d647
                                                    • Opcode Fuzzy Hash: 9d3b857c03dc2dea600ebcc52408cceb5c43a748acc98c2b1de5e99707f341c3
                                                    • Instruction Fuzzy Hash: 50B13772D042969FDB16CF68C8817EEBFA9FF59310F14856AE815BB341D2349D01DBA0
                                                    Function 00529FB1 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00529FBD
                                                    • IsDebuggerPresent.KERNEL32 ref: 0052A089
                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0052A0A2
                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 0052A0AC
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                    • String ID:
                                                    • API String ID: 254469556-0
                                                    • Opcode ID: b173a2adc0873b5ab8692f68d988a38a4a97b7442eee38c96464b593cbf34507
                                                    • Instruction ID: cf683a6c05cc962d26f02c0bff9d38e68b8c06478357a583541c3a3de195e665
                                                    • Opcode Fuzzy Hash: b173a2adc0873b5ab8692f68d988a38a4a97b7442eee38c96464b593cbf34507
                                                    • Instruction Fuzzy Hash: 3B312975D012299BDF20DF64D949BCDBBB8BF48300F1041EAE40CAB290EB709A84CF45
                                                    Function 005025B0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 64memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 005294B8: AcquireSRWLockExclusive.KERNEL32(00562B64,?,?,?,00502656,0056376C,9052A7D0,?,?,0054A13D,000000FF,?,00501A17), ref: 005294C3
                                                      • Part of subcall function 005294B8: ReleaseSRWLockExclusive.KERNEL32(00562B64,?,?,00502656,0056376C,9052A7D0,?,?,0054A13D,000000FF,?,00501A17,?,?,?,9052A7D0), ref: 005294FD
                                                    • GetProcessHeap.KERNEL32 ref: 00502605
                                                      • Part of subcall function 00529467: AcquireSRWLockExclusive.KERNEL32(00562B64,?,?,005026C7,0056376C,0054DC00), ref: 00529471
                                                      • Part of subcall function 00529467: ReleaseSRWLockExclusive.KERNEL32(00562B64,?,?,005026C7,0056376C,0054DC00), ref: 005294A4
                                                      • Part of subcall function 00529467: WakeAllConditionVariable.KERNEL32(00562B60,?,?,005026C7,0056376C,0054DC00), ref: 005294AF
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireRelease$ConditionHeapProcessVariableWake
                                                    • String ID: XwU$lwU$p7V
                                                    • API String ID: 1755742941-1006249062
                                                    • Opcode ID: 284a8d01f5518199a6f01b9c33b1a578e86e06f2b522f1095dcc89384fdbf0ba
                                                    • Instruction ID: 2046b8fb2ec56d182b4e6f0ce51f6a909c1a5fcda08ac156a5633f880f8df316
                                                    • Opcode Fuzzy Hash: 284a8d01f5518199a6f01b9c33b1a578e86e06f2b522f1095dcc89384fdbf0ba
                                                    • Instruction Fuzzy Hash: B3215AF0900605ABD710DF6CED1A7997FF4FB26725F100229D424973E0D7B5AB48AB91
                                                    Function 00512831 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLocaleInfoEx.KERNEL32(!x-sys-default-locale,20000001,00000000,00000002,?,?,00503300,?), ref: 00512845
                                                    • FormatMessageA.KERNEL32(00001300,00000000,9052A7D0,00000000,00000000,00000000,00000000,?,?,?,00503300,?), ref: 0051286C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: FormatInfoLocaleMessage
                                                    • String ID: !x-sys-default-locale
                                                    • API String ID: 4235545615-2729719199
                                                    • Opcode ID: 715bf65cb5db7e786075e3367dc8fe6eaff8ab7e30713fd419a3dc51cdfcf3a3
                                                    • Instruction ID: 4c295cbd645e8fe800d736ef0c28a679ee1381d1b5bbe1c535a1b6e743def606
                                                    • Opcode Fuzzy Hash: 715bf65cb5db7e786075e3367dc8fe6eaff8ab7e30713fd419a3dc51cdfcf3a3
                                                    • Instruction Fuzzy Hash: F3F03076510204FFFB049B94CC0ADEE7AACFB19394F104429FA06D6040E2B0AE509BA0
                                                    Function 00543CB0 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0053C6A9: GetLastError.KERNEL32(?,00000008,005407E0), ref: 0053C6AD
                                                      • Part of subcall function 0053C6A9: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 0053C74F
                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00543D04
                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00543D4E
                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00543E14
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: InfoLocale$ErrorLast
                                                    • String ID:
                                                    • API String ID: 661929714-0
                                                    • Opcode ID: 9140da54fe45d9a6586206e86dda524bd8983bc854c9bbc2358d3c49ef88bacb
                                                    • Instruction ID: 328d7c402d11d990f8f94321b84de3051eae73a5607cfda479c6e1de3646379d
                                                    • Opcode Fuzzy Hash: 9140da54fe45d9a6586206e86dda524bd8983bc854c9bbc2358d3c49ef88bacb
                                                    • Instruction Fuzzy Hash: 0261B0719512079FEB28DF28CC86BFA7BA8FF14308F10406AE905C61A1E735DA94DB50
                                                    Function 0052DFE6 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 0052E0DE
                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0052E0E8
                                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 0052E0F5
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                    • String ID:
                                                    • API String ID: 3906539128-0
                                                    • Opcode ID: 4edc946b5d9128e7984ddbdd77e0912c07c164153ebc29cc4be9cb706e92bcbe
                                                    • Instruction ID: 523275e5abbb48cb2cc4af2a196439728e003b07f8981a1db0710fa682e656a9
                                                    • Opcode Fuzzy Hash: 4edc946b5d9128e7984ddbdd77e0912c07c164153ebc29cc4be9cb706e92bcbe
                                                    • Instruction Fuzzy Hash: 1D31D3749012299BCB21DF24DD897CCBBB4BF59310F5041EAE41CA6291EB709F85DF45
                                                    Function 00501D90 Relevance: 4.6, APIs: 3, Instructions: 65COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LoadResource.KERNEL32(00000000,00000000,9052A7D0,00000001,00000000,?,00000000,0054A090,000000FF,?,00501D3C,?,?,?,00000000,?), ref: 00501DBB
                                                    • LockResource.KERNEL32(00000000,?,00501D3C,?,?,?,00000000,?,-00000010,0054A070,000000FF,?,00502058,?,00000000,0054A0BD), ref: 00501DC6
                                                    • SizeofResource.KERNEL32(00000000,00000000,?,00501D3C,?,?,?,00000000,?,-00000010,0054A070,000000FF,?,00502058,?,00000000), ref: 00501DD4
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Resource$LoadLockSizeof
                                                    • String ID:
                                                    • API String ID: 2853612939-0
                                                    • Opcode ID: 6f04173c43d8632e4daeb9a1e26491d9f0793762c84776fd86b493732c0a92a1
                                                    • Instruction ID: 8436430d0ed2b0bc8a3fe5a51fd70ed8df901bdf31ef0877dd447fa0890bf20a
                                                    • Opcode Fuzzy Hash: 6f04173c43d8632e4daeb9a1e26491d9f0793762c84776fd86b493732c0a92a1
                                                    • Instruction Fuzzy Hash: 4E11E732E04A549BC7309F69DC45BAEFBECF796B25F044A2FEC1AD3240E6359C008694
                                                    Function 00531330 Relevance: 2.8, Strings: 2, Instructions: 344COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 0S$S
                                                    • API String ID: 0-683242483
                                                    • Opcode ID: c68a5251ac1184eeb7b465fe3cf2a698924aa4a9ccce6bcfd78169ad6bee7e9a
                                                    • Instruction ID: a5c90283f0507d6b6229f3c3502c74f06b95874b02200b2cac7cd19c6630ef10
                                                    • Opcode Fuzzy Hash: c68a5251ac1184eeb7b465fe3cf2a698924aa4a9ccce6bcfd78169ad6bee7e9a
                                                    • Instruction Fuzzy Hash: 42C1CE70A00E468FCB25CF78C4856BEBFB1BF85310F284A19D49797A91DB30AD45CB59
                                                    Function 0053EA34 Relevance: 1.9, APIs: 1, Instructions: 408timeCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,0053EE79,00000000,00000000,00000000), ref: 0053ED38
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: InformationTimeZone
                                                    • String ID:
                                                    • API String ID: 565725191-0
                                                    • Opcode ID: fa76fbde7be3d48f77c768517ec5d2bf9e86c5503d5cd800c199b4c358fa64f8
                                                    • Instruction ID: 7b193e21045fb8d8b59d324c8ac6ea0867dac069983b9f91dbd2cd51f35cb98b
                                                    • Opcode Fuzzy Hash: fa76fbde7be3d48f77c768517ec5d2bf9e86c5503d5cd800c199b4c358fa64f8
                                                    • Instruction Fuzzy Hash: AFC1E372D00126ABDB11AB64DC4BAAEBFE9FF94710F144166F801EB2D1E7709E41D790
                                                    Function 0053F2D3 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0053F2CE,?,?,00000008,?,?,005498F0,00000000), ref: 0053F500
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ExceptionRaise
                                                    • String ID:
                                                    • API String ID: 3997070919-0
                                                    • Opcode ID: 0997ff6a5f1f79ee47201716130ebbe413b03250f40bcbfc222b64bac72ac8a7
                                                    • Instruction ID: 6a3d1278822834f2e569890d20174f35088a482ade4edcb80e17319034860708
                                                    • Opcode Fuzzy Hash: 0997ff6a5f1f79ee47201716130ebbe413b03250f40bcbfc222b64bac72ac8a7
                                                    • Instruction Fuzzy Hash: B2B11D32A10609DFDB15CF28C486B657FE0FF45364F258669E99ACF2A1C335E992CB40
                                                    Function 00529BFC Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00529C12
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: FeaturePresentProcessor
                                                    • String ID:
                                                    • API String ID: 2325560087-0
                                                    • Opcode ID: 41085b089adaca591c3805c9b6736c58da8ab26493ebd1ec38d5d1be8d9935d0
                                                    • Instruction ID: deeea56a5df8eb5a2825cf3bd230821dac23732e60f3dc2c99c6479973af93ea
                                                    • Opcode Fuzzy Hash: 41085b089adaca591c3805c9b6736c58da8ab26493ebd1ec38d5d1be8d9935d0
                                                    • Instruction Fuzzy Hash: 1751A0B2A006158FEB24CF69E9957BABBF4FB58310F14882AC405EB390D3B59D44DF90
                                                    Function 005316BE Relevance: 1.6, Strings: 1, Instructions: 388COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 0
                                                    • API String ID: 0-4108050209
                                                    • Opcode ID: 1d0b63264b14122f6415e8d20ce5641fedf10ec5bdafa1f538d1eec7b0fc133c
                                                    • Instruction ID: 68de8e576ca795af2f32cf38eb995770efc852be2ff9a6154eb618833b005484
                                                    • Opcode Fuzzy Hash: 1d0b63264b14122f6415e8d20ce5641fedf10ec5bdafa1f538d1eec7b0fc133c
                                                    • Instruction Fuzzy Hash: 31E18B74A00E068FCB24CF78C594ABEBBF1FF49310F284A59D4569B291D730AD46CB59
                                                    Function 00540A10 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f5b7a07ad8921a6bace4995df54f5faf54847a1f5ccfe08889343d08d1b76a40
                                                    • Instruction ID: 244540b7d9caff3453d39fc88789c7303c204ef8ee16dfa9c5787a3400516945
                                                    • Opcode Fuzzy Hash: f5b7a07ad8921a6bace4995df54f5faf54847a1f5ccfe08889343d08d1b76a40
                                                    • Instruction Fuzzy Hash: 9831B476900219AFCB20DEA9CCC9DFBBB7DFB84318F244598F90597284EA309E408B54
                                                    Function 00543F10 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0053C6A9: GetLastError.KERNEL32(?,00000008,005407E0), ref: 0053C6AD
                                                      • Part of subcall function 0053C6A9: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 0053C74F
                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00543F64
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$InfoLocale
                                                    • String ID:
                                                    • API String ID: 3736152602-0
                                                    • Opcode ID: c349cff683414a2cf4ae6b112f1fb7386cbc148d1fdd0e4752d4d453ac5bdce5
                                                    • Instruction ID: 78c3247c6132eb3380b81a10336235fd99e7cf5f8d11b6fab0cbe4359fac25ca
                                                    • Opcode Fuzzy Hash: c349cff683414a2cf4ae6b112f1fb7386cbc148d1fdd0e4752d4d453ac5bdce5
                                                    • Instruction Fuzzy Hash: 8121B672A54107BBDF189B14DC46ABA7BB8FF54314F10007AF901D6161EB38EE48CB50
                                                    Function 00543B82 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0053C6A9: GetLastError.KERNEL32(?,00000008,005407E0), ref: 0053C6AD
                                                      • Part of subcall function 0053C6A9: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 0053C74F
                                                    • EnumSystemLocalesW.KERNEL32(00543CB0,00000001,00000000,?,-00000050,?,005442EE,00000000,?,?,?,00000055,?), ref: 00543BF4
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$EnumLocalesSystem
                                                    • String ID:
                                                    • API String ID: 2417226690-0
                                                    • Opcode ID: 47f2fb2b7556f03c5d47ea489367462a9081e2dd5e244e075fea5f95b49eda13
                                                    • Instruction ID: ce40248e29b7d7c3cc065c05ca2c6648af05ac8ef9e7739f992186bc96e44391
                                                    • Opcode Fuzzy Hash: 47f2fb2b7556f03c5d47ea489367462a9081e2dd5e244e075fea5f95b49eda13
                                                    • Instruction Fuzzy Hash: 8D11023A2003029FDB18AF39C8956BABF91FF84328B14442CE94697A50E771BA42CB40
                                                    Function 0054413F Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0053C6A9: GetLastError.KERNEL32(?,00000008,005407E0), ref: 0053C6AD
                                                      • Part of subcall function 0053C6A9: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 0053C74F
                                                    • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00543ECC,00000000,00000000,?), ref: 0054416B
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$InfoLocale
                                                    • String ID:
                                                    • API String ID: 3736152602-0
                                                    • Opcode ID: 06d7e155ee7a6060f55af16bca1af27bd20bb4370ae839c39ba414dfd542db1d
                                                    • Instruction ID: 377d6dedb2c59d5cca309f8f6ada6a33abc5bdfcf43e57a81ac839603eb9f67d
                                                    • Opcode Fuzzy Hash: 06d7e155ee7a6060f55af16bca1af27bd20bb4370ae839c39ba414dfd542db1d
                                                    • Instruction Fuzzy Hash: A1F0CD36650212BBEB285B65CC0A7FA7F68FF9075CF154825ED15B3140DA74FE81CA90
                                                    Function 00543C1D Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0053C6A9: GetLastError.KERNEL32(?,00000008,005407E0), ref: 0053C6AD
                                                      • Part of subcall function 0053C6A9: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 0053C74F
                                                    • EnumSystemLocalesW.KERNEL32(00543F10,00000001,?,?,-00000050,?,005442B2,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00543C67
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$EnumLocalesSystem
                                                    • String ID:
                                                    • API String ID: 2417226690-0
                                                    • Opcode ID: 160962cc1bc882c322a0a6375f0dca96f1025589789962f97d5d6eb538c39f05
                                                    • Instruction ID: fd2fe76ec61ff6322a8f1139ccb833e2c8435a74f4a50924797146b9f88d4418
                                                    • Opcode Fuzzy Hash: 160962cc1bc882c322a0a6375f0dca96f1025589789962f97d5d6eb538c39f05
                                                    • Instruction Fuzzy Hash: 36F0F6362003056FDB145F39D8C5ABA7F91FF8136CF15442DF9455B6A0D6719D02C750
                                                    Function 0053E02D Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00538AF1: EnterCriticalSection.KERNEL32(?,?,00541A86,00000000,0055F1B8,0000000C,00541A4D,?,?,0053DFE8,?,?,0053C847,00000001,00000364,?), ref: 00538B00
                                                    • EnumSystemLocalesW.KERNEL32(0053E020,00000001,0055F0D8,0000000C,0053E44F,00000000), ref: 0053E065
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: CriticalEnterEnumLocalesSectionSystem
                                                    • String ID:
                                                    • API String ID: 1272433827-0
                                                    • Opcode ID: 25a47b9eeb5fee8a4171cf743ab033d367f252ca87f0ff864b4cd84a437d3acb
                                                    • Instruction ID: b8d84929a4b2f13f35c4d089dfa3a53bbe5bcf0ce59541c27119daff57b4c7e3
                                                    • Opcode Fuzzy Hash: 25a47b9eeb5fee8a4171cf743ab033d367f252ca87f0ff864b4cd84a437d3acb
                                                    • Instruction Fuzzy Hash: 40F04976A40205EFD704DF98E84AB9D7BF0FB58721F10412AF411DB2E0CBB55944DB45
                                                    Function 00528EB7 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLocaleInfoEx.KERNEL32(?,00000022,00000000,00000002,?,?,00526938,00000000,00559719,00000004,0052556D,00559719,00000004,00525997,00000000,00000000), ref: 00528ED0
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: InfoLocale
                                                    • String ID:
                                                    • API String ID: 2299586839-0
                                                    • Opcode ID: a0df292d08ca145810e6cba5fc3e43e1b37aa6b395c2520ef1aaaa9d59562b96
                                                    • Instruction ID: 2d0e3c3b4fde58513391691f363be99a5307dc385a3114e95e1e20242e478b72
                                                    • Opcode Fuzzy Hash: a0df292d08ca145810e6cba5fc3e43e1b37aa6b395c2520ef1aaaa9d59562b96
                                                    • Instruction Fuzzy Hash: 0AE09232691214A6DB098BFCA90FB7A3A9CBB12749F104A41F102E54D1CEA0CA009255
                                                    Function 00543B37 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 0053C6A9: GetLastError.KERNEL32(?,00000008,005407E0), ref: 0053C6AD
                                                      • Part of subcall function 0053C6A9: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 0053C74F
                                                    • EnumSystemLocalesW.KERNEL32(00543A90,00000001,?,?,?,00544310,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00543B6E
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$EnumLocalesSystem
                                                    • String ID:
                                                    • API String ID: 2417226690-0
                                                    • Opcode ID: 60c436c02ae5ce35b354093262dd082f3a046d09b0a0d9e36dd17e6ef2b5deac
                                                    • Instruction ID: 2b3bbcab86f3db9885fc47c68aafafb313c7f674184f0f6f4b2e1838f291b9fd
                                                    • Opcode Fuzzy Hash: 60c436c02ae5ce35b354093262dd082f3a046d09b0a0d9e36dd17e6ef2b5deac
                                                    • Instruction Fuzzy Hash: 3DF0AB3A300205A7CB04DF3ADC0A7AABF90FFC1768F06005CEA058B2A0C631D942C790
                                                    Function 0053E5AA Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,0053BD0A,?,20001004,00000000,00000002,?,?,0053B30C), ref: 0053E5DE
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: InfoLocale
                                                    • String ID:
                                                    • API String ID: 2299586839-0
                                                    • Opcode ID: bbe825ff451c61f7bf5d803ef678743bf95ae07f3be1b3bc016dd0f9c22f89d0
                                                    • Instruction ID: 22613a2a6e6c88d704d709f7237a618b3738fffc46b91ebbaf6b06a15e51ac12
                                                    • Opcode Fuzzy Hash: bbe825ff451c61f7bf5d803ef678743bf95ae07f3be1b3bc016dd0f9c22f89d0
                                                    • Instruction Fuzzy Hash: ECE04F35500218BBCF122F61EC0BADE3F6AFF95754F044411FD05662A0CB719A20EAD5
                                                    Function 0052A145 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_0002A160,00529A35), ref: 0052A14A
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterUnhandled
                                                    • String ID:
                                                    • API String ID: 3192549508-0
                                                    • Opcode ID: a5cbd5087ac8b1f463099a094c6e1f52c502c96125b01149d1bb0ba6fa1ecaf9
                                                    • Instruction ID: 667596e0fd3b733b9b9c14506625d768eac00c2ab3aa9c64f6650da386c7c695
                                                    • Opcode Fuzzy Hash: a5cbd5087ac8b1f463099a094c6e1f52c502c96125b01149d1bb0ba6fa1ecaf9
                                                    • Instruction Fuzzy Hash:
                                                    Function 00537CA8 Relevance: .7, Instructions: 655COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: AllocHeap
                                                    • String ID:
                                                    • API String ID: 4292702814-0
                                                    • Opcode ID: 61f0152c246e07533dbd716546c3a92dea5685d696f9b86bb5d21ea2cb476f9b
                                                    • Instruction ID: 72418e947c7a2508619871d6e4d81799c88074295aedb0bbddaa3c816e3984ee
                                                    • Opcode Fuzzy Hash: 61f0152c246e07533dbd716546c3a92dea5685d696f9b86bb5d21ea2cb476f9b
                                                    • Instruction Fuzzy Hash: 63326D74E0020ADFCF28CF98C995ABEBBB5FF45304F144569E945A7305DA32AE46CB90
                                                    Function 00543340 Relevance: .3, Instructions: 327COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ErrorLastProcess$CurrentFeatureInfoLocalePresentProcessorTerminate
                                                    • String ID:
                                                    • API String ID: 3471368781-0
                                                    • Opcode ID: 7674b3d88a5c7327dfa0f34af253efdd19842cc9a9c3f55147e484d3970446ad
                                                    • Instruction ID: f8654d61235fa810db7693433cb593e63780501af6125f27cca85e5f804ffc85
                                                    • Opcode Fuzzy Hash: 7674b3d88a5c7327dfa0f34af253efdd19842cc9a9c3f55147e484d3970446ad
                                                    • Instruction Fuzzy Hash: B6B1F8755007429BDB34DB25CC96AFBBBE8FF5430CF14446DE943866A0EA74EA85CB10
                                                    Function 00533521 Relevance: .2, Instructions: 158COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 03712bee268dd082b10ea5ef36c76bb93e0a39284a4a820e51774f19ff109660
                                                    • Instruction ID: 4b47bcff396c0b3c32531125d046b3db53daea0d7d300b495ddcf8e26cf2dde1
                                                    • Opcode Fuzzy Hash: 03712bee268dd082b10ea5ef36c76bb93e0a39284a4a820e51774f19ff109660
                                                    • Instruction Fuzzy Hash: 65515F71E00219AFDF14CF99C981AEEBFB2FF88304F198459E915AB251D734AE50CB90
                                                    Function 0052B340 Relevance: .1, Instructions: 76COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                    • Instruction ID: 6022125c2ea944c6326d426e81b516428036fefb6df669af335d4d2c2f68e09b
                                                    • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                    • Instruction Fuzzy Hash: 7711E97720456243F604CA2DF4F85BA9F95FFF732172D4B6AD0414B6D4E322A5459600
                                                    Function 0054080C Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6368cd5ad71341a1b29a6c97cf458ea0cd2b9c300a31ba0e5531929605537af1
                                                    • Instruction ID: 07d196baa1ddcbbbbf4ede25dd83394b8754027d01c3f39b073c15ad05ed100d
                                                    • Opcode Fuzzy Hash: 6368cd5ad71341a1b29a6c97cf458ea0cd2b9c300a31ba0e5531929605537af1
                                                    • Instruction Fuzzy Hash: 56E0EC72911278EBCB25DB9CCA4998AFBECFB85B54B6544A6BA01D3151C271DF00CBD0
                                                    Function 00539C75 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ee2e060d41377332e3052d441e23bfaf2e5d4587f851b6276e8910fada055d62
                                                    • Instruction ID: c90b192dac582b5e825122dc7c84f9b2531b5d741129c94cf112efcf5fe8ed08
                                                    • Opcode Fuzzy Hash: ee2e060d41377332e3052d441e23bfaf2e5d4587f851b6276e8910fada055d62
                                                    • Instruction Fuzzy Hash: ABC08C7400199546CF29CB1082713E53794F3E1782F91288CC9030B682D56E9C82D600
                                                    Function 00508A20 Relevance: 30.1, APIs: 13, Strings: 4, Instructions: 348filememoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 495 508a20-508a86 call 505980 call 5098f0 500 508a88 495->500 501 508a8a-508ab7 CreateFileW call 503d60 495->501 500->501 504 508ac0-508adc 501->504 505 508ab9-508abb 501->505 507 508b28-508b3b 504->507 508 508ade-508ae1 504->508 506 508df1-508e24 call 503d60 call 5293fe 505->506 511 508b40-508b48 507->511 508->507 510 508ae3-508afa WideCharToMultiByte 508->510 513 508b26 510->513 514 508afc-508b24 LocalAlloc WideCharToMultiByte 510->514 511->511 515 508b4a-508b50 511->515 513->507 514->507 517 508b56-508b5c 515->517 518 508bdc-508c0f WriteFile CloseHandle 515->518 522 508b63-508b66 517->522 523 508b5e-508b61 517->523 520 508c15-508c33 518->520 521 508d27-508d2c 518->521 524 508c35-508c4d MultiByteToWideChar 520->524 525 508c88-508c8e 520->525 526 508d32-508d46 call 5098f0 521->526 527 508dcf-508dea LocalFree 521->527 529 508b68-508b6b 522->529 530 508b6d-508b70 522->530 523->522 528 508bc6-508bc8 523->528 534 508c85 524->534 535 508c4f-508c7f LocalAlloc MultiByteToWideChar 524->535 537 508c90-508c97 525->537 538 508c99-508ca7 525->538 542 508d48 526->542 543 508d4a-508d6e ShellExecuteW call 503d60 526->543 527->506 533 508bcd-508bd6 528->533 529->528 529->530 531 508b72-508b75 530->531 532 508b77-508b7e 530->532 531->528 531->532 540 508b80-508b82 532->540 533->517 533->518 534->525 535->534 537->537 537->538 539 508cb0-508cbd 538->539 539->539 544 508cbf-508cc6 539->544 545 508b84-508b8a 540->545 546 508b8e-508b93 540->546 542->543 556 508d70-508d80 call 5092f0 543->556 557 508d82-508d85 543->557 548 508cc8-508cd0 544->548 549 508cea-508cf4 544->549 545->540 550 508b8c 545->550 546->528 551 508b95-508bc4 546->551 553 508cd2-508cd4 548->553 554 508ce5-508ce7 548->554 555 508cf6-508d03 549->555 550->551 551->533 558 508cd6-508ce3 553->558 554->549 555->555 559 508d05-508d10 555->559 556->557 557->527 561 508d87-508d9b call 5098f0 557->561 558->554 558->558 562 508d12-508d13 LocalFree 559->562 563 508d19-508d20 559->563 567 508d9d 561->567 568 508d9f-508dc0 ShellExecuteW call 503d60 561->568 562->563 563->521 567->568 568->527 571 508dc2-508dcc call 5092f0 568->571 571->527
                                                    APIs
                                                    • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00508A9D
                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00508AF0
                                                    • LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,?,00000000,0054AFC5,000000FF), ref: 00508AFF
                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00508B1B
                                                    • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,0054AFC5,000000FF), ref: 00508BFB
                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,0054AFC5,000000FF), ref: 00508C07
                                                    • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?,?,00000000,0054AFC5,000000FF), ref: 00508C43
                                                    • LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,?,00000000,0054AFC5,000000FF), ref: 00508C62
                                                    • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?,?,00000000,0054AFC5,000000FF), ref: 00508C7F
                                                    • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,00000000,0054AFC5,000000FF), ref: 00508D13
                                                    • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000005), ref: 00508D58
                                                    • ShellExecuteW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000005), ref: 00508DAA
                                                    • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,00000000,0054AFC5,000000FF), ref: 00508DDD
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ByteCharLocalMultiWide$AllocExecuteFileFreeShell$CloseCreateHandleWrite
                                                    • String ID: -_.~!*'();:@&=+$,/?#[]$URL Shortcut content:$[InternetShortcut]URL=$open
                                                    • API String ID: 2199533872-3004881174
                                                    • Opcode ID: 16cfbfaa78d5b14aff221bbc9c4458ffad70f2e8084118273c76f00d9748b553
                                                    • Instruction ID: b015e7447c9a1b8c94f2a8bfe2c4bf1fb02028776bf620398413fa7a9a035241
                                                    • Opcode Fuzzy Hash: 16cfbfaa78d5b14aff221bbc9c4458ffad70f2e8084118273c76f00d9748b553
                                                    • Instruction Fuzzy Hash: 97C1F1B19002459FEB209F68CC5ABFEBFB5FFA5700F144129E9549B2C2EB744909C7A1
                                                    Function 0051E68B Relevance: 28.4, APIs: 5, Strings: 11, Instructions: 433COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051E692
                                                    • ctype.LIBCPMT ref: 0051E6D9
                                                      • Part of subcall function 0051E1A6: __Getctype.LIBCPMT ref: 0051E1B5
                                                      • Part of subcall function 0051A901: __EH_prolog3.LIBCMT ref: 0051A908
                                                      • Part of subcall function 0051A901: std::_Lockit::_Lockit.LIBCPMT ref: 0051A912
                                                      • Part of subcall function 0051AA2B: __EH_prolog3.LIBCMT ref: 0051AA32
                                                      • Part of subcall function 0051AA2B: std::_Lockit::_Lockit.LIBCPMT ref: 0051AA3C
                                                      • Part of subcall function 0051ABEA: __EH_prolog3.LIBCMT ref: 0051ABF1
                                                      • Part of subcall function 0051ABEA: std::_Lockit::_Lockit.LIBCPMT ref: 0051ABFB
                                                      • Part of subcall function 0051ABEA: std::_Lockit::~_Lockit.LIBCPMT ref: 0051AC6C
                                                      • Part of subcall function 0051AB55: __EH_prolog3.LIBCMT ref: 0051AB5C
                                                      • Part of subcall function 0051AB55: std::_Lockit::_Lockit.LIBCPMT ref: 0051AB66
                                                      • Part of subcall function 00514AE4: __EH_prolog3.LIBCMT ref: 00514AEB
                                                      • Part of subcall function 00514AE4: std::_Lockit::_Lockit.LIBCPMT ref: 00514AF5
                                                      • Part of subcall function 00514AE4: std::_Lockit::~_Lockit.LIBCPMT ref: 00514B9C
                                                    • numpunct.LIBCPMT ref: 0051EA87
                                                      • Part of subcall function 0051B2C7: __EH_prolog3.LIBCMT ref: 0051B2CE
                                                      • Part of subcall function 0051AFFD: __EH_prolog3.LIBCMT ref: 0051B004
                                                      • Part of subcall function 0051AFFD: std::_Lockit::_Lockit.LIBCPMT ref: 0051B00E
                                                      • Part of subcall function 0051AFFD: std::_Lockit::~_Lockit.LIBCPMT ref: 0051B07F
                                                      • Part of subcall function 0051B127: __EH_prolog3.LIBCMT ref: 0051B12E
                                                      • Part of subcall function 0051B127: std::_Lockit::_Lockit.LIBCPMT ref: 0051B138
                                                      • Part of subcall function 0051B127: std::_Lockit::~_Lockit.LIBCPMT ref: 0051B1A9
                                                      • Part of subcall function 00514AE4: Concurrency::cancel_current_task.LIBCPMT ref: 00514BA7
                                                      • Part of subcall function 0051A4EE: __EH_prolog3.LIBCMT ref: 0051A4F5
                                                      • Part of subcall function 0051A4EE: std::_Lockit::_Lockit.LIBCPMT ref: 0051A4FF
                                                      • Part of subcall function 0051A4EE: std::_Lockit::~_Lockit.LIBCPMT ref: 0051A570
                                                    • __Getcoll.LIBCPMT ref: 0051E84D
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                      • Part of subcall function 00508750: LocalAlloc.KERNEL32(00000040,00000000,00529F85,00000000,9052A7D0,?,00000000,?,00000000,?,0054DAF8,000000FF,?,005017B5,00000000,0054EDDA), ref: 00508756
                                                    • codecvt.LIBCPMT ref: 0051EB38
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Lockitstd::_$H_prolog3$Lockit::_$Lockit::~_$AllocConcurrency::cancel_current_taskGetcollGetctypeLocalcodecvtctypenumpunct
                                                    • String ID: P*V$T*V$X*V$\*V$`*V$d*V$h*V$l*V$p*V$t*V$x*V
                                                    • API String ID: 332695549-1455326348
                                                    • Opcode ID: 071b9719fa7015fc37dccb29b2bacf10a83d51ec22c69f369857208d2f4fe2d0
                                                    • Instruction ID: ff316453ec015a5609b3c0a9733226fab590fe5704ed5ebbae4f044e435a4bd2
                                                    • Opcode Fuzzy Hash: 071b9719fa7015fc37dccb29b2bacf10a83d51ec22c69f369857208d2f4fe2d0
                                                    • Instruction Fuzzy Hash: BAE1C075800217ABFB11AF648C5BAFF7EA5FF81350F144829FD686B281DB718D8097A1
                                                    Function 0051EB67 Relevance: 21.4, APIs: 4, Strings: 8, Instructions: 433COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051EB6E
                                                    • numpunct.LIBCPMT ref: 0051EF63
                                                      • Part of subcall function 0051B2FA: __EH_prolog3.LIBCMT ref: 0051B301
                                                      • Part of subcall function 0051B092: __EH_prolog3.LIBCMT ref: 0051B099
                                                      • Part of subcall function 0051B092: std::_Lockit::_Lockit.LIBCPMT ref: 0051B0A3
                                                      • Part of subcall function 0051B092: std::_Lockit::~_Lockit.LIBCPMT ref: 0051B114
                                                      • Part of subcall function 0050EB80: std::_Lockit::_Lockit.LIBCPMT ref: 0050EBAD
                                                      • Part of subcall function 0050EB80: std::_Lockit::_Lockit.LIBCPMT ref: 0050EBD0
                                                      • Part of subcall function 0050EB80: std::_Lockit::~_Lockit.LIBCPMT ref: 0050EBF8
                                                      • Part of subcall function 0050EB80: std::_Lockit::~_Lockit.LIBCPMT ref: 0050ECA1
                                                      • Part of subcall function 00514AE4: Concurrency::cancel_current_task.LIBCPMT ref: 00514BA7
                                                      • Part of subcall function 0051A583: __EH_prolog3.LIBCMT ref: 0051A58A
                                                      • Part of subcall function 0051A583: std::_Lockit::_Lockit.LIBCPMT ref: 0051A594
                                                      • Part of subcall function 0051A583: std::_Lockit::~_Lockit.LIBCPMT ref: 0051A605
                                                    • __Getcoll.LIBCPMT ref: 0051ED29
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                      • Part of subcall function 00508750: LocalAlloc.KERNEL32(00000040,00000000,00529F85,00000000,9052A7D0,?,00000000,?,00000000,?,0054DAF8,000000FF,?,005017B5,00000000,0054EDDA), ref: 00508756
                                                      • Part of subcall function 0050BD90: __Getctype.LIBCPMT ref: 0050BD9B
                                                      • Part of subcall function 0051A996: __EH_prolog3.LIBCMT ref: 0051A99D
                                                      • Part of subcall function 0051A996: std::_Lockit::_Lockit.LIBCPMT ref: 0051A9A7
                                                      • Part of subcall function 0051AAC0: __EH_prolog3.LIBCMT ref: 0051AAC7
                                                      • Part of subcall function 0051AAC0: std::_Lockit::_Lockit.LIBCPMT ref: 0051AAD1
                                                      • Part of subcall function 0051AD14: __EH_prolog3.LIBCMT ref: 0051AD1B
                                                      • Part of subcall function 0051AD14: std::_Lockit::_Lockit.LIBCPMT ref: 0051AD25
                                                      • Part of subcall function 0051AD14: std::_Lockit::~_Lockit.LIBCPMT ref: 0051AD96
                                                      • Part of subcall function 0051AC7F: __EH_prolog3.LIBCMT ref: 0051AC86
                                                      • Part of subcall function 0051AC7F: std::_Lockit::_Lockit.LIBCPMT ref: 0051AC90
                                                      • Part of subcall function 0051AC7F: std::_Lockit::~_Lockit.LIBCPMT ref: 0051AD01
                                                      • Part of subcall function 00514AE4: __EH_prolog3.LIBCMT ref: 00514AEB
                                                      • Part of subcall function 00514AE4: std::_Lockit::_Lockit.LIBCPMT ref: 00514AF5
                                                      • Part of subcall function 00514AE4: std::_Lockit::~_Lockit.LIBCPMT ref: 00514B9C
                                                    • codecvt.LIBCPMT ref: 0051F014
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Lockitstd::_$Lockit::_$H_prolog3$Lockit::~_$AllocConcurrency::cancel_current_taskGetcollGetctypeLocalcodecvtnumpunct
                                                    • String ID: 0*V$4*V$8*V$<*V$@*V$D*V$H*V$L*V
                                                    • API String ID: 3763518620-1854701362
                                                    • Opcode ID: b3df91d4bff7b3fb482f71a0419dde53a942ecad96a8f20e176d465d52a8c377
                                                    • Instruction ID: ead89782687906f04d61b2265ebae21aa1713ce75ebe7a831312ffdda7894ae3
                                                    • Opcode Fuzzy Hash: b3df91d4bff7b3fb482f71a0419dde53a942ecad96a8f20e176d465d52a8c377
                                                    • Instruction Fuzzy Hash: B9E1EF718006169BEB116F648C0AAFF7EA5FF81350F14492EFD556B291EB718D808BE1
                                                    Function 00506BA0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 132timeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • OpenProcess.KERNEL32(00000400,00000000,?,9052A7D0,?,00000000), ref: 00506BF5
                                                    • OpenProcess.KERNEL32(00000400,00000000,00000000,?,9052A7D0,?,00000000), ref: 00506C16
                                                    • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,9052A7D0,?,00000000), ref: 00506C49
                                                    • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,9052A7D0,?,00000000), ref: 00506C5A
                                                    • CloseHandle.KERNEL32(00000000,?,9052A7D0,?,00000000), ref: 00506C78
                                                    • CloseHandle.KERNEL32(00000000,?,9052A7D0,?,00000000), ref: 00506C9C
                                                    • CloseHandle.KERNEL32(00000000,?,9052A7D0,?,00000000), ref: 00506CC8
                                                    • CloseHandle.KERNEL32(00000000,?,9052A7D0,?,00000000), ref: 00506CE8
                                                    • CloseHandle.KERNEL32(00000000,?,9052A7D0,?,00000000), ref: 00506D0A
                                                    • CloseHandle.KERNEL32(00000000,?,9052A7D0,?,00000000), ref: 00506D2A
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle$Process$OpenTimes
                                                    • String ID: PwU$PwU
                                                    • API String ID: 1711917922-1627264920
                                                    • Opcode ID: fe13aff5ddd3e146c67eefa503075524ac27f0f9bc925557f8c5b95c5666f16a
                                                    • Instruction ID: 2f3e7d12b49eddb887aba1949fe20ae99862ad2682a1f319a27841245317215e
                                                    • Opcode Fuzzy Hash: fe13aff5ddd3e146c67eefa503075524ac27f0f9bc925557f8c5b95c5666f16a
                                                    • Instruction Fuzzy Hash: 34517D75D01218DFEB10CFA8D9897EEBFB4FB09718F244259E925B72D0D3B409049BA4
                                                    Function 0050F5E0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 258memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LocalAlloc.KERNEL32(00000040,00000018,9052A7D0,00000000,?), ref: 0050F646
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0050F683
                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0050F6ED
                                                    • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0050F887
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0050F944
                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0050F96C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Locinfo::_Lockit$AllocConcurrency::cancel_current_taskLocalLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                    • String ID: bad locale name$false$true
                                                    • API String ID: 975656625-1062449267
                                                    • Opcode ID: 895a2e3235e7d6b9f08e7c18da392f652659ee8eef29bce932f50d1032ca340a
                                                    • Instruction ID: db202bc2df933121dcff5e66041bc8990591c7333076a77155b4e4cd79b2a16f
                                                    • Opcode Fuzzy Hash: 895a2e3235e7d6b9f08e7c18da392f652659ee8eef29bce932f50d1032ca340a
                                                    • Instruction Fuzzy Hash: 2EB182B1D00348DEEB21DFA4C945BDEBFF4BF55304F1481A9E448AB281E7759A48CB61
                                                    Function 00505A40 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 373fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTempFileNameW.KERNEL32(?,URL,00000000,?,9052A7D0,?,00000004), ref: 00505AAA
                                                    • LocalFree.KERNEL32(?), ref: 00505BBB
                                                    • MoveFileW.KERNEL32(?,00000000), ref: 00505E5B
                                                    • DeleteFileW.KERNEL32(?), ref: 00505EA3
                                                    • LocalFree.KERNEL32(?), ref: 00505F3D
                                                    • LocalFree.KERNEL32(?), ref: 00505FF2
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: FileFreeLocal$DeleteMoveNameTemp
                                                    • String ID: URL$url
                                                    • API String ID: 1227976696-346267919
                                                    • Opcode ID: ffac1c1f1d663cd879e07267556d03a9914abf6aa0eb38ebbf73f5e9d0aec9d1
                                                    • Instruction ID: cb159e9b42cca84617a838d9b7bc838870c98516b775f281bc6d9c03275c92f1
                                                    • Opcode Fuzzy Hash: ffac1c1f1d663cd879e07267556d03a9914abf6aa0eb38ebbf73f5e9d0aec9d1
                                                    • Instruction Fuzzy Hash: 510248B0D116699ADB24DF28C89879DBBB5FF54304F1046DAE409A7291EB74ABC4CF80
                                                    Function 00527550 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 351COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 00527557
                                                      • Part of subcall function 0050C950: std::_Lockit::_Lockit.LIBCPMT ref: 0050C97D
                                                      • Part of subcall function 0050C950: std::_Lockit::_Lockit.LIBCPMT ref: 0050C9A0
                                                      • Part of subcall function 0050C950: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C9C8
                                                      • Part of subcall function 0050C950: std::_Lockit::~_Lockit.LIBCPMT ref: 0050CA71
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                    • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                    • API String ID: 1383202999-2891247106
                                                    • Opcode ID: e022d8310ce47908ba1babf1e19e8d23ab86a45bfa502a94845311388f1066a0
                                                    • Instruction ID: 0883e0df866002d7c9943e9cb11971e47981d5047da29e786f6e6b964b1b5e9c
                                                    • Opcode Fuzzy Hash: e022d8310ce47908ba1babf1e19e8d23ab86a45bfa502a94845311388f1066a0
                                                    • Instruction Fuzzy Hash: 0BC1727250411EABCF18DF68E969DFA3FB8FF4A300F14451AFA46A62D1D631DA50CB60
                                                    Function 00521B30 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 351COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 00521B37
                                                      • Part of subcall function 0051A742: __EH_prolog3.LIBCMT ref: 0051A749
                                                      • Part of subcall function 0051A742: std::_Lockit::_Lockit.LIBCPMT ref: 0051A753
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: H_prolog3$LockitLockit::_std::_
                                                    • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                    • API String ID: 2181796688-2891247106
                                                    • Opcode ID: 747aed448f987b7cbef3de2bc49c52006c6a021a300a43922c19487c7b380fc2
                                                    • Instruction ID: ae3a2957dd5bd4403b1374c6b6a6460a8f5ccb6839b5410df2f8bfa5c6cdc6ac
                                                    • Opcode Fuzzy Hash: 747aed448f987b7cbef3de2bc49c52006c6a021a300a43922c19487c7b380fc2
                                                    • Instruction Fuzzy Hash: 53C1717654051AABDB18DF68DD5ADFB3FBCFF6A300F05051AFA02A66C1D6309A00CB64
                                                    Function 00521F20 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 351COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 00521F27
                                                      • Part of subcall function 0050B890: std::_Lockit::_Lockit.LIBCPMT ref: 0050B8BD
                                                      • Part of subcall function 0050B890: std::_Lockit::_Lockit.LIBCPMT ref: 0050B8E0
                                                      • Part of subcall function 0050B890: std::_Lockit::~_Lockit.LIBCPMT ref: 0050B908
                                                      • Part of subcall function 0050B890: std::_Lockit::~_Lockit.LIBCPMT ref: 0050B9B1
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                    • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                    • API String ID: 1383202999-2891247106
                                                    • Opcode ID: 2741af681b07447b42c4fc701adbbfee548d5e7e90fae98cae2ca1d6d83846fe
                                                    • Instruction ID: a9ee48c487f1d9d55eda88f2ab1381c7fcf0408344bedef3afa461e4bf8a24fd
                                                    • Opcode Fuzzy Hash: 2741af681b07447b42c4fc701adbbfee548d5e7e90fae98cae2ca1d6d83846fe
                                                    • Instruction Fuzzy Hash: 17C1907A50011AFBDB18DF98DD99DFA3FB8BF4A300F04451AFA02A22D1D631DA50DB20
                                                    Function 005066D0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 261libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00506180: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 005061E5
                                                      • Part of subcall function 00506180: LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,000000FF,0054A89D,000000FF), ref: 0050623F
                                                      • Part of subcall function 00506180: GetLastError.KERNEL32(?,?,?,000000FF,0054A89D,000000FF), ref: 0050629B
                                                    • GetProcAddress.KERNEL32(?,NtQueryInformationProcess), ref: 00506756
                                                    • ReadProcessMemory.KERNEL32(?,?,?,000001D8,00000000), ref: 005067C4
                                                    • ReadProcessMemory.KERNEL32(?,?,?,00000048,00000000), ref: 0050684B
                                                    • ReadProcessMemory.KERNEL32(?,?,?,?,00000000,?,00000000), ref: 0050692F
                                                    • LocalFree.KERNEL32(?), ref: 005069A7
                                                    • GetLastError.KERNEL32 ref: 00506A02
                                                    • FreeLibrary.KERNEL32(?), ref: 00506A57
                                                    Strings
                                                    • NtQueryInformationProcess, xrefs: 00506750
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: MemoryProcessRead$ErrorFreeLastLibrary$AddressDirectoryLoadLocalProcSystem
                                                    • String ID: NtQueryInformationProcess
                                                    • API String ID: 2095613275-2781105232
                                                    • Opcode ID: 53418244dc8eba67fb53f165104bb6a5fe43253d4932a1f997abf68229852563
                                                    • Instruction ID: 75c765b70a525059d5b0496bc8fc3e6dc8b4c75faa20728ee39d7f6fb2eb0ef0
                                                    • Opcode Fuzzy Hash: 53418244dc8eba67fb53f165104bb6a5fe43253d4932a1f997abf68229852563
                                                    • Instruction Fuzzy Hash: EDB15F70900759DBEB20CF64C9497AEBBF0FF58308F204A5DD449A7680D7B5AA88CB91
                                                    Function 0051E1DF Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3_GS.LIBCMT ref: 0051E1E6
                                                    • _Maklocstr.LIBCPMT ref: 0051E24F
                                                    • _Maklocstr.LIBCPMT ref: 0051E261
                                                    • _Maklocchr.LIBCPMT ref: 0051E279
                                                    • _Maklocchr.LIBCPMT ref: 0051E289
                                                    • _Getvals.LIBCPMT ref: 0051E2AB
                                                      • Part of subcall function 00517DAC: _Maklocchr.LIBCPMT ref: 00517DDB
                                                      • Part of subcall function 00517DAC: _Maklocchr.LIBCPMT ref: 00517DF1
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Maklocchr$Maklocstr$GetvalsH_prolog3_
                                                    • String ID: false$true
                                                    • API String ID: 3549167292-2658103896
                                                    • Opcode ID: 0de81fb8b975fa51e251ee22c7f0b5d375123ebb3fb7b03988cfcd66afaa287b
                                                    • Instruction ID: 43837645d11ccbf4a24df3505e6a6c762757a68e37fd8ad554b491bfdcccb146
                                                    • Opcode Fuzzy Hash: 0de81fb8b975fa51e251ee22c7f0b5d375123ebb3fb7b03988cfcd66afaa287b
                                                    • Instruction Fuzzy Hash: B6212171D04318AAEF14AFA4D88AADF7FB8FF49710F004056B9159F142DB749984CBA1
                                                    Function 005114D0 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 452registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegOpenKeyExW.ADVAPI32(?,-00000002,00000000,?,?), ref: 005118FB
                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00563810,00000800), ref: 0051191B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: OpenQueryValue
                                                    • String ID: /DontWait $/EnforcedRunAsAdmin $/HideWindow$/RunAsAdmin $pvU
                                                    • API String ID: 4153817207-3800131583
                                                    • Opcode ID: 8513bbe970c2df1ceeb96dd6b0bcd63a6b68d60ebe265f0cb7212abaa6df4495
                                                    • Instruction ID: 0f1b5790189a45014c38ef745f916f4761dea04630d0463a62343a14732b1f7d
                                                    • Opcode Fuzzy Hash: 8513bbe970c2df1ceeb96dd6b0bcd63a6b68d60ebe265f0cb7212abaa6df4495
                                                    • Instruction Fuzzy Hash: 6CE12729A04B12CAEB349F14C4502F6BBE2FF95740F5D84E9DA468B281E771CCC6C799
                                                    Function 0052CE41 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • type_info::operator==.LIBVCRUNTIME ref: 0052CF60
                                                    • ___TypeMatch.LIBVCRUNTIME ref: 0052D06E
                                                    • _UnwindNestedFrames.LIBCMT ref: 0052D1C0
                                                    • CallUnexpected.LIBVCRUNTIME ref: 0052D1DB
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                    • String ID: csm$csm$csm
                                                    • API String ID: 2751267872-393685449
                                                    • Opcode ID: da4745f97f014ddd602428195989cd5730db4340694dd05c612d8fee04002c0c
                                                    • Instruction ID: ef0e230b2c831cccd9b3aa4d4cba7ba49a7d6291f3600b8a45a070d3b0314a3c
                                                    • Opcode Fuzzy Hash: da4745f97f014ddd602428195989cd5730db4340694dd05c612d8fee04002c0c
                                                    • Instruction Fuzzy Hash: 1BB19D7180022ADFCF25DFA4E9859AEBFB5FF46310F14415AE8006B292D771DA61CFA1
                                                    Function 0052696C Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 277COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 00526973
                                                      • Part of subcall function 00525662: __EH_prolog3_GS.LIBCMT ref: 00525669
                                                      • Part of subcall function 00525662: __Getcoll.LIBCPMT ref: 005256CD
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • __Getcoll.LIBCPMT ref: 005269C2
                                                      • Part of subcall function 005254AF: __EH_prolog3.LIBCMT ref: 005254B6
                                                      • Part of subcall function 005254AF: std::_Lockit::_Lockit.LIBCPMT ref: 005254C0
                                                      • Part of subcall function 005254AF: std::_Lockit::~_Lockit.LIBCPMT ref: 00525531
                                                      • Part of subcall function 00514AE4: __EH_prolog3.LIBCMT ref: 00514AEB
                                                      • Part of subcall function 00514AE4: std::_Lockit::_Lockit.LIBCPMT ref: 00514AF5
                                                      • Part of subcall function 00514AE4: std::_Lockit::~_Lockit.LIBCPMT ref: 00514B9C
                                                    • numpunct.LIBCPMT ref: 00526BF2
                                                      • Part of subcall function 00508750: LocalAlloc.KERNEL32(00000040,00000000,00529F85,00000000,9052A7D0,?,00000000,?,00000000,?,0054DAF8,000000FF,?,005017B5,00000000,0054EDDA), ref: 00508756
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Lockitstd::_$H_prolog3Lockit::_Lockit::~_$Getcoll$AllocH_prolog3_Localnumpunct
                                                    • String ID: *V$*V$*V$*V
                                                    • API String ID: 2516209439-3539978667
                                                    • Opcode ID: f94cfeab5a2a80b36fb4fd7af588bbf7463f4844ec4333434aedd9d17bfbcc06
                                                    • Instruction ID: 50a27f01b5248c1b0a1bcd4ebda6262574f32743f3404820964c87fd70daae49
                                                    • Opcode Fuzzy Hash: f94cfeab5a2a80b36fb4fd7af588bbf7463f4844ec4333434aedd9d17bfbcc06
                                                    • Instruction Fuzzy Hash: 0A91D671900622AAD720AB749C19B7F7EE9FFC2320F14891AF855B72C1EF708D4487A1
                                                    Function 005108A0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 270memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LocalAlloc.KERNEL32(00000040,?), ref: 0051095F
                                                    • LocalAlloc.KERNEL32(00000040,?), ref: 005109A4
                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 00510A1B
                                                    • LocalFree.KERNEL32(?), ref: 00510A58
                                                    • LocalFree.KERNEL32(?,?,?,?,?,9052A7D0,9052A7D0,?,?), ref: 00510B86
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Local$AllocFree$___std_exception_copy
                                                    • String ID: ios_base::failbit set$iostream
                                                    • API String ID: 2276494016-302468714
                                                    • Opcode ID: 60f5f8dc8676e045458f0c0681baaccde5da590b78b911ab78b8aa2a2403ca4b
                                                    • Instruction ID: 0ac3e6830e86416f2df1844c347e577b9e3f6821682d4574753e1b4a030c31fb
                                                    • Opcode Fuzzy Hash: 60f5f8dc8676e045458f0c0681baaccde5da590b78b911ab78b8aa2a2403ca4b
                                                    • Instruction Fuzzy Hash: 6FA1ADB1D04209DFEB08DF68D985BAEBFB5FF45310F10826AE815AB391D7709984CB90
                                                    Function 0050BDE0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 195memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LocalAlloc.KERNEL32(00000040,00000044,9052A7D0,00000000,?), ref: 0050BE3B
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0050BE78
                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0050BEE5
                                                    • __Getctype.LIBCPMT ref: 0050BF2E
                                                    • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0050BFA2
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0050C05F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Locinfo::_Lockit$AllocGetctypeLocalLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                    • String ID: bad locale name
                                                    • API String ID: 3635123611-1405518554
                                                    • Opcode ID: e3a57a73f6c3a9c7f999d4cce7e60582a8babe04e37be9804a3191354b0ef1d2
                                                    • Instruction ID: 91a0a7365d0fe039f4fe94f38ef29b7fedde9bb25870124f84ea1a5f9a42a771
                                                    • Opcode Fuzzy Hash: e3a57a73f6c3a9c7f999d4cce7e60582a8babe04e37be9804a3191354b0ef1d2
                                                    • Instruction Fuzzy Hash: 718182B0D04389DFEB11CFA8C94979EBFF4BF15304F148299D444AB282E7759A44DB61
                                                    Function 0050C5D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 170memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LocalAlloc.KERNEL32(00000040,00000018,9052A7D0,00000000,?,?,?,?,?,?,?,?,00000000,0054B905,000000FF), ref: 0050C614
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0050C64E
                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0050C6B2
                                                    • __Getctype.LIBCPMT ref: 0050C6FB
                                                    • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0050C741
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0050C7F5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Locinfo::_Lockit$AllocGetctypeLocalLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                    • String ID: bad locale name
                                                    • API String ID: 3635123611-1405518554
                                                    • Opcode ID: 3b037fb11a7d27a7762e67823cbbb6a831df6b734dc8ea798c9600de7cfc8432
                                                    • Instruction ID: a9fc028c606b527664d5d8efcc5b570e6045988bf7cd8dcc040207f88b53c81d
                                                    • Opcode Fuzzy Hash: 3b037fb11a7d27a7762e67823cbbb6a831df6b734dc8ea798c9600de7cfc8432
                                                    • Instruction Fuzzy Hash: 2B617CB0D01288DAEB11CFA8D9497DEBFF8BF16304F148159E444AB2C1D7B99A48DB61
                                                    Function 00529134 Relevance: 12.2, APIs: 8, Instructions: 224COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • GetCPInfo.KERNEL32(?,?,?,?,?), ref: 005291BF
                                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 0052924D
                                                    • __alloca_probe_16.LIBCMT ref: 00529277
                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 005292BF
                                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 005292D9
                                                    • __alloca_probe_16.LIBCMT ref: 005292FF
                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0052933C
                                                    • CompareStringEx.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00529359
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ByteCharMultiWide$__alloca_probe_16$CompareInfoString
                                                    • String ID:
                                                    • API String ID: 3603178046-0
                                                    • Opcode ID: 8a0bc3076b9d35f36fd8c1e0e28705a3601cec2781916b24231ee41738d19685
                                                    • Instruction ID: b9c144c6761f20b3be2781601f3214f9982b3dcd54da73246b87e9fc71b4e38d
                                                    • Opcode Fuzzy Hash: 8a0bc3076b9d35f36fd8c1e0e28705a3601cec2781916b24231ee41738d19685
                                                    • Instruction Fuzzy Hash: 1471C33690026AABDF218FA5EC45AEE7FBAFF9B354F180515E405A73D0D7358800CB60
                                                    Function 00528C19 Relevance: 12.2, APIs: 8, Instructions: 175COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,CCCCCCCC,0050CA9F,?,00000001,00000000,00000000,?,?,0050CA9F,?), ref: 00528C62
                                                    • __alloca_probe_16.LIBCMT ref: 00528C8E
                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000,?,0050CA9F,?,?,00000000,0050D0F3,0000003F,?), ref: 00528CCD
                                                    • LCMapStringEx.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0050CA9F,?,?,00000000,0050D0F3,0000003F), ref: 00528CEA
                                                    • LCMapStringEx.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,?,0050CA9F,?,?,00000000,0050D0F3,0000003F), ref: 00528D29
                                                    • __alloca_probe_16.LIBCMT ref: 00528D46
                                                    • LCMapStringEx.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0050CA9F,?,?,00000000,0050D0F3,0000003F), ref: 00528D88
                                                    • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000,?,0050CA9F,?,?,00000000,0050D0F3,0000003F,?), ref: 00528DAB
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                    • String ID:
                                                    • API String ID: 2040435927-0
                                                    • Opcode ID: 8cc66a03ca37c1c5e23e7017b2109bcd7626a54c1a65de362b7b7a52baaec844
                                                    • Instruction ID: 95c775c08310ba6ed2dc2bc2ace0d652a2012768fde5fd22d8f331100810df07
                                                    • Opcode Fuzzy Hash: 8cc66a03ca37c1c5e23e7017b2109bcd7626a54c1a65de362b7b7a52baaec844
                                                    • Instruction Fuzzy Hash: 1C51DF7250222AABEB205FA4EC45FBB7FB9FF66750F184425F900AA1D0DB749C04DB60
                                                    Function 0050FBD0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 189memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LocalAlloc.KERNEL32(00000040,0000000C,9052A7D0,00000000,?,00000000,?,?,?,?,00000000,0054BFD1,000000FF,?,0050EC5A,00000000), ref: 0050FC14
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0050FC4A
                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0050FCAE
                                                    • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0050FD6E
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0050FE22
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Locinfo::_Lockit$AllocLocalLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                    • String ID: bad locale name
                                                    • API String ID: 2968629171-1405518554
                                                    • Opcode ID: 968534d277ad88358daf8895f3a9076965bc5da7bb3d7c10e143875a8153848b
                                                    • Instruction ID: 10627d20d588ce53347c51673053ad1c65f2f7a823d8d27a753a6e0e42fa0693
                                                    • Opcode Fuzzy Hash: 968534d277ad88358daf8895f3a9076965bc5da7bb3d7c10e143875a8153848b
                                                    • Instruction Fuzzy Hash: FF718DB1D00259DBEF11CFA8D8487DEBFB4BF15304F144169E410AB2C1D7B99A08DBA1
                                                    Function 0050F9A0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 166memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LocalAlloc.KERNEL32(00000040,00000008,9052A7D0,00000000,?,00000000,?,?,?,?,0054BEDD,000000FF,?,0050ED9A,?,?), ref: 0050F9E4
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0050FA1A
                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0050FA7E
                                                    • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0050FAEE
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0050FBA2
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Locinfo::_Lockit$AllocLocalLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                    • String ID: bad locale name
                                                    • API String ID: 2968629171-1405518554
                                                    • Opcode ID: 66d857d23cfb448c5f6e829d0bd23d9047989c6aaad8c5642422c2d2660e9634
                                                    • Instruction ID: cd4a989725252aa1dd0074de4aa2279ecd390d82c0a09d872f30045383920da0
                                                    • Opcode Fuzzy Hash: 66d857d23cfb448c5f6e829d0bd23d9047989c6aaad8c5642422c2d2660e9634
                                                    • Instruction Fuzzy Hash: 8A618DB0D01389EAEB11CFA8D9587DEBFF4BF55304F188169E444AB2C1D7799A04CB61
                                                    Function 0052AB00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _ValidateLocalCookies.LIBCMT ref: 0052AB37
                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 0052AB3F
                                                    • _ValidateLocalCookies.LIBCMT ref: 0052ABC8
                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 0052ABF3
                                                    • _ValidateLocalCookies.LIBCMT ref: 0052AC48
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                    • String ID: csm
                                                    • API String ID: 1170836740-1018135373
                                                    • Opcode ID: b092df2d6b2615a51321eb344ffcecbc97804c32a904c562c1a4c6d4ca14529a
                                                    • Instruction ID: 2d45e847dca4b1d03676b703590e62cb2ebc5f2b5f2b4c0089ee68ea6ea87b49
                                                    • Opcode Fuzzy Hash: b092df2d6b2615a51321eb344ffcecbc97804c32a904c562c1a4c6d4ca14529a
                                                    • Instruction Fuzzy Hash: B8411434A002299BCF10DF28D889A9E7FB2FF46324F148455E815AB3D2C735EA05CF92
                                                    Function 0053E1F6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • FreeLibrary.KERNEL32(00000000,?,0053E303,?,?,?,00000000,?,?,0053E52D,00000021,FlsSetValue,00553780,00553788,?), ref: 0053E2B7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: FreeLibrary
                                                    • String ID: api-ms-$ext-ms-
                                                    • API String ID: 3664257935-537541572
                                                    • Opcode ID: 385126bb2dc59fa4d2ab491ff7e4bb44d075b4e70d483825c0e26cef83ee60a5
                                                    • Instruction ID: 694e2493320b2ab68653e3de6df4d406c31ce11d567740127dda6e8a3ca063e0
                                                    • Opcode Fuzzy Hash: 385126bb2dc59fa4d2ab491ff7e4bb44d075b4e70d483825c0e26cef83ee60a5
                                                    • Instruction Fuzzy Hash: 3C21BB39A00211ABD7219769DC47A5B3F9CBF52774F250111FD15A72D0E770EE04D6D1
                                                    Function 00514263 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051426A
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00514274
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • numpunct.LIBCPMT ref: 005142AE
                                                    • std::_Facet_Register.LIBCPMT ref: 005142C5
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 005142E5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registernumpunct
                                                    • String ID: (V
                                                    • API String ID: 743221004-996462327
                                                    • Opcode ID: aa10ad8c876bbf2b79da8754469864c35c692991b52d68ded8c0f23c3d3865f2
                                                    • Instruction ID: bf6e2ce813fcfa02b66b2d9b38c4007a26432088035f4f79b6a0c30da7218998
                                                    • Opcode Fuzzy Hash: aa10ad8c876bbf2b79da8754469864c35c692991b52d68ded8c0f23c3d3865f2
                                                    • Instruction Fuzzy Hash: 3811E1399002268BEB08EB64C819AFD7FA1BFC2314F244509F5116B3C1CF749D80DB90
                                                    Function 005140A4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 005140AB
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 005140B5
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • codecvt.LIBCPMT ref: 005140EF
                                                    • std::_Facet_Register.LIBCPMT ref: 00514106
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00514126
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                    • String ID: (V
                                                    • API String ID: 712880209-996462327
                                                    • Opcode ID: 837198da0785a412ca8ff552f608e67c6095f19d9832dc6a31320470a72f9b4a
                                                    • Instruction ID: 17accbdbf479643fd95d7c3e9a46381a5a0748b6d6360f997cd306c102f14f29
                                                    • Opcode Fuzzy Hash: 837198da0785a412ca8ff552f608e67c6095f19d9832dc6a31320470a72f9b4a
                                                    • Instruction Fuzzy Hash: 3801A13590021A9BDB05AB64D809AED7FA1BFD5350F254508E4106B3D1CF749A85DB80
                                                    Function 005252F0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 005252F7
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00525301
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • moneypunct.LIBCPMT ref: 0052533B
                                                    • std::_Facet_Register.LIBCPMT ref: 00525352
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00525372
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                    • String ID: *V
                                                    • API String ID: 419941038-156413045
                                                    • Opcode ID: d39b1570b6897c700a8c1a2d4b0fce19cde2b27fec951d89d5d9804dc9439d11
                                                    • Instruction ID: 0c555f31cc7cc88abda7939036295b1f2701e5c11e88df55b6b57557a4cbd786
                                                    • Opcode Fuzzy Hash: d39b1570b6897c700a8c1a2d4b0fce19cde2b27fec951d89d5d9804dc9439d11
                                                    • Instruction Fuzzy Hash: DA01D2359005269BCB05EF64E80A6AE7FA1BFD6360F240908E401AB3E1DFB09E45DB91
                                                    Function 00525385 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0052538C
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00525396
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • moneypunct.LIBCPMT ref: 005253D0
                                                    • std::_Facet_Register.LIBCPMT ref: 005253E7
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00525407
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                    • String ID: *V
                                                    • API String ID: 419941038-156413045
                                                    • Opcode ID: cc87095be137fba5861e9df6177ddaaae1e663c179e91ac8d21b5700386c34c9
                                                    • Instruction ID: a190e16d1bbf38d982f74eca37c2b891a21350b27706b0e90d62863f08031924
                                                    • Opcode Fuzzy Hash: cc87095be137fba5861e9df6177ddaaae1e663c179e91ac8d21b5700386c34c9
                                                    • Instruction Fuzzy Hash: 1F01C0369005269BCB09FB64E80A7AEBFB5BFD6310F244509E4006B2D2DFB09E41D791
                                                    Function 0051ABEA Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051ABF1
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0051ABFB
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • moneypunct.LIBCPMT ref: 0051AC35
                                                    • std::_Facet_Register.LIBCPMT ref: 0051AC4C
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0051AC6C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                    • String ID: l*V
                                                    • API String ID: 419941038-1408226239
                                                    • Opcode ID: 647ae85d60e54cf96544deab3f69b7c98742b369046ead8c218a87b70a2a7b84
                                                    • Instruction ID: 3b88f3422e5aa5a2a616292401298c5fb993dbc281eadc9e1a4c672646ac6ca2
                                                    • Opcode Fuzzy Hash: 647ae85d60e54cf96544deab3f69b7c98742b369046ead8c218a87b70a2a7b84
                                                    • Instruction Fuzzy Hash: A501C0759001269BDB06EBA4D85A6ED7FB1BFC5314F240509F401AB3D1CFB09E45CB91
                                                    Function 0051AC7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051AC86
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0051AC90
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • moneypunct.LIBCPMT ref: 0051ACCA
                                                    • std::_Facet_Register.LIBCPMT ref: 0051ACE1
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0051AD01
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                    • String ID: H*V
                                                    • API String ID: 419941038-1823161731
                                                    • Opcode ID: b4952de5b829765b66c60522fe9a237aa634816940d7f941c4f9cf6d705aa9a6
                                                    • Instruction ID: 3ea35bf4e24d0d39ac8e64bbcdd0f95cb7fc2ad8231dd4be8c1f42c46490abd3
                                                    • Opcode Fuzzy Hash: b4952de5b829765b66c60522fe9a237aa634816940d7f941c4f9cf6d705aa9a6
                                                    • Instruction Fuzzy Hash: A101C4759001169BEB05EBA4D80A7ED7FA5BFC5714F240508F4106B3D1CFB49E418B81
                                                    Function 0051AD14 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051AD1B
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0051AD25
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • moneypunct.LIBCPMT ref: 0051AD5F
                                                    • std::_Facet_Register.LIBCPMT ref: 0051AD76
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0051AD96
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                    • String ID: D*V
                                                    • API String ID: 419941038-1706149095
                                                    • Opcode ID: d5ebc67a692d8e1a94f40f2da063a5888c38096318e4414a3380185686c12110
                                                    • Instruction ID: fb9e0bfb6acfda332b9ade48de2b4792dd2091b608fb8065e3eb62b88346ed79
                                                    • Opcode Fuzzy Hash: d5ebc67a692d8e1a94f40f2da063a5888c38096318e4414a3380185686c12110
                                                    • Instruction Fuzzy Hash: 0C01C03590052A9BDB06EBA4D80A6EE7FB5BFC5310F240608E4116B3D1CFB09E449B81
                                                    Function 0051AF68 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051AF6F
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0051AF79
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • numpunct.LIBCPMT ref: 0051AFB3
                                                    • std::_Facet_Register.LIBCPMT ref: 0051AFCA
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0051AFEA
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registernumpunct
                                                    • String ID: X*V
                                                    • API String ID: 743221004-1888329459
                                                    • Opcode ID: f2f8fe5afca1a1d5e8176845e145256fc9d6876f96a582fcef03927b753ae517
                                                    • Instruction ID: ccf674fcb05569bc05d5e31e6def15763532b003f6e9d42c8adad2e098f98808
                                                    • Opcode Fuzzy Hash: f2f8fe5afca1a1d5e8176845e145256fc9d6876f96a582fcef03927b753ae517
                                                    • Instruction Fuzzy Hash: 9E01C4769001169BDB15EBA4C819AFEBFA1BFC5310F250509F400AB2D1CFB49D86CB81
                                                    Function 00502D10 Relevance: 9.2, APIs: 6, Instructions: 220encryptionCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • #224.MSI(?,00000001,00000000,00000000,00000000), ref: 00502D90
                                                    • LocalFree.KERNEL32(?), ref: 00502DFA
                                                    • LocalFree.KERNEL32(?), ref: 00502E64
                                                    • CertFreeCertificateContext.CRYPT32(00000000), ref: 00502FA5
                                                      • Part of subcall function 00503E00: CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 00503E43
                                                    • LocalFree.KERNEL32(?), ref: 00502F5B
                                                    • CertFreeCertificateContext.CRYPT32(00000003,?), ref: 00502FEB
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Free$CertLocal$CertificateContext$#224NameString
                                                    • String ID:
                                                    • API String ID: 2751787804-0
                                                    • Opcode ID: 3fa939d8904c2e513e53f0584401a1b2f5867ce65bde46c1623ca33f4cf9c327
                                                    • Instruction ID: 798014f2b938ca7438076238ee8a62a609dd6a2d9cec14cc89999bd972c718d1
                                                    • Opcode Fuzzy Hash: 3fa939d8904c2e513e53f0584401a1b2f5867ce65bde46c1623ca33f4cf9c327
                                                    • Instruction Fuzzy Hash: 5291AE70D0024ACFDB18CFA8C55979EBFB5FF58304F144659E415AB391DBB4AA88CB90
                                                    Function 00506D70 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 183memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LocalAlloc.KERNEL32(00000040,40000022,9052A7D0,?,00000000,?,?,?,?,0054AAD0,000000FF,?,0050652E,00000000,?), ref: 00506E14
                                                    • LocalAlloc.KERNEL32(00000040,3FFFFFFF,9052A7D0,?,00000000,?,?,?,?,0054AAD0,000000FF,?,0050652E,00000000,?), ref: 00506E37
                                                    • LocalFree.KERNEL32(?,?,?,?,?,00000000,?,?,?,?,0054AAD0,000000FF,?,0050652E,00000000), ref: 00506ED7
                                                    • LocalFree.KERNEL32(?,9052A7D0,00000000,0054A0E0,000000FF,?,00000000,00000000,0054AAD0,000000FF,9052A7D0), ref: 00506F5D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Local$AllocFree
                                                    • String ID: .eP$.eP
                                                    • API String ID: 2012307162-212226312
                                                    • Opcode ID: 4184bee02ba070f9363f29b7e2c60c86115d5e3850e77418004640a4fa97059f
                                                    • Instruction ID: 48c09bd75a84df578727f1dffde0e30b860404ea20e22e09786b183f0f8c69e6
                                                    • Opcode Fuzzy Hash: 4184bee02ba070f9363f29b7e2c60c86115d5e3850e77418004640a4fa97059f
                                                    • Instruction Fuzzy Hash: 9251AFB5A0021A9FDB18DF68D985BAEBBB9FB48310F14462DE815E73C0D735AD10CB90
                                                    Function 0050B890 Relevance: 9.1, APIs: 6, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0050B8BD
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0050B8E0
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0050B908
                                                    • std::_Facet_Register.LIBCPMT ref: 0050B97D
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0050B9B1
                                                    • LocalFree.KERNEL32 ref: 0050BA50
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_FreeLocalRegister
                                                    • String ID:
                                                    • API String ID: 1378673503-0
                                                    • Opcode ID: ba5c7087dd018a002e151156ae5a08537de98e210c1ca915a18fc340cac13068
                                                    • Instruction ID: 0890dfd927f266c893cc0c10af55e1ee8a135c23ee155c6dfa8421302364d8e0
                                                    • Opcode Fuzzy Hash: ba5c7087dd018a002e151156ae5a08537de98e210c1ca915a18fc340cac13068
                                                    • Instruction Fuzzy Hash: 0851DEB180020AEFEB11DF58D885BAEBFB4FB50324F144A59E864A73D1D770AE44CB91
                                                    Function 005375B1 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 369COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: __freea$__alloca_probe_16
                                                    • String ID: a/p$am/pm
                                                    • API String ID: 3509577899-3206640213
                                                    • Opcode ID: 88833902f87197c33ace8f1f42f8cea44aa34af6017a51f63c8971ba990a86fc
                                                    • Instruction ID: eeee1a766d970985d386f2d52ce2a29a0d8185412ba7e98bd181f2f0a95bd566
                                                    • Opcode Fuzzy Hash: 88833902f87197c33ace8f1f42f8cea44aa34af6017a51f63c8971ba990a86fc
                                                    • Instruction Fuzzy Hash: DCC1CFB6D0821EDBDB348F68C899BBABFB0FF5D300F244249E545AB254D2319D41CBA1
                                                    Function 0052CB0A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLastError.KERNEL32(?,?,0052CB01,0052AA2C,0052A1A4), ref: 0052CB18
                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0052CB26
                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0052CB3F
                                                    • SetLastError.KERNEL32(00000000,0052CB01,0052AA2C,0052A1A4), ref: 0052CB91
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ErrorLastValue___vcrt_
                                                    • String ID:
                                                    • API String ID: 3852720340-0
                                                    • Opcode ID: cc77bdff3a46aab84b84de94f716d3c1aca886dc04af3bfec784a66e932aa04e
                                                    • Instruction ID: 850108f13e3b34ad5bf98bf8c1ad80c58bd052ee7be750e55cd26804217920ee
                                                    • Opcode Fuzzy Hash: cc77bdff3a46aab84b84de94f716d3c1aca886dc04af3bfec784a66e932aa04e
                                                    • Instruction Fuzzy Hash: 0901B13260CB725EEA242778BD8FA6E2F65FF633B47600329F414860E2EE924C446595
                                                    Function 0051E0DB Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Mpunct$GetvalsH_prolog3
                                                    • String ID: $+xv
                                                    • API String ID: 2204710431-1686923651
                                                    • Opcode ID: 5d43f63d3498a023585283a734b621710248f3a65176d1de0f8e2bd75ce155ae
                                                    • Instruction ID: cc701dc2bcb82347bf9119bda25b5f31889f882951de05df82700e64bc922dc7
                                                    • Opcode Fuzzy Hash: 5d43f63d3498a023585283a734b621710248f3a65176d1de0f8e2bd75ce155ae
                                                    • Instruction Fuzzy Hash: 2D217FB1904A926EEB25DF64D8857BBBEF8BB4D300F044A1AE459C7A41D734EA41CB90
                                                    Function 00511A30 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000004,00000080,00000000,9052A7D0), ref: 00511A6C
                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 00511A8C
                                                    • WriteFile.KERNEL32(00000000,?,?,?,00000000,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 00511ABD
                                                    • CloseHandle.KERNEL32(00000000,?,?,?,00000000,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 00511AD6
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: File$CloseCreateHandlePointerWrite
                                                    • String ID: PwU
                                                    • API String ID: 3604237281-3900882408
                                                    • Opcode ID: e04e7f3cf8c54359dc258f524b3c90465242fa6422912e77ca032548ac6d19fd
                                                    • Instruction ID: 1c5524252500de1f2d41aa911276467f852cd3c0d6986d882ef13cd2741dc317
                                                    • Opcode Fuzzy Hash: e04e7f3cf8c54359dc258f524b3c90465242fa6422912e77ca032548ac6d19fd
                                                    • Instruction Fuzzy Hash: 5221A274941608AFE720CF54DC0AF9ABFB8FB05B14F10425AF514A72C0D7B4564887D4
                                                    Function 00508670 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetCurrentProcess.KERNEL32(9052A7D0,9052A7D0,?,?,00000000,0054AF61,000000FF), ref: 0050870B
                                                      • Part of subcall function 005294B8: AcquireSRWLockExclusive.KERNEL32(00562B64,?,?,?,00502656,0056376C,9052A7D0,?,?,0054A13D,000000FF,?,00501A17), ref: 005294C3
                                                      • Part of subcall function 005294B8: ReleaseSRWLockExclusive.KERNEL32(00562B64,?,?,00502656,0056376C,9052A7D0,?,?,0054A13D,000000FF,?,00501A17,?,?,?,9052A7D0), ref: 005294FD
                                                    • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 005086D0
                                                    • GetProcAddress.KERNEL32(00000000), ref: 005086D7
                                                      • Part of subcall function 00529467: AcquireSRWLockExclusive.KERNEL32(00562B64,?,?,005026C7,0056376C,0054DC00), ref: 00529471
                                                      • Part of subcall function 00529467: ReleaseSRWLockExclusive.KERNEL32(00562B64,?,?,005026C7,0056376C,0054DC00), ref: 005294A4
                                                      • Part of subcall function 00529467: WakeAllConditionVariable.KERNEL32(00562B60,?,?,005026C7,0056376C,0054DC00), ref: 005294AF
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireRelease$AddressConditionCurrentHandleModuleProcProcessVariableWake
                                                    • String ID: IsWow64Process$kernel32
                                                    • API String ID: 411948497-3789238822
                                                    • Opcode ID: 6cdd50022243b07b4ae380f54fbb0f313131763dd8c2aa3d45eb5794b3a0f366
                                                    • Instruction ID: ef19386133749ba004ddd52d910a3a3b25dcfac360abbe42d279c6e64dd802bf
                                                    • Opcode Fuzzy Hash: 6cdd50022243b07b4ae380f54fbb0f313131763dd8c2aa3d45eb5794b3a0f366
                                                    • Instruction Fuzzy Hash: A621C3F5D04745DFCB10DF58DC0ABA97BA8FB15B10F10026AE811933D0DB75AA04DB51
                                                    Function 0051B092 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051B099
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0051B0A3
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • std::_Facet_Register.LIBCPMT ref: 0051B0F4
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0051B114
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                    • String ID: L*V
                                                    • API String ID: 2854358121-1805817183
                                                    • Opcode ID: 70c05d65f4f05eb361288de7346d29c5b4b401de09ebe54177fce03a71fa3920
                                                    • Instruction ID: 01f87885222c61779e3ce12fc6bce39091493680c70b59bef8791f6774034da6
                                                    • Opcode Fuzzy Hash: 70c05d65f4f05eb361288de7346d29c5b4b401de09ebe54177fce03a71fa3920
                                                    • Instruction Fuzzy Hash: 7E01C03590012AABEB05EBA4D85A6EEBFA1BFC5314F250508E4106B3D1CFB09E44C781
                                                    Function 0051B127 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051B12E
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0051B138
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • std::_Facet_Register.LIBCPMT ref: 0051B189
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0051B1A9
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                    • String ID: x*V
                                                    • API String ID: 2854358121-1220597779
                                                    • Opcode ID: f2fc4f48b2443c4a471ebc6549a3e4e9a8ac338a13904cf897940f70ed6b19a7
                                                    • Instruction ID: 6e41851a4b6ecbb70294d456bd39e3d5d012655d11d27ca66b577e5433e5cd12
                                                    • Opcode Fuzzy Hash: f2fc4f48b2443c4a471ebc6549a3e4e9a8ac338a13904cf897940f70ed6b19a7
                                                    • Instruction Fuzzy Hash: 6B01C476940116ABEB05EB64C85A6EEBFB1BFC5310F250509F400AB3D1CFB09D41DB90
                                                    Function 005141CE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 005141D5
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 005141DF
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • std::_Facet_Register.LIBCPMT ref: 00514230
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00514250
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                    • String ID: (V
                                                    • API String ID: 2854358121-996462327
                                                    • Opcode ID: b00ec7b958033424f28809f75d255289e55d4adee84873c1f77fc0fea786ba00
                                                    • Instruction ID: 0551c95ba89c53d7bb45dafe4e6ce2a2c9a36254be35c1f7215ebbcef0ba2db3
                                                    • Opcode Fuzzy Hash: b00ec7b958033424f28809f75d255289e55d4adee84873c1f77fc0fea786ba00
                                                    • Instruction Fuzzy Hash: E101C0399002269BDB05EBA4C80AAEE7FA5BFC5314F240508F4206B3D1CF709E81DB90
                                                    Function 0052525B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 00525262
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0052526C
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • std::_Facet_Register.LIBCPMT ref: 005252BD
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 005252DD
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                    • String ID: *V
                                                    • API String ID: 2854358121-156413045
                                                    • Opcode ID: f88867e2bcb8d8fc54274dcca1c66e59431358ea19778212644b656ea36b3077
                                                    • Instruction ID: 8f934a7a83e7d9d3ec8097fe5cc4cef9888806ed904e9016578986761edd16dc
                                                    • Opcode Fuzzy Hash: f88867e2bcb8d8fc54274dcca1c66e59431358ea19778212644b656ea36b3077
                                                    • Instruction Fuzzy Hash: 3801D239900526DBCB05EBA4D85AABE7FA1FFD6310F240908E4016B3D1DFB09E01DB91
                                                    Function 0052541A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 00525421
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0052542B
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • std::_Facet_Register.LIBCPMT ref: 0052547C
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0052549C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                    • String ID: *V
                                                    • API String ID: 2854358121-156413045
                                                    • Opcode ID: 49e4a32dab33bdcfab6ce7e72847e0789f337f85d3cac54a3fdbe883acc5ca5c
                                                    • Instruction ID: 995baf49085d64326566a56e7ebaff0276c03eae7370e54e555412aa6345f1e0
                                                    • Opcode Fuzzy Hash: 49e4a32dab33bdcfab6ce7e72847e0789f337f85d3cac54a3fdbe883acc5ca5c
                                                    • Instruction Fuzzy Hash: 4B010C7580052A9BCB01FBA4E84A6AEBFA5BFC6320F204509E4006B2D1DFB09E41CB91
                                                    Function 0051A618 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051A61F
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0051A629
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • std::_Facet_Register.LIBCPMT ref: 0051A67A
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0051A69A
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                    • String ID: \*V
                                                    • API String ID: 2854358121-2005153327
                                                    • Opcode ID: a9e38db60537837547137c3904c7ebbc906a969cc32a5c881fc100a63090225b
                                                    • Instruction ID: 29c0ed7807def2af849e68e2d23766d3383fc259378ce59c443059a81e01657e
                                                    • Opcode Fuzzy Hash: a9e38db60537837547137c3904c7ebbc906a969cc32a5c881fc100a63090225b
                                                    • Instruction Fuzzy Hash: 3201C03590012A9BDB06EBA4C81AAFE7FA5BFC5314F240508E411AB2C1CFB49E45CB81
                                                    Function 0051A6AD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051A6B4
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0051A6BE
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • std::_Facet_Register.LIBCPMT ref: 0051A70F
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0051A72F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                    • String ID: 4*V
                                                    • API String ID: 2854358121-826322103
                                                    • Opcode ID: 720ab63965d667778a2040787864373cfb3ed823a278581872c78553383fbe0f
                                                    • Instruction ID: 44a37282f7c9a837bd96a01e2500780f42f22e85de865b0dd369be00143e0c1d
                                                    • Opcode Fuzzy Hash: 720ab63965d667778a2040787864373cfb3ed823a278581872c78553383fbe0f
                                                    • Instruction Fuzzy Hash: DB01AD359011269BDB05ABA4C81A6FE7FB1BFD5310F240509E401AB2C1DFB49E45D781
                                                    Function 0051ADA9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051ADB0
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0051ADBA
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • std::_Facet_Register.LIBCPMT ref: 0051AE0B
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0051AE2B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                    • String ID: P*V
                                                    • API String ID: 2854358121-2124336971
                                                    • Opcode ID: 8e74b8cba66f3b3c7a7ed6dde7991d0edc3458109b896ba29421bd3c63156c4a
                                                    • Instruction ID: 9363db1fd58e8549ab27dee8534b43bf950b075d7a5aab8b07ac2131c2b53a53
                                                    • Opcode Fuzzy Hash: 8e74b8cba66f3b3c7a7ed6dde7991d0edc3458109b896ba29421bd3c63156c4a
                                                    • Instruction Fuzzy Hash: 9001C0369001269BDB06EBA4D80A6EE7FA5BFC5310F240609F4116B2C1DFB09E45CB81
                                                    Function 0051AE3E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051AE45
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0051AE4F
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • std::_Facet_Register.LIBCPMT ref: 0051AEA0
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0051AEC0
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                    • String ID: 0*V
                                                    • API String ID: 2854358121-910754923
                                                    • Opcode ID: 169dce13473c14e773f15f24ac7e434c30e0bbfd6a74dab7685f31a348671dff
                                                    • Instruction ID: afb0d279f9aed56df66337514a1a35db31938d6f0e4fa1f47b77425cbe8ca192
                                                    • Opcode Fuzzy Hash: 169dce13473c14e773f15f24ac7e434c30e0bbfd6a74dab7685f31a348671dff
                                                    • Instruction Fuzzy Hash: FF01D6359001169BDB05EB64C8496FD7FB5BFC5314F240A09E4116B3D1CFB09E45CB81
                                                    Function 0051AED3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051AEDA
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0051AEE4
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • std::_Facet_Register.LIBCPMT ref: 0051AF35
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0051AF55
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                    • String ID: T*V
                                                    • API String ID: 2854358121-2039965591
                                                    • Opcode ID: 26aedd0d377b1319f242afcb7bf6d74aedb6c075f524b2bf4d3a595b4264552c
                                                    • Instruction ID: c9b7d34623a71aeb8081125044faebd26b11590a7aa8e3be8ff0ee532f108ff1
                                                    • Opcode Fuzzy Hash: 26aedd0d377b1319f242afcb7bf6d74aedb6c075f524b2bf4d3a595b4264552c
                                                    • Instruction Fuzzy Hash: 3401C0799001269FDB15EBA4C85A6EEBFA1BFC5310F240508F4106B2C1CFB09E45DB81
                                                    Function 0051AFFD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051B004
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0051B00E
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • std::_Facet_Register.LIBCPMT ref: 0051B05F
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0051B07F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                    • String ID: t*V
                                                    • API String ID: 2854358121-1104814455
                                                    • Opcode ID: 630b5654c24133ffb100eaa8015b629136e440112d248bb2b9f26014183a069c
                                                    • Instruction ID: 009100e94244f326d65a1ec4dad4b468de683c8d0e03cbb020bf209beefc2a0e
                                                    • Opcode Fuzzy Hash: 630b5654c24133ffb100eaa8015b629136e440112d248bb2b9f26014183a069c
                                                    • Instruction Fuzzy Hash: EC01AD35900126DBEB15ABA4C80E6EEBFB1BFC9310F240508E510AB2C1CFB49E808B91
                                                    Function 00539C97 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,9052A7D0,?,?,00000000,0054C630,000000FF,?,00539C27,?,?,00539BFB,?), ref: 00539CCC
                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00539CDE
                                                    • FreeLibrary.KERNEL32(00000000,?,00000000,0054C630,000000FF,?,00539C27,?,?,00539BFB,?), ref: 00539D00
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                    • String ID: CorExitProcess$mscoree.dll
                                                    • API String ID: 4061214504-1276376045
                                                    • Opcode ID: 21574a8b680421736dfbf3bc9db37822f1ebdf871297a59e319014f56b33c426
                                                    • Instruction ID: cf90293faca4d944dd2843a9ccd4da9cb3a9eef3150570889f65ebdbbce8fdda
                                                    • Opcode Fuzzy Hash: 21574a8b680421736dfbf3bc9db37822f1ebdf871297a59e319014f56b33c426
                                                    • Instruction Fuzzy Hash: F901A275944659AFDB119F54CC0ABEEBFB8FB05B15F004625E812A22D0DBB49804CB90
                                                    Function 0051A7D7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051A7DE
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0051A7E8
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • messages.LIBCPMT ref: 0051A822
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0051A859
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3messages
                                                    • String ID: `*V
                                                    • API String ID: 50917705-1526016731
                                                    • Opcode ID: 4351c459f5e0930f7076b9493764838235aa353c49c71e7663a001564996927e
                                                    • Instruction ID: 0d82fc3d8d91f1b83833e8387e63b99a5e4cde11a35aa0002e0f84ff97003a0e
                                                    • Opcode Fuzzy Hash: 4351c459f5e0930f7076b9493764838235aa353c49c71e7663a001564996927e
                                                    • Instruction Fuzzy Hash: 20F0903190011B6BEB05F7A0D86A7FE6F61BFC0314F244A18F4106B2D2DF749A85C741
                                                    Function 0051A86C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051A873
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0051A87D
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • messages.LIBCPMT ref: 0051A8B7
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0051A8EE
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3messages
                                                    • String ID: 8*V
                                                    • API String ID: 50917705-945444307
                                                    • Opcode ID: c7dd240113362f2c370ae254abc0d9ae36c4e2e0ba3ef99e3efb89fd4000d6e5
                                                    • Instruction ID: 7574306b0a183f40733634b60f54c64f262e0a7b06754b5e84934c35b9a481f4
                                                    • Opcode Fuzzy Hash: c7dd240113362f2c370ae254abc0d9ae36c4e2e0ba3ef99e3efb89fd4000d6e5
                                                    • Instruction Fuzzy Hash: 56F09031800117ABEB05F7A0C85ABFE2F64BFC1314F600518F4106B2C1DF749E868751
                                                    Function 0051AB55 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051AB5C
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0051AB66
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • moneypunct.LIBCPMT ref: 0051ABA0
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0051ABD7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3moneypunct
                                                    • String ID: p*V
                                                    • API String ID: 3160146232-1188268459
                                                    • Opcode ID: d5a45bf58d41e999d2740fe7c386ab042b59b3641f127a53baf67f05582a04c8
                                                    • Instruction ID: b2719b771ecbc580cb948909db7adb1d48005c205100ba1d14a3ee74ad2eca88
                                                    • Opcode Fuzzy Hash: d5a45bf58d41e999d2740fe7c386ab042b59b3641f127a53baf67f05582a04c8
                                                    • Instruction Fuzzy Hash: C3F05875900127ABEB06EBA0C82ABEE6F66BFC0304F440418E4006B2D2CFB89A44D791
                                                    Function 00529467 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AcquireSRWLockExclusive.KERNEL32(00562B64,?,?,005026C7,0056376C,0054DC00), ref: 00529471
                                                    • ReleaseSRWLockExclusive.KERNEL32(00562B64,?,?,005026C7,0056376C,0054DC00), ref: 005294A4
                                                    • WakeAllConditionVariable.KERNEL32(00562B60,?,?,005026C7,0056376C,0054DC00), ref: 005294AF
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireConditionReleaseVariableWake
                                                    • String ID: d+V$l7V
                                                    • API String ID: 1466638765-1144989390
                                                    • Opcode ID: ee91185db4fc8a98af4cda0d8b9e3e61f195be5eab6fa4aabc4a7537fda41051
                                                    • Instruction ID: cbf8bede5d51ef4e930096b3de76669794aad7778215d9b952c1a8cffbd84f9d
                                                    • Opcode Fuzzy Hash: ee91185db4fc8a98af4cda0d8b9e3e61f195be5eab6fa4aabc4a7537fda41051
                                                    • Instruction Fuzzy Hash: 2DF06D78A44A50DFC718DF98E95EEA43BA8FB1A354B040429F945C3324CBB46844EBA8
                                                    Function 0053DC0C Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __alloca_probe_16.LIBCMT ref: 0053DC93
                                                    • __alloca_probe_16.LIBCMT ref: 0053DD54
                                                    • __freea.LIBCMT ref: 0053DDBB
                                                      • Part of subcall function 0053C99A: HeapAlloc.KERNEL32(00000000,?,?,?,0053C30A,?,00000000,?,0052DEB2,?,?,?,?,?,?,0050164E), ref: 0053C9CC
                                                    • __freea.LIBCMT ref: 0053DDD0
                                                    • __freea.LIBCMT ref: 0053DDE0
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: __freea$__alloca_probe_16$AllocHeap
                                                    • String ID:
                                                    • API String ID: 1096550386-0
                                                    • Opcode ID: a0ad090c9046a0fa6d4626e804199169218e4726398edfa39391cb4c275c7e07
                                                    • Instruction ID: 8bd16810b70d4b8db97d5601a9580e92c416ef404bca13323f719627d01d22e4
                                                    • Opcode Fuzzy Hash: a0ad090c9046a0fa6d4626e804199169218e4726398edfa39391cb4c275c7e07
                                                    • Instruction Fuzzy Hash: DB5181B260021AABEF215E64AC85EBB3FB9FF84350F150929FD05DB180EA75DC108670
                                                    Function 0050C950 Relevance: 7.6, APIs: 5, Instructions: 109COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0050C97D
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0050C9A0
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0050C9C8
                                                    • std::_Facet_Register.LIBCPMT ref: 0050CA3D
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0050CA71
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                    • String ID:
                                                    • API String ID: 459529453-0
                                                    • Opcode ID: b6d671c5a60f2955517b1ca6e1a5be6460af7208de0e4fda433bd7ccec5d5b55
                                                    • Instruction ID: 0ea241894e5a3c1c26d9128d72eec1ac7626a230c537180ce21ac4776c405478
                                                    • Opcode Fuzzy Hash: b6d671c5a60f2955517b1ca6e1a5be6460af7208de0e4fda433bd7ccec5d5b55
                                                    • Instruction Fuzzy Hash: 4641DD7190020ADFDB00DF58D848BAEBFB4FBA5324F184259E814A7391D770AE45DBA1
                                                    Function 0050F340 Relevance: 7.6, APIs: 5, Instructions: 102COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0050F36D
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0050F390
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0050F3B8
                                                    • std::_Facet_Register.LIBCPMT ref: 0050F42D
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0050F461
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                    • String ID:
                                                    • API String ID: 459529453-0
                                                    • Opcode ID: d8a488d3e62f542c1790424ae338a70357dbd0b9ac279f0050d2f137392df102
                                                    • Instruction ID: 27985fb0df3435893109e1d167a1d6c3f049c10772a8e727b10bd63e51db7b15
                                                    • Opcode Fuzzy Hash: d8a488d3e62f542c1790424ae338a70357dbd0b9ac279f0050d2f137392df102
                                                    • Instruction Fuzzy Hash: B1419D7180024ADFDB11DF58D845BAEBFB4FB50324F25866AE810A73D1D770AE45CB91
                                                    Function 0050EB80 Relevance: 7.6, APIs: 5, Instructions: 102COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0050EBAD
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0050EBD0
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0050EBF8
                                                    • std::_Facet_Register.LIBCPMT ref: 0050EC6D
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0050ECA1
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                    • String ID:
                                                    • API String ID: 459529453-0
                                                    • Opcode ID: 723510073d9f22668d81bb29fb7254a54810ae13ec75a5e982aba7ff79a3e140
                                                    • Instruction ID: 83d4510b4e576b7137eb7c48dee26c0ac3b84ef6d28aa7db2715ad3aa04f1bbf
                                                    • Opcode Fuzzy Hash: 723510073d9f22668d81bb29fb7254a54810ae13ec75a5e982aba7ff79a3e140
                                                    • Instruction Fuzzy Hash: 9741CEB1800246EFEB11DF58D845BAEBFB4FB90324F28455AE81067391D771AE44CB91
                                                    Function 0050ECC0 Relevance: 7.6, APIs: 5, Instructions: 102COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0050ECED
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0050ED10
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0050ED38
                                                    • std::_Facet_Register.LIBCPMT ref: 0050EDAD
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0050EDE1
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                    • String ID:
                                                    • API String ID: 459529453-0
                                                    • Opcode ID: 984b2048e9190526333e740cba2fa6beab8790c81e4bf52bb0e2430ee80a3ad9
                                                    • Instruction ID: 4e8c180355e6fc863f176f2f39bc1c3fde0339d332608f98137969e75b7a1ec5
                                                    • Opcode Fuzzy Hash: 984b2048e9190526333e740cba2fa6beab8790c81e4bf52bb0e2430ee80a3ad9
                                                    • Instruction Fuzzy Hash: 6A41BD72800246DFDB11DF58D845BAEBFB4FF51320F244A6AD81067391D770AE05DB91
                                                    Function 00507E80 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 83COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLastError.KERNEL32(00000010,00000010,?,00507B0B,?,?,?), ref: 00507E87
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast
                                                    • String ID: Call to ShellExecuteEx() returned:$Last error=$false$true
                                                    • API String ID: 1452528299-1782174991
                                                    • Opcode ID: fa56a9bb2ff1023edff7816dfceff33c4baa08f23df4e6a1ef4b74f835e93edb
                                                    • Instruction ID: 5ff6f8c12809ce3f8d89dd4bdb723b151f1cdb4d99f1b3ee555d4ce27b4b451b
                                                    • Opcode Fuzzy Hash: fa56a9bb2ff1023edff7816dfceff33c4baa08f23df4e6a1ef4b74f835e93edb
                                                    • Instruction Fuzzy Hash: 50215949A20266C6CB701F38C410379AAE0FF58756F6518AFECC8D7390FA698C82C395
                                                    Function 00517D1A Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Maklocstr$Maklocchr
                                                    • String ID:
                                                    • API String ID: 2020259771-0
                                                    • Opcode ID: 95454897d1a3b598ac3f07151e10d50380405c7a93c60fc1b64c7e13683e78f6
                                                    • Instruction ID: 23427c8abf8039e690c5114c7bbd3370ca4b3e3ad8b81fb15dd25f74ef055278
                                                    • Opcode Fuzzy Hash: 95454897d1a3b598ac3f07151e10d50380405c7a93c60fc1b64c7e13683e78f6
                                                    • Instruction Fuzzy Hash: 4411BCB1508749BBE320ABA89881FA3BBFCFF0C350F04055AF2458B641D364FC8587A4
                                                    Function 00525131 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 00525138
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00525142
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • messages.LIBCPMT ref: 0052517C
                                                    • std::_Facet_Register.LIBCPMT ref: 00525193
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 005251B3
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermessages
                                                    • String ID:
                                                    • API String ID: 2750803064-0
                                                    • Opcode ID: f01ad6f364fddae3b677489b117ab8ac577cc6265468f7c7710ba6f1691610de
                                                    • Instruction ID: 4ebe401b8e67db6300baa950ba15cb6e06ea9ab5778349aff6e66b4ac669ba36
                                                    • Opcode Fuzzy Hash: f01ad6f364fddae3b677489b117ab8ac577cc6265468f7c7710ba6f1691610de
                                                    • Instruction Fuzzy Hash: 8701C0359006269BCB05EBA4D84A7BE7FA1BFC6320F250508E4106B3D1DFB49E41D781
                                                    Function 0051A4EE Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051A4F5
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0051A4FF
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • codecvt.LIBCPMT ref: 0051A539
                                                    • std::_Facet_Register.LIBCPMT ref: 0051A550
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0051A570
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                    • String ID:
                                                    • API String ID: 712880209-0
                                                    • Opcode ID: eecc36ae9595ef5e0016c9c5b87d20958d5ecaee925d18c5ca8ff1d02efb9e86
                                                    • Instruction ID: d37489724fb691e90a4e5897ba74ec37bdf6d98941a1c06332b24bcd25636e94
                                                    • Opcode Fuzzy Hash: eecc36ae9595ef5e0016c9c5b87d20958d5ecaee925d18c5ca8ff1d02efb9e86
                                                    • Instruction Fuzzy Hash: F201043690011A9BDB01EB64D8096ED7FA1BFC4310F210508E4016B2D1CFB09E85CB81
                                                    Function 0051A583 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051A58A
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0051A594
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • codecvt.LIBCPMT ref: 0051A5CE
                                                    • std::_Facet_Register.LIBCPMT ref: 0051A5E5
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0051A605
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                    • String ID:
                                                    • API String ID: 712880209-0
                                                    • Opcode ID: 9670d246365fae791731cc47b739d27dae4b9baea7ba3968cb5947d0037f1e29
                                                    • Instruction ID: c2c18f737bf51a3a3d5bbea3cdd6e1a63eac664f717bc26e0d7bcab1016257a7
                                                    • Opcode Fuzzy Hash: 9670d246365fae791731cc47b739d27dae4b9baea7ba3968cb5947d0037f1e29
                                                    • Instruction Fuzzy Hash: D001D276D0012A9BEB05EB64C81AAEDBFA6BFC5314F254509F4116B3C1CFB09E80DB81
                                                    Function 00514C79 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 186COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 00514C80
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                      • Part of subcall function 00508750: LocalAlloc.KERNEL32(00000040,00000000,00529F85,00000000,9052A7D0,?,00000000,?,00000000,?,0054DAF8,000000FF,?,005017B5,00000000,0054EDDA), ref: 00508756
                                                      • Part of subcall function 0050C460: __Getctype.LIBCPMT ref: 0050C4C2
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Lockitstd::_$AllocGetctypeH_prolog3LocalLockit::_Lockit::~_
                                                    • String ID: (V$(V$(V
                                                    • API String ID: 3791111190-2931206075
                                                    • Opcode ID: 106a9a3d2caa5758d3fa2b74020e40e6f3b41cdd92a3d6829140ff97ee628b7d
                                                    • Instruction ID: 34b47d62c07cad00145dea0a2bcc07a85ba5fcba01839708c44b610d3bf5e111
                                                    • Opcode Fuzzy Hash: 106a9a3d2caa5758d3fa2b74020e40e6f3b41cdd92a3d6829140ff97ee628b7d
                                                    • Instruction Fuzzy Hash: 5451D5B5900217ABFB116B649C4AAFF7EADFF85314F105529F9146B281DF308D809BE1
                                                    Function 00506180 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 105libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 005061E5
                                                    • GetLastError.KERNEL32(?,?,?,000000FF,0054A89D,000000FF), ref: 0050629B
                                                      • Part of subcall function 00501FE0: FindResourceW.KERNEL32(00000000,?,00000006,?,00000000,0054A0BD,000000FF,?,80070057,?,00000000,?,00000010,?,00501B19,?), ref: 0050206C
                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,000000FF,0054A89D,000000FF), ref: 0050623F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: DirectoryErrorFindLastLibraryLoadResourceSystem
                                                    • String ID: ntdll.dll
                                                    • API String ID: 4113295189-2227199552
                                                    • Opcode ID: d52d23118ac56bfd52d56b7b64224afc8a04c66d03c4b0dffd9e4eb9b132730d
                                                    • Instruction ID: 018a67b3a4a3dcf497bd667ea17fd31e71f292be4a51108aa164e782fe1a4d13
                                                    • Opcode Fuzzy Hash: d52d23118ac56bfd52d56b7b64224afc8a04c66d03c4b0dffd9e4eb9b132730d
                                                    • Instruction Fuzzy Hash: A9418075A00209DFDB10DF68CD89BAEBBB4FF55310F14856AE815EB2C1DBB4A904CB51
                                                    Function 0051E010 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051E017
                                                      • Part of subcall function 00517D1A: _Maklocstr.LIBCPMT ref: 00517D3A
                                                      • Part of subcall function 00517D1A: _Maklocstr.LIBCPMT ref: 00517D57
                                                      • Part of subcall function 00517D1A: _Maklocstr.LIBCPMT ref: 00517D74
                                                      • Part of subcall function 00517D1A: _Maklocchr.LIBCPMT ref: 00517D86
                                                      • Part of subcall function 00517D1A: _Maklocchr.LIBCPMT ref: 00517D99
                                                    • _Mpunct.LIBCPMT ref: 0051E0A4
                                                    • _Mpunct.LIBCPMT ref: 0051E0BE
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Maklocstr$MaklocchrMpunct$H_prolog3
                                                    • String ID: $+xv
                                                    • API String ID: 2939335142-1686923651
                                                    • Opcode ID: 3ae411aec2d506fede5dbe1714235dd6abff43a12b5a4ac12c585d185006d89d
                                                    • Instruction ID: e35f81920fdd0daa2a3ec42f492895f40b0d30b6a16eb040ef2bd10e4002eeb3
                                                    • Opcode Fuzzy Hash: 3ae411aec2d506fede5dbe1714235dd6abff43a12b5a4ac12c585d185006d89d
                                                    • Instruction Fuzzy Hash: C621A1B1804A56AEE725DF7484897BBBEF8BB4C300F04091AE499C7A42D774E641CB90
                                                    Function 00526840 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Mpunct$H_prolog3
                                                    • String ID: $+xv
                                                    • API String ID: 4281374311-1686923651
                                                    • Opcode ID: e45024d7ecb9547b91d3e7838d74bb98ad1dc4be052b4f49f6b923fe3cf5daa5
                                                    • Instruction ID: 03e7036b4ba4c732f2ca5e131887c5253ffde1cc397f879e1faa0a3ec165123e
                                                    • Opcode Fuzzy Hash: e45024d7ecb9547b91d3e7838d74bb98ad1dc4be052b4f49f6b923fe3cf5daa5
                                                    • Instruction Fuzzy Hash: E42181B1904B626EEB25DF74949477BBEF8BF4D300F04491AE499C7A82D734EA41CB90
                                                    Function 0051A901 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051A908
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0051A912
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0051A983
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                    • String ID: d*V
                                                    • API String ID: 1383202999-1576829447
                                                    • Opcode ID: e394c38dc3aac8cd1870682143fc834def9abf8b38920b95efef41f934b829ad
                                                    • Instruction ID: caa78d044f3a8dcfa3529655bcea5906f508668e8670856f45ad5410eb0f723e
                                                    • Opcode Fuzzy Hash: e394c38dc3aac8cd1870682143fc834def9abf8b38920b95efef41f934b829ad
                                                    • Instruction Fuzzy Hash: 72F0903180061B6BEB16F7A4C85ABEE6F64BFC1324F210508F5106B2C1EF749E858751
                                                    Function 0051A996 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051A99D
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0051A9A7
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0051AA18
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                    • String ID: <*V
                                                    • API String ID: 1383202999-1062468879
                                                    • Opcode ID: fe66331edee12b1e9f06df0256afa495f8d968976c144f151a4ea63e97662f4a
                                                    • Instruction ID: 35830fdafa1952f97a5a60635e18bf23f9705a398f9316faf95c4413399e1ac4
                                                    • Opcode Fuzzy Hash: fe66331edee12b1e9f06df0256afa495f8d968976c144f151a4ea63e97662f4a
                                                    • Instruction Fuzzy Hash: CEF06D3190011B6BEB05F7A4C85ABEE2F61BFC1324F600508F4106B6C1EF789E84C781
                                                    Function 0051AA2B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051AA32
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0051AA3C
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0051AAAD
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                    • String ID: h*V
                                                    • API String ID: 1383202999-1424391011
                                                    • Opcode ID: 529579896fb85ee99290b50219bc041685446c300ba8ea4ad824f61d61fd2dc7
                                                    • Instruction ID: 8b61731d167064eb9d8a7463683fb250149cf9af306b3c0bf667ad2647c0ef23
                                                    • Opcode Fuzzy Hash: 529579896fb85ee99290b50219bc041685446c300ba8ea4ad824f61d61fd2dc7
                                                    • Instruction Fuzzy Hash: 07F06D328001179BEB05E7A0C95ABEE7F65BFC1314F600508F4106B2D1DF749E45C781
                                                    Function 0051AAC0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051AAC7
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0051AAD1
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0051AB42
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                    • String ID: @*V
                                                    • API String ID: 1383202999-1656253499
                                                    • Opcode ID: 009a34c28dfc030fb0ee05a4c9382073acef96e80594f8c66c3cbb069057eea9
                                                    • Instruction ID: 91ac108e02b5ce592c1fe241412e49c64a2133832a7297a0b7b53de9f45903a7
                                                    • Opcode Fuzzy Hash: 009a34c28dfc030fb0ee05a4c9382073acef96e80594f8c66c3cbb069057eea9
                                                    • Instruction Fuzzy Hash: 79F06D319001179BEB06FBA0C81ABEE6F61BFC0324F200A08F4106B2D2EF749E448781
                                                    Function 0052DC42 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0052DBF3,00000000,?,00562EF4,?,?,?,0052DD96,00000004,InitializeCriticalSectionEx,005512BC,InitializeCriticalSectionEx), ref: 0052DC4F
                                                    • GetLastError.KERNEL32(?,0052DBF3,00000000,?,00562EF4,?,?,?,0052DD96,00000004,InitializeCriticalSectionEx,005512BC,InitializeCriticalSectionEx,00000000,?,0052DB4D), ref: 0052DC59
                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0052DC81
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: LibraryLoad$ErrorLast
                                                    • String ID: api-ms-
                                                    • API String ID: 3177248105-2084034818
                                                    • Opcode ID: e44fc31839dca7f93fda35a5db8ff3c00bb710a572febd3fdfdcc7e3d7853cb0
                                                    • Instruction ID: db46446d812ca78d331ebcdaea253e5255820f5c185a2886b1001331a511dd51
                                                    • Opcode Fuzzy Hash: e44fc31839dca7f93fda35a5db8ff3c00bb710a572febd3fdfdcc7e3d7853cb0
                                                    • Instruction Fuzzy Hash: 34E09234684205B6EB211B61EC0AF593F65BF12B95F544021F90CE40E1DBA29D54E5A9
                                                    Function 0052943C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 15COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AcquireSRWLockExclusive.KERNEL32(00562B64), ref: 00529446
                                                    • ReleaseSRWLockExclusive.KERNEL32(00562B64), ref: 00529453
                                                    • WakeAllConditionVariable.KERNEL32(00562B60), ref: 0052945E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireConditionReleaseVariableWake
                                                    • String ID: d+V
                                                    • API String ID: 1466638765-1156035398
                                                    • Opcode ID: b609162e5f1a00814152a5c28a9f27907722f01fe45b98dec90b38fa8905d1ea
                                                    • Instruction ID: 25bc617c433bbc887d1b9a78211bda28bd9cd91c1101be5d2678034c3ac8bc24
                                                    • Opcode Fuzzy Hash: b609162e5f1a00814152a5c28a9f27907722f01fe45b98dec90b38fa8905d1ea
                                                    • Instruction Fuzzy Hash: 65D0C93A981628ABC301AF95EC0AAD93BACFF1B36AF015051F54983160C7705844DBE6
                                                    Function 0050EE00 Relevance: 6.5, APIs: 4, Instructions: 460COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _strcspn.LIBCMT ref: 0050EEA1
                                                    • _strcspn.LIBCMT ref: 0050EEC5
                                                      • Part of subcall function 0050B4A0: LocalAlloc.KERNEL32(00000040,9052A7F4,9052A7D0,00000000,?,?,9052A7D0,00000001,?,?,?,?,9052A7D0,00000000,?), ref: 0050B527
                                                      • Part of subcall function 0050B4A0: LocalFree.KERNEL32(9052A7D0,?,?,?,00000000,?,?,9052A7D0,00000001,?,?,?,?,9052A7D0,00000000,?), ref: 0050B5F8
                                                    • LocalFree.KERNEL32(?), ref: 0050F2A5
                                                    • LocalFree.KERNEL32(?), ref: 0050F2F1
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Local$Free$_strcspn$Alloc
                                                    • String ID:
                                                    • API String ID: 3422560186-0
                                                    • Opcode ID: 61980d5d39d627334f343a5ef70be4f4e29bebdbf2965ab1dc472fb9eb3b3a25
                                                    • Instruction ID: 76993518603a77bcbed076345c5aae4954353eec324029b59a5f23ab53b61140
                                                    • Opcode Fuzzy Hash: 61980d5d39d627334f343a5ef70be4f4e29bebdbf2965ab1dc472fb9eb3b3a25
                                                    • Instruction Fuzzy Hash: 54025875E00249DFCF14CFA4C885AEEBFB9FF89314F24456AE815AB291D730A945CB90
                                                    Function 005170A9 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: _strcspn$H_prolog3_ctype
                                                    • String ID:
                                                    • API String ID: 838279627-0
                                                    • Opcode ID: e0f78ec57dbf0277f1f34ae09dca2987c60346da0cc3b8d268afaa3cb66f1ec2
                                                    • Instruction ID: 860847324e956c8f263190d5a635a23082098c41a0901950625b4f11c0c939de
                                                    • Opcode Fuzzy Hash: e0f78ec57dbf0277f1f34ae09dca2987c60346da0cc3b8d268afaa3cb66f1ec2
                                                    • Instruction Fuzzy Hash: 45D12775D0421D9FEB14DFA8C885AEEBBB9FF48310F144519E815AB251D730AE86CBA0
                                                    Function 00512B2C Relevance: 6.3, APIs: 4, Instructions: 343COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: _strcspn$H_prolog3_ctype
                                                    • String ID:
                                                    • API String ID: 838279627-0
                                                    • Opcode ID: 58b772032b7310a54d544943a563d29bcc42be625c45af5e3202bf3df82a7e21
                                                    • Instruction ID: 4a9cd0f731c0b9641abb1ab6a169249be16db6c73eef23f2b4cead75c8e7a8e0
                                                    • Opcode Fuzzy Hash: 58b772032b7310a54d544943a563d29bcc42be625c45af5e3202bf3df82a7e21
                                                    • Instruction Fuzzy Hash: 80D15B71D00249AFEF14DFA4C885AEEBFB9FF48314F144519E815AB251D730AE96CBA0
                                                    Function 0054750B Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32(9052A7D0,?,00000000,?), ref: 0054756E
                                                      • Part of subcall function 0054044F: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,0053DDB1,?,00000000,-00000008), ref: 005404FB
                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 005477C9
                                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00547811
                                                    • GetLastError.KERNEL32 ref: 005478B4
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                    • String ID:
                                                    • API String ID: 2112829910-0
                                                    • Opcode ID: c31221fbd87f2db59baea8311dbafc3208e368f0504cd971628fc95c791f3189
                                                    • Instruction ID: ab246670ac6e6b8ccaf697477d4987b9374cb6ce333451845aeb04d0adf1f6fa
                                                    • Opcode Fuzzy Hash: c31221fbd87f2db59baea8311dbafc3208e368f0504cd971628fc95c791f3189
                                                    • Instruction Fuzzy Hash: E6D177B5E042489FCB15CFA8D8849EDBFB5FF49308F18456AE825EB351D730A906CB60
                                                    Function 0052CBEA Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: AdjustPointer
                                                    • String ID:
                                                    • API String ID: 1740715915-0
                                                    • Opcode ID: 1d5695a971344fa57346c41c8b25dac59fc55f99ab6ceadcba6b4b7ed992f83e
                                                    • Instruction ID: b568886ff275ef8af18a4a46222c64704771db57bcc189acf984ce4040ca7cd2
                                                    • Opcode Fuzzy Hash: 1d5695a971344fa57346c41c8b25dac59fc55f99ab6ceadcba6b4b7ed992f83e
                                                    • Instruction Fuzzy Hash: 0A51E2726006669FDB299F54F845B6E7FA4FF82310F14442EE8166B2D2D771AC80C791
                                                    Function 005049B0 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 153memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LocalAlloc.KERNEL32(00000040,80000022,?,?,oCP,?,00000000,?), ref: 00504A3B
                                                    • LocalAlloc.KERNEL32(00000040,7FFFFFFF,?,?,oCP,?,00000000,?), ref: 00504A5B
                                                    • LocalFree.KERNEL32(00000000,?,oCP,?,00000000,?), ref: 00504AE0
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Local$Alloc$Free
                                                    • String ID: oCP
                                                    • API String ID: 209276640-217389117
                                                    • Opcode ID: d2f393eb8d55aa9cecc4c1c68330ef50870ea707229821bcf169643340022675
                                                    • Instruction ID: 0be21f0f91d0ec22d1bacdd2628d38da77e2ef41ace071f1d03d7ebdf2ef1cce
                                                    • Opcode Fuzzy Hash: d2f393eb8d55aa9cecc4c1c68330ef50870ea707229821bcf169643340022675
                                                    • Instruction Fuzzy Hash: CF41C4B27002569BDB14DF6CD881A6EBBD6FB88350B140A39FA56C73C1DB30DD148BA5
                                                    Function 00504890 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 98memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,0050436F,00000000,?), ref: 00504913
                                                    • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,0050436F,00000000,?), ref: 00504933
                                                    • LocalFree.KERNEL32(?,00000000,?), ref: 0050498D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Local$Alloc$Free
                                                    • String ID: oCP
                                                    • API String ID: 209276640-217389117
                                                    • Opcode ID: af2f0b6d2a745acdd01dc82e7400850fff8a77176f674f14dfdb5e1d054acdab
                                                    • Instruction ID: 1e3c6ecbf26795afb9ddb1a880bad680d5b48f4f9ef0abce8330d2b06aad69c7
                                                    • Opcode Fuzzy Hash: af2f0b6d2a745acdd01dc82e7400850fff8a77176f674f14dfdb5e1d054acdab
                                                    • Instruction Fuzzy Hash: 6E31E4B2A002119BD3189F389845A6FBBD9FB86360B250F39E622D72D4EA30DC008A51
                                                    Function 0053934E Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 32d9dde2756130b736d9dba3fc452094bc21446b429dbcb0fb16cd7d5d90c58d
                                                    • Instruction ID: 975b9bf9c4aa58df27c0dfb243960418476af875d6b3d6003855e92b3ad1a866
                                                    • Opcode Fuzzy Hash: 32d9dde2756130b736d9dba3fc452094bc21446b429dbcb0fb16cd7d5d90c58d
                                                    • Instruction Fuzzy Hash: CB219FB1604216AFDF20AF619C4596BBFACFF81364B108D14F92587281D7B0EC1287A0
                                                    Function 005092F0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLastError.KERNEL32(00000000,00000000,00000000,00508DCC,00000000,?,?,?,?,?,?,?,00000000,0054AFC5,000000FF), ref: 005092F7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast
                                                    • String ID: > returned:$Call to ShellExecute() for verb<$Last error=
                                                    • API String ID: 1452528299-1781106413
                                                    • Opcode ID: df722aeafa26a7d639b0d39622e162764c3fdba9344d84488c56e68c938dcef5
                                                    • Instruction ID: be39afc5d0befbf1745cf34e3e4b4f034bcb2fd93fae503cafffb1cfbe72fce9
                                                    • Opcode Fuzzy Hash: df722aeafa26a7d639b0d39622e162764c3fdba9344d84488c56e68c938dcef5
                                                    • Instruction Fuzzy Hash: 5321BE59A2026287CB341F6884112BDAAE0FF94705F64182FDCC9C73C1F67A8C81C795
                                                    Function 00514AE4 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 00514AEB
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00514AF5
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00514B9C
                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00514BA7
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Lockitstd::_$Concurrency::cancel_current_taskH_prolog3Lockit::_Lockit::~_
                                                    • String ID:
                                                    • API String ID: 4244582100-0
                                                    • Opcode ID: 2577c1a6a496580131fa7fd5010ceddcf5ae505b752029035d740c0e7129115f
                                                    • Instruction ID: 5f5bb017120127e045a53ada943a0f37efe7da194e722f51cd993ff03196a79c
                                                    • Opcode Fuzzy Hash: 2577c1a6a496580131fa7fd5010ceddcf5ae505b752029035d740c0e7129115f
                                                    • Instruction Fuzzy Hash: 94214C74A04616AFDB04EF14D895AADBBA5FF85310F008559E9169B391CF70ED50CF80
                                                    Function 0052509C Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 005250A3
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 005250AD
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • std::_Facet_Register.LIBCPMT ref: 005250FE
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0052511E
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                    • String ID:
                                                    • API String ID: 2854358121-0
                                                    • Opcode ID: 4ea1d45e47db92ddf9962f7529c967117bad2c5b82dcb5c743aef62a1682a33a
                                                    • Instruction ID: 7f1c424e3f31a5ba83bfc4b135f432195ea8c447876d7e94ac96f63f0d3f9ab8
                                                    • Opcode Fuzzy Hash: 4ea1d45e47db92ddf9962f7529c967117bad2c5b82dcb5c743aef62a1682a33a
                                                    • Instruction Fuzzy Hash: 4F01D2359005269BCB09EBA8E81ABBE7FA1BFC6310F244508E5106B3C1DFB49E05D780
                                                    Function 00514139 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 00514140
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0051414A
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • std::_Facet_Register.LIBCPMT ref: 0051419B
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 005141BB
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                    • String ID:
                                                    • API String ID: 2854358121-0
                                                    • Opcode ID: d5496f0d953bebebfef5f3339388eb0fcb9ff090e6cf2680610294a910c81135
                                                    • Instruction ID: 8ca96d2f6ada1c39d5422621639c3f52f302aad43ef3810f276ede4e52c7c74f
                                                    • Opcode Fuzzy Hash: d5496f0d953bebebfef5f3339388eb0fcb9ff090e6cf2680610294a910c81135
                                                    • Instruction Fuzzy Hash: 6C01C03590022AABDB05EB64DC4A6EEBFB5BFD5320F250509E8106B2D1CF749E85DB80
                                                    Function 005251C6 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 005251CD
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 005251D7
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • std::_Facet_Register.LIBCPMT ref: 00525228
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00525248
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                    • String ID:
                                                    • API String ID: 2854358121-0
                                                    • Opcode ID: 4fd92882512455d147e6b5c1ab70a6d392c150da191762446a24d9b8c4e613fd
                                                    • Instruction ID: 25985d5738bb3870ea2ad79c7a7bf7f4ffa1f5d112b25bdea83cd6fe645e05ba
                                                    • Opcode Fuzzy Hash: 4fd92882512455d147e6b5c1ab70a6d392c150da191762446a24d9b8c4e613fd
                                                    • Instruction Fuzzy Hash: 5201C435900526DBCB05EBA4D8197AD7FA6BFC5310F244509E4116B3D1DFB49D05DB80
                                                    Function 005254AF Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 005254B6
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 005254C0
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • std::_Facet_Register.LIBCPMT ref: 00525511
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00525531
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                    • String ID:
                                                    • API String ID: 2854358121-0
                                                    • Opcode ID: ec961463778466379632cb2742f7512f147e10705ac06f98a775f2c4328014c4
                                                    • Instruction ID: fc6df3be92802c6e002c1fff44c949fb22439f246d880eadb93ff04f5a9a3f7e
                                                    • Opcode Fuzzy Hash: ec961463778466379632cb2742f7512f147e10705ac06f98a775f2c4328014c4
                                                    • Instruction Fuzzy Hash: A901C4359005269BCB05EB64E819ABD7FA1BFC6320F240908E4116B3D1DFB49E01D791
                                                    Function 00516604 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051660B
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00516616
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00516684
                                                      • Part of subcall function 00516767: std::locale::_Locimp::_Locimp.LIBCPMT ref: 0051677F
                                                    • std::locale::_Setgloballocale.LIBCPMT ref: 00516631
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_Setgloballocale
                                                    • String ID:
                                                    • API String ID: 677527491-0
                                                    • Opcode ID: 20423b3ed5444f166c7cb97ddb35af51b5b10fd17158eb071d57879ed033a08c
                                                    • Instruction ID: 8def2b4b30c85dc443798caa5ca5a0580a2a449a486341491546965f81c91ed9
                                                    • Opcode Fuzzy Hash: 20423b3ed5444f166c7cb97ddb35af51b5b10fd17158eb071d57879ed033a08c
                                                    • Instruction Fuzzy Hash: 2501B175A012129BE705AB24D84A9BC7FA5FFD6344F044048E801173C1CF746E86DBC1
                                                    Function 0051A742 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 0051A749
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0051A753
                                                      • Part of subcall function 0050C090: std::_Lockit::_Lockit.LIBCPMT ref: 0050C0C0
                                                      • Part of subcall function 0050C090: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C0E8
                                                    • ctype.LIBCPMT ref: 0051A78D
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0051A7C4
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3ctype
                                                    • String ID:
                                                    • API String ID: 3358926169-0
                                                    • Opcode ID: b49450b6da73101ffb2d64db86a011834bbbae49435d9fd53e13df358d287299
                                                    • Instruction ID: 5198338c76e7c13d6fd6661a3b60b2fa5a899a0c90ebf2292a7b760552366125
                                                    • Opcode Fuzzy Hash: b49450b6da73101ffb2d64db86a011834bbbae49435d9fd53e13df358d287299
                                                    • Instruction Fuzzy Hash: 43F0903190021B6BEB05FB60D85A7FE2F60FFC0314F600608F5106B2C1DF749A858781
                                                    Function 00549647 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,005487C3,?,00000001,?,?,?,00547908,?,?,00000000), ref: 0054965E
                                                    • GetLastError.KERNEL32(?,005487C3,?,00000001,?,?,?,00547908,?,?,00000000,?,?,?,00547E8F,?), ref: 0054966A
                                                      • Part of subcall function 00549630: CloseHandle.KERNEL32(FFFFFFFE,0054967A,?,005487C3,?,00000001,?,?,?,00547908,?,?,00000000,?,?), ref: 00549640
                                                    • ___initconout.LIBCMT ref: 0054967A
                                                      • Part of subcall function 005495F1: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00549620,005487B0,?,?,00547908,?,?,00000000,?), ref: 00549604
                                                    • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,005487C3,?,00000001,?,?,?,00547908,?,?,00000000,?), ref: 0054968F
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                    • String ID:
                                                    • API String ID: 2744216297-0
                                                    • Opcode ID: adf44949547d93ade6b70e3daac1a2d4ee25a5697b76e99d7beb21d8c505a0bd
                                                    • Instruction ID: 9f990815b092678a03c1da2bdd583f1a51ece3be6929695aa2bce57d50a15caa
                                                    • Opcode Fuzzy Hash: adf44949547d93ade6b70e3daac1a2d4ee25a5697b76e99d7beb21d8c505a0bd
                                                    • Instruction Fuzzy Hash: 88F0303A401126BBCF222FD5DC0A9DE3F66FF993A4F054010FE198A130DA728924EB91
                                                    Function 00524410 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 193COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: H_prolog3___cftoe
                                                    • String ID: !%x
                                                    • API String ID: 855520168-1893981228
                                                    • Opcode ID: dcc97759ac9583fa8bcb7cd17cb68b5f228e3d06db31e6e18c15cfbfa6816b65
                                                    • Instruction ID: e827bbc1490da1a9c13bf82e96c26ccfdfeac1e011606533c616f10ceb373955
                                                    • Opcode Fuzzy Hash: dcc97759ac9583fa8bcb7cd17cb68b5f228e3d06db31e6e18c15cfbfa6816b65
                                                    • Instruction Fuzzy Hash: 48716A71E00219ABDF18EFA8E885AEEBBB5FF49304F104429F415A7291EB35AD41CF50
                                                    Function 005283B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 192COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: H_prolog3___cftoe
                                                    • String ID: !%x
                                                    • API String ID: 855520168-1893981228
                                                    • Opcode ID: 991176733f61b88d5b48a0b8bac3d16ce9820df3ebd714394534fdfad6f6391e
                                                    • Instruction ID: 6e1001d112c48efe7f5bbec6e521a60a0e401ebe573c2340437584ecce22bc95
                                                    • Opcode Fuzzy Hash: 991176733f61b88d5b48a0b8bac3d16ce9820df3ebd714394534fdfad6f6391e
                                                    • Instruction Fuzzy Hash: B8717F71E01229AFDF04DFA4E880AEEBBB5FF49304F144529F855A7382E631AD45CB90
                                                    Function 00523690 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3_GS.LIBCMT ref: 00523697
                                                    • _swprintf.LIBCMT ref: 0052370F
                                                      • Part of subcall function 0051A742: __EH_prolog3.LIBCMT ref: 0051A749
                                                      • Part of subcall function 0051A742: std::_Lockit::_Lockit.LIBCPMT ref: 0051A753
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: H_prolog3H_prolog3_LockitLockit::__swprintfstd::_
                                                    • String ID: %.0Lf
                                                    • API String ID: 3614004578-1402515088
                                                    • Opcode ID: 84ebc2482df9e808f0dc75d2f52388394f3be403043370a9dc93b08635529ec9
                                                    • Instruction ID: 869a5af61718b9c579c2f3ae7fd3ce9d69cda50af4c840b94241468fdc8c4d3a
                                                    • Opcode Fuzzy Hash: 84ebc2482df9e808f0dc75d2f52388394f3be403043370a9dc93b08635529ec9
                                                    • Instruction Fuzzy Hash: D2618C71D00219ABDF05DFE4D845AEDBFB9FF49300F10451AE502AB295EB39AA45CB90
                                                    Function 005239C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3_GS.LIBCMT ref: 005239C7
                                                    • _swprintf.LIBCMT ref: 00523A3F
                                                      • Part of subcall function 0050B890: std::_Lockit::_Lockit.LIBCPMT ref: 0050B8BD
                                                      • Part of subcall function 0050B890: std::_Lockit::_Lockit.LIBCPMT ref: 0050B8E0
                                                      • Part of subcall function 0050B890: std::_Lockit::~_Lockit.LIBCPMT ref: 0050B908
                                                      • Part of subcall function 0050B890: std::_Lockit::~_Lockit.LIBCPMT ref: 0050B9B1
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3__swprintf
                                                    • String ID: %.0Lf
                                                    • API String ID: 1487807907-1402515088
                                                    • Opcode ID: 3d11c3dd06a3e42e452b1d6c35f44cd2db5e2cd4bb51385340b55ec3e8864c73
                                                    • Instruction ID: abf5ae82b4ed0feedbc6947e77e50d56e78b43d70ac2445f3b4761ad1971eb1b
                                                    • Opcode Fuzzy Hash: 3d11c3dd06a3e42e452b1d6c35f44cd2db5e2cd4bb51385340b55ec3e8864c73
                                                    • Instruction Fuzzy Hash: DD618C71D00219ABCF05EFE4D845AEDBFB9FF49300F10851AE542AB295EB399A45CF90
                                                    Function 005281B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 183COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3_GS.LIBCMT ref: 005281B7
                                                    • _swprintf.LIBCMT ref: 0052822F
                                                      • Part of subcall function 0050C950: std::_Lockit::_Lockit.LIBCPMT ref: 0050C97D
                                                      • Part of subcall function 0050C950: std::_Lockit::_Lockit.LIBCPMT ref: 0050C9A0
                                                      • Part of subcall function 0050C950: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C9C8
                                                      • Part of subcall function 0050C950: std::_Lockit::~_Lockit.LIBCPMT ref: 0050CA71
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3__swprintf
                                                    • String ID: %.0Lf
                                                    • API String ID: 1487807907-1402515088
                                                    • Opcode ID: fb3bbd72d511429af3543b640c9c84ac3875f42d67002f6ff8c1a46122879a46
                                                    • Instruction ID: bf617cd6ce75538dceef5e9b8c5a1f1c860100781a8cb1ae1154e05a4fc4ac9f
                                                    • Opcode Fuzzy Hash: fb3bbd72d511429af3543b640c9c84ac3875f42d67002f6ff8c1a46122879a46
                                                    • Instruction Fuzzy Hash: 94617C71D00219EBCF05DFE4D889AEDBBB9FF49300F204919E816AB295EB359954CF50
                                                    Function 0052892D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 183COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: __aulldiv
                                                    • String ID: -$0123456789abcdefghijklmnopqrstuvwxyz
                                                    • API String ID: 3732870572-1956417402
                                                    • Opcode ID: e1a0c5c02a433f8f75fefd66df207385e7968377e97615c2df52e18fec5e5853
                                                    • Instruction ID: 4671301df5052eca117159e6103223e6388335b30eb6783c38105200a3717815
                                                    • Opcode Fuzzy Hash: e1a0c5c02a433f8f75fefd66df207385e7968377e97615c2df52e18fec5e5853
                                                    • Instruction Fuzzy Hash: 5D51F330A062695ACF25CEE9A4817BEBFF5BF47320F18446BE491D72C1CB749981CB51
                                                    Function 0050FE50 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 171COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0051002C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Concurrency::cancel_current_task
                                                    • String ID: false$true
                                                    • API String ID: 118556049-2658103896
                                                    • Opcode ID: 495aadb49d067bb65ee681e6d6286a1ffd9778847ff4b4ac761f9560121803b7
                                                    • Instruction ID: 58cb9c450a116eed4c962b2c8ec9db2b6dc9a2ba7a69af8d37640f833f195aae
                                                    • Opcode Fuzzy Hash: 495aadb49d067bb65ee681e6d6286a1ffd9778847ff4b4ac761f9560121803b7
                                                    • Instruction Fuzzy Hash: 9E51A4B1D003489FDB10DFA4C845BEEBBB8FF49314F14826AE845A7281E775AA85CB51
                                                    Function 005098F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 154COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: \\?\$\\?\UNC\
                                                    • API String ID: 0-3019864461
                                                    • Opcode ID: 1ecfb648c83e8c4ca24854457544878361f5b4e582d4495e04543803a1af8b0f
                                                    • Instruction ID: 57e16764dd58918a74ffbdc0c917929065eeeca485a782794fcd9bdc3d1065ca
                                                    • Opcode Fuzzy Hash: 1ecfb648c83e8c4ca24854457544878361f5b4e582d4495e04543803a1af8b0f
                                                    • Instruction Fuzzy Hash: 4351AFB0E00205DBDB24DF68C949BAEBBF4FF99304F10491EE445A76C5DB75A988CB90
                                                    Function 0052D1E6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • EncodePointer.KERNEL32(00000000,?), ref: 0052D20B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: EncodePointer
                                                    • String ID: MOC$RCC
                                                    • API String ID: 2118026453-2084237596
                                                    • Opcode ID: b369040939cb93e43dc37891ecbd202abb432a1d21e98d1892ad992d2be1f669
                                                    • Instruction ID: fc8c718b623b4414c65c78bff9c0968ae8fae1b3de8e8a549d2eb19c32243f8d
                                                    • Opcode Fuzzy Hash: b369040939cb93e43dc37891ecbd202abb432a1d21e98d1892ad992d2be1f669
                                                    • Instruction Fuzzy Hash: 2F41753290021AEFCF15CF98ED81AEEBFB5BF4A300F144459FA04A62A2D335D950DB61
                                                    Function 00528080 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3_GS.LIBCMT ref: 00528087
                                                      • Part of subcall function 0050C950: std::_Lockit::_Lockit.LIBCPMT ref: 0050C97D
                                                      • Part of subcall function 0050C950: std::_Lockit::_Lockit.LIBCPMT ref: 0050C9A0
                                                      • Part of subcall function 0050C950: std::_Lockit::~_Lockit.LIBCPMT ref: 0050C9C8
                                                      • Part of subcall function 0050C950: std::_Lockit::~_Lockit.LIBCPMT ref: 0050CA71
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3_
                                                    • String ID: 0123456789-$0123456789-
                                                    • API String ID: 2088892359-2494171821
                                                    • Opcode ID: 1dd2471b0af0496527f58922223bd83fe039abbed001d2330c0c036dc12a0865
                                                    • Instruction ID: 196ba38f30add004b703c55e6406544ce2dc8d28e6c42a8749b719f8b7d04963
                                                    • Opcode Fuzzy Hash: 1dd2471b0af0496527f58922223bd83fe039abbed001d2330c0c036dc12a0865
                                                    • Instruction Fuzzy Hash: 5D415A319011299FCF05EFA4E8959EEBFB5BF4A310F10005AF811AB2D2DB30AE56DB54
                                                    Function 00523560 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3_GS.LIBCMT ref: 00523567
                                                      • Part of subcall function 0051A742: __EH_prolog3.LIBCMT ref: 0051A749
                                                      • Part of subcall function 0051A742: std::_Lockit::_Lockit.LIBCPMT ref: 0051A753
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: H_prolog3H_prolog3_LockitLockit::_std::_
                                                    • String ID: %.0Lf$0123456789-
                                                    • API String ID: 79917597-3094241602
                                                    • Opcode ID: d541cbfdf04509e66158999ef69a2f324004dc12a8f9a30e125d3f4f2cc2452d
                                                    • Instruction ID: e575e777a9de343c0d2ef6dbaf259273ea08f25dd4437717515ce5a2fe966a34
                                                    • Opcode Fuzzy Hash: d541cbfdf04509e66158999ef69a2f324004dc12a8f9a30e125d3f4f2cc2452d
                                                    • Instruction Fuzzy Hash: C4417B31D00129EFCF15EFA8D9859EDBFB5BF4A314F10005AE815AB291DB34AE56CB50
                                                    Function 00523890 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3_GS.LIBCMT ref: 00523897
                                                      • Part of subcall function 0050B890: std::_Lockit::_Lockit.LIBCPMT ref: 0050B8BD
                                                      • Part of subcall function 0050B890: std::_Lockit::_Lockit.LIBCPMT ref: 0050B8E0
                                                      • Part of subcall function 0050B890: std::_Lockit::~_Lockit.LIBCPMT ref: 0050B908
                                                      • Part of subcall function 0050B890: std::_Lockit::~_Lockit.LIBCPMT ref: 0050B9B1
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3_
                                                    • String ID: 0123456789-$0123456789-
                                                    • API String ID: 2088892359-2494171821
                                                    • Opcode ID: b17994a86d506b952498df8d293163ddb7aff008f05bbd52b1bdeb707de6de61
                                                    • Instruction ID: 32e0c1c991a6930f407041391988a3569a425781a9f15a467d8baff6c8e8dd83
                                                    • Opcode Fuzzy Hash: b17994a86d506b952498df8d293163ddb7aff008f05bbd52b1bdeb707de6de61
                                                    • Instruction Fuzzy Hash: 5F418A71900129DFCF15EFA8D8859EEBFB5FF4A310F10005AE911AB291DB749E96CB50
                                                    Function 0050DA90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: _swprintf
                                                    • String ID: %$+
                                                    • API String ID: 589789837-2626897407
                                                    • Opcode ID: 6bab7b87832af8740557d58653e72b569bed695b049b880c914926ccc21de030
                                                    • Instruction ID: 6705a6552241d90653cba9e52fc1baff487a73d39c1b5e6a45fc76186c5b8c37
                                                    • Opcode Fuzzy Hash: 6bab7b87832af8740557d58653e72b569bed695b049b880c914926ccc21de030
                                                    • Instruction Fuzzy Hash: 4A2144721082858FD711CF48CC89BAFBFE9BF89314F088519F99547292C734D918CBA2
                                                    Function 0050DB70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: _swprintf
                                                    • String ID: %$+
                                                    • API String ID: 589789837-2626897407
                                                    • Opcode ID: e125f9ce35ce2fb1e24c626d3c9edccb47586e5d81ffa4860d51209551f876c0
                                                    • Instruction ID: cac4f980446ec9d4791349ccc2e5d64662546c8b36ce5bad1ccf4df90fb40a49
                                                    • Opcode Fuzzy Hash: e125f9ce35ce2fb1e24c626d3c9edccb47586e5d81ffa4860d51209551f876c0
                                                    • Instruction Fuzzy Hash: 172103311083449BD721CE68CC85B9FBBE9BBC5314F14891DF88587281C674D9098BB2
                                                    Function 0050DC40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: _swprintf
                                                    • String ID: %$+
                                                    • API String ID: 589789837-2626897407
                                                    • Opcode ID: 6b3310864630b518aa113ed0583a8e484b400d4e2d87182d3568456959c529ff
                                                    • Instruction ID: a9eab5af273622761126e184653dc255ae82849118535f172861be4d225abec0
                                                    • Opcode Fuzzy Hash: 6b3310864630b518aa113ed0583a8e484b400d4e2d87182d3568456959c529ff
                                                    • Instruction Fuzzy Hash: 2421D3721083449BE711CF68C845B9FBBEABBD5314F18891DF98587281C6B5D909C7B2
                                                    Function 00508360 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ConvertSidToStringSidW.ADVAPI32(?,00000000), ref: 005083A6
                                                    • LocalFree.KERNEL32(00000000,Invalid SID,0000000B,?,00000000,9052A7D0), ref: 00508415
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ConvertFreeLocalString
                                                    • String ID: Invalid SID
                                                    • API String ID: 3201929900-130637731
                                                    • Opcode ID: e5937c93b439da7e25494c80ac9c5b2a1e148f14ca75889fe9f46bc413b3864a
                                                    • Instruction ID: 76eea40eedf7f89937f3da5c96f1d65b6ae9004ef8e247c60ab69a94d1ce1f10
                                                    • Opcode Fuzzy Hash: e5937c93b439da7e25494c80ac9c5b2a1e148f14ca75889fe9f46bc413b3864a
                                                    • Instruction Fuzzy Hash: 5F219F74A006059BDB10DF58C819BFFBBB8FF84708F14464EE901A7380DBB55A448BD0
                                                    Function 0050C4F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0050C51B
                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0050C57E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                    • String ID: bad locale name
                                                    • API String ID: 3988782225-1405518554
                                                    • Opcode ID: 6f68cf78b65f546aadc00411e6243c51fab9bcbf603c2c75f15b5cfc3d315ee8
                                                    • Instruction ID: 5ae593c3b3928b46a9d5c08adf4e0085f7335f90c5b24c364e75134f4c692b47
                                                    • Opcode Fuzzy Hash: 6f68cf78b65f546aadc00411e6243c51fab9bcbf603c2c75f15b5cfc3d315ee8
                                                    • Instruction Fuzzy Hash: 96218170805784DED721CF68C90478BBFE4EB15714F14865ED49597781D3B9A604C7A1
                                                    Function 00514715 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: H_prolog3_
                                                    • String ID: false$true
                                                    • API String ID: 2427045233-2658103896
                                                    • Opcode ID: ca5d180aa8107f2c3b7b811e088f5bf729452b58c0bcec531c2c8606cacece37
                                                    • Instruction ID: f25d899849c13be8f902b34312d184fa274e7a542a6146c06725d05f4c713214
                                                    • Opcode Fuzzy Hash: ca5d180aa8107f2c3b7b811e088f5bf729452b58c0bcec531c2c8606cacece37
                                                    • Instruction Fuzzy Hash: E511AC75940741AED721EFB4D801ACABFE4BF4A300F04891BF0A5CB291EB74A548CB50
                                                    Function 005294B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • AcquireSRWLockExclusive.KERNEL32(00562B64,?,?,?,00502656,0056376C,9052A7D0,?,?,0054A13D,000000FF,?,00501A17), ref: 005294C3
                                                    • ReleaseSRWLockExclusive.KERNEL32(00562B64,?,?,00502656,0056376C,9052A7D0,?,?,0054A13D,000000FF,?,00501A17,?,?,?,9052A7D0), ref: 005294FD
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireRelease
                                                    • String ID: d+V
                                                    • API String ID: 17069307-1156035398
                                                    • Opcode ID: 4386d0c7ff826b71c314de3c6e9aa063e1088d0f5a667feffcb2634e02cddf52
                                                    • Instruction ID: 89cb6a31f88bbfa592b344316f71e16652f573a129a9e18303aaa15a98f82afa
                                                    • Opcode Fuzzy Hash: 4386d0c7ff826b71c314de3c6e9aa063e1088d0f5a667feffcb2634e02cddf52
                                                    • Instruction Fuzzy Hash: C4F0A735600521CFCB24AF18E844A747FB4FF97335F10062EE855833E0C7701886DAA1
                                                    Function 00504B50 Relevance: 5.2, APIs: 4, Instructions: 163memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LocalAlloc.KERNEL32(00000040,80000022,?,?,?,00000000,?,?,00000000,?), ref: 00504BD7
                                                    • LocalAlloc.KERNEL32(00000040,7FFFFFFF,?,?,?,00000000,?,?,00000000,?), ref: 00504BF7
                                                    • LocalFree.KERNEL32(7FFFFFFE,?,?,?,?,?,00000000,?,?,00000000,?), ref: 00504C7D
                                                    • LocalFree.KERNEL32(00000000,9052A7D0,00000000,00000000,00549FF0,000000FF,?,?,00000000,?,?,00000000,?), ref: 00504CFD
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.2007004704.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                    • Associated: 00000004.00000002.2006961318.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007232796.000000000054E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007315682.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000004.00000002.2007348990.0000000000565000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_500000_MSI460B.jbxd
                                                    Similarity
                                                    • API ID: Local$AllocFree
                                                    • String ID:
                                                    • API String ID: 2012307162-0
                                                    • Opcode ID: 30098908c6234541726ea4256effca94d0d6e90ba1e98b4e4ca3e65e2c73bc9e
                                                    • Instruction ID: 18992ce7c2e1b2b6d22624d5e9b7ddad9ad6dde43c97da5e98d5f92eef2893ac
                                                    • Opcode Fuzzy Hash: 30098908c6234541726ea4256effca94d0d6e90ba1e98b4e4ca3e65e2c73bc9e
                                                    • Instruction Fuzzy Hash: 6351E1B26042159FD714AF28D885A6EBBE9FB89310F440A2AF915D73D1DB30ED04CB91

                                                    Execution Graph

                                                    Execution Coverage:1.9%
                                                    Dynamic/Decrypted Code Coverage:18%
                                                    Signature Coverage:2.7%
                                                    Total number of Nodes:934
                                                    Total number of Limit Nodes:86
                                                    execution_graph 53475 1002700 53476 100270a 53475->53476 53476->53475 53497 1001d40 53476->53497 53486 1002756 53527 1001ca0 53486->53527 53490 100276a 53549 10021e0 53490->53549 53492 100276f 53556 1003ca0 53492->53556 53502 1001d4a 53497->53502 53498 1003da0 SetErrorMode 53498->53502 53499 1001be0 SetErrorMode 53499->53502 53500 1006320 SetErrorMode 53500->53502 53501 1002010 53503 1019b00 53501->53503 53502->53497 53502->53498 53502->53499 53502->53500 53502->53501 53504 1019b0a 53503->53504 53504->53503 53563 1003bc0 53504->53563 53507 1003ca0 SetErrorMode 53508 1019b45 53507->53508 53509 1003d20 SetErrorMode 53508->53509 53510 1019b85 53509->53510 53511 1003ca0 SetErrorMode 53510->53511 53512 1002745 53511->53512 53513 1019c60 53512->53513 53514 1019c6a 53513->53514 53514->53513 53515 1003d20 SetErrorMode 53514->53515 53516 1019c97 53515->53516 53517 1003d20 SetErrorMode 53516->53517 53518 1019cce 53517->53518 53519 1003d20 SetErrorMode 53518->53519 53520 100274a 53519->53520 53521 10023a0 53520->53521 53522 10023aa 53521->53522 53522->53521 53581 1003e20 53522->53581 53525 1002413 53562 10022e0 SetErrorMode 53525->53562 53526 1003ca0 SetErrorMode 53526->53525 53529 1001caa 53527->53529 53528 1003d20 SetErrorMode 53528->53529 53529->53527 53529->53528 53530 1001cfb 53529->53530 53584 1006320 SetErrorMode 53529->53584 53532 1002440 53530->53532 53536 100244a 53532->53536 53534 100256e 53534->53490 53535 1003bc0 SetErrorMode 53535->53536 53536->53532 53536->53534 53536->53535 53539 1002619 53536->53539 53588 1003da0 53536->53588 53591 1002820 SetErrorMode 53536->53591 53592 10174e0 SetErrorMode 53536->53592 53585 1003fa0 53539->53585 53541 10026b0 53541->53490 53542 1002653 53542->53541 53593 1007dc0 SetErrorMode 53542->53593 53544 1002693 53594 1008640 SetErrorMode 53544->53594 53546 10026a5 53595 1007e20 SetErrorMode 53546->53595 53548 10026aa 53548->53490 53551 10021ea 53549->53551 53550 1003da0 SetErrorMode 53554 1002231 53550->53554 53551->53549 53551->53550 53552 1003ca0 SetErrorMode 53553 100227d 53552->53553 53553->53492 53554->53552 53555 10022cb 53554->53555 53555->53492 53557 1003bc0 SetErrorMode 53556->53557 53558 10027a5 53557->53558 53559 1003d20 53558->53559 53560 1003bc0 SetErrorMode 53559->53560 53561 10027e5 53560->53561 53562->53486 53564 1003bdc 53563->53564 53567 1034ba0 53564->53567 53566 1003c3b 53566->53507 53568 1034c27 53567->53568 53569 1034bc5 53567->53569 53570 1034b80 SetErrorMode 53568->53570 53569->53568 53571 1034bda 53569->53571 53572 1034c41 53570->53572 53575 1034b80 53571->53575 53572->53566 53578 10366e0 53575->53578 53576 1034b8d 53576->53566 53580 1036700 SetErrorMode 53578->53580 53580->53576 53582 1003bc0 SetErrorMode 53581->53582 53583 10023db 53582->53583 53583->53525 53583->53526 53584->53529 53586 1003bc0 SetErrorMode 53585->53586 53587 1003ff6 53586->53587 53587->53542 53589 1003bc0 SetErrorMode 53588->53589 53590 1003df6 53589->53590 53590->53536 53591->53536 53592->53536 53593->53544 53594->53546 53595->53548 53596 1009b00 53614 1009b0a 53596->53614 53614->53596 53616 1009d09 53614->53616 53620 fdbec0 53614->53620 53635 fd1500 53614->53635 53641 10028a0 53614->53641 53656 10180c0 53614->53656 53672 1017840 SetErrorMode 53614->53672 53673 1020280 SetErrorMode 53614->53673 53674 1017340 SetErrorMode 53614->53674 53675 fd45a0 SetErrorMode 53614->53675 53676 1009ec0 SetErrorMode 53614->53676 53677 1020060 SetErrorMode 53614->53677 53678 102c520 SetErrorMode 53614->53678 53679 fda5c0 SetErrorMode 53614->53679 53680 101e6a0 SetErrorMode 53614->53680 53681 fe8920 SetErrorMode 53614->53681 53682 101bb40 53614->53682 53691 fdb5a0 SetErrorMode 53614->53691 53692 fd79e0 SetErrorMode 53614->53692 53693 1013a20 SetErrorMode 53614->53693 53695 1006320 SetErrorMode 53614->53695 53694 fdb800 SetErrorMode 53616->53694 53619 1009d17 53631 fdbeca 53620->53631 53621 1006320 SetErrorMode 53621->53631 53622 1008640 SetErrorMode 53622->53631 53623 1007dc0 SetErrorMode 53623->53631 53624 1008380 SetErrorMode 53624->53631 53625 fdbf8b 53696 ff6c60 53625->53696 53627 1008460 SetErrorMode 53627->53631 53630 1007e20 SetErrorMode 53630->53631 53631->53620 53631->53621 53631->53622 53631->53623 53631->53624 53631->53625 53631->53627 53631->53630 53632 fdc022 53632->53614 53633 fdbf9c 53633->53632 53715 fe87e0 53633->53715 53637 fd1506 53635->53637 53637->53635 54089 fd1aa0 53637->54089 53638 fd151d 54099 fd1560 SetErrorMode 53638->54099 53640 fd152c 53640->53614 53650 10028aa 53641->53650 53642 1003bc0 SetErrorMode 53642->53650 53644 10029fc 53645 1003ca0 SetErrorMode 53644->53645 53646 1002a11 53645->53646 54152 1031260 SetErrorMode 53646->54152 53649 1002a4f 53651 1003d20 SetErrorMode 53649->53651 53650->53641 53650->53642 53650->53644 53654 1002aab 53650->53654 54150 101ac40 SetErrorMode 53650->54150 54151 101f500 SetErrorMode 53650->54151 53652 1002a6d 53651->53652 54138 10020a0 53652->54138 53654->53614 53655 1002a85 53655->53614 53657 10180ca 53656->53657 53657->53656 54155 fd79e0 SetErrorMode 53657->54155 53659 101810b 53660 fdd800 SetErrorMode 53659->53660 53661 1018125 53660->53661 54156 102fdc0 SetErrorMode 53661->54156 53663 1018165 54157 10183c0 SetErrorMode 53663->54157 53665 10181be 54158 10183c0 SetErrorMode 53665->54158 53667 10181cf 54159 fd79e0 SetErrorMode 53667->54159 53669 10181fb 54160 1030e20 SetErrorMode 53669->54160 53671 1018205 53671->53614 53672->53614 53673->53614 53674->53614 53675->53614 53676->53614 53677->53614 53678->53614 53679->53614 53680->53614 53681->53614 53683 101bb4a 53682->53683 53683->53682 53684 1006320 SetErrorMode 53683->53684 53685 fe57e0 SetErrorMode 53683->53685 53686 fdb5a0 SetErrorMode 53683->53686 53688 fdb800 SetErrorMode 53683->53688 53689 101bbd1 53683->53689 54161 ff76c0 53683->54161 54167 ff8a40 SetErrorMode 53683->54167 53684->53683 53685->53683 53686->53683 53688->53683 53689->53614 53691->53614 53692->53614 53693->53614 53694->53619 53695->53614 53697 ff6c6a 53696->53697 53697->53696 53742 fe86c0 SetErrorMode 53697->53742 53699 ff6c9e 53743 fe86c0 SetErrorMode 53699->53743 53701 ff6cc5 53744 fe86c0 SetErrorMode 53701->53744 53703 ff6ce9 53745 fe86c0 SetErrorMode 53703->53745 53705 ff6d0d 53746 fe86c0 SetErrorMode 53705->53746 53707 ff6d31 53747 fe86c0 SetErrorMode 53707->53747 53709 ff6d55 53748 fe86c0 SetErrorMode 53709->53748 53711 ff6d79 53727 ff9a40 53711->53727 53714 fe45c0 SetErrorMode 53714->53633 53716 fe87ea 53715->53716 53716->53715 53718 fe87fe 53716->53718 54078 1007dc0 SetErrorMode 53716->54078 54079 1008640 SetErrorMode 53716->54079 54080 1007e20 SetErrorMode 53716->54080 54081 1006320 SetErrorMode 53716->54081 53719 fe8807 53718->53719 53720 fe8857 53718->53720 53721 fddac0 SetErrorMode 53718->53721 53719->53633 53722 fe8887 53720->53722 54072 ff6a00 53720->54072 53721->53720 53722->53633 53737 ff9a4a 53727->53737 53728 ff9a6a 53749 fffa60 53728->53749 53729 1007dc0 SetErrorMode 53729->53737 53731 ff9ab6 53753 ffbf20 53731->53753 53733 1008460 SetErrorMode 53733->53737 53734 ff9ac5 53758 ff2c60 53734->53758 53737->53727 53737->53728 53737->53729 53737->53733 53738 1008640 SetErrorMode 53737->53738 53739 1008000 SetErrorMode 53737->53739 53740 1007e20 SetErrorMode 53737->53740 53762 1006320 SetErrorMode 53737->53762 53738->53737 53739->53737 53740->53737 53742->53699 53743->53701 53744->53703 53745->53705 53746->53707 53747->53709 53748->53711 53750 fffa66 53749->53750 53750->53749 53763 fddac0 53750->53763 53752 fffa9a 53752->53731 53754 ffbf2a 53753->53754 53754->53753 53755 ffc025 53754->53755 54060 fe5de0 53754->54060 54067 1006320 SetErrorMode 53754->54067 53755->53734 53759 ff2c6a 53758->53759 53759->53758 54068 ffc900 53759->54068 53761 fdbf97 53761->53714 53762->53737 53764 fddac6 53763->53764 53764->53763 53767 1032fa0 53764->53767 53766 fddb1c 53766->53752 53768 1032fc1 53767->53768 53770 103301f 53767->53770 53768->53770 53775 1012600 53768->53775 53783 ff7640 53768->53783 53789 fe8620 53768->53789 53794 102de80 53768->53794 53769 1032fe9 53769->53766 53770->53766 53777 1012606 53775->53777 53777->53775 53812 1012660 SetErrorMode 53777->53812 53778 101261f 53813 1016680 SetErrorMode 53778->53813 53780 101263a 53781 1012648 53780->53781 53798 100dc80 53780->53798 53781->53769 53784 ff7646 53783->53784 53784->53783 53785 ff7686 53784->53785 53895 ff6de0 SetErrorMode 53784->53895 53861 ff7a60 53785->53861 53788 ff769c 53788->53769 53790 fe8626 53789->53790 53790->53789 53792 fe8653 53790->53792 54029 ff90a0 53790->54029 54051 1006320 SetErrorMode 53790->54051 53792->53769 53795 102de86 53794->53795 53795->53794 53796 100d0a0 SetErrorMode 53795->53796 53797 102dea5 53796->53797 53797->53769 53800 100dc8a 53798->53800 53799 100dcb5 53799->53781 53800->53798 53800->53799 53803 100dd48 53800->53803 53805 100dd08 53800->53805 53835 fdb5a0 SetErrorMode 53800->53835 53836 1016620 SetErrorMode 53800->53836 53839 1006320 SetErrorMode 53800->53839 53838 fdb800 SetErrorMode 53803->53838 53837 fdb800 SetErrorMode 53805->53837 53806 100dd5b 53814 100d640 53806->53814 53810 100dd16 53810->53781 53811 100dd6c 53811->53781 53812->53778 53813->53780 53815 100d64a 53814->53815 53815->53814 53818 100d74c 53815->53818 53821 100d7e4 53815->53821 53825 1006320 SetErrorMode 53815->53825 53827 100d745 53815->53827 53853 fdb5a0 SetErrorMode 53815->53853 53854 1016480 SetErrorMode 53815->53854 53855 fdb800 SetErrorMode 53815->53855 53856 1009e60 SetErrorMode 53818->53856 53820 100d751 53857 fdb800 SetErrorMode 53820->53857 53824 100d7fb 53821->53824 53859 fdb800 SetErrorMode 53821->53859 53824->53811 53825->53815 53826 100d771 53840 100d0a0 53826->53840 53860 fdb900 SetErrorMode 53827->53860 53831 100d798 53833 100d7b2 53831->53833 53858 fdb5a0 SetErrorMode 53831->53858 53832 100d849 53832->53811 53833->53811 53835->53800 53836->53800 53837->53810 53838->53806 53839->53800 53846 100d0aa 53840->53846 53841 100c5c0 SetErrorMode 53841->53846 53842 100d1a7 53843 100d220 SetErrorMode 53842->53843 53844 100d1ac 53843->53844 53844->53831 53845 fdb5a0 SetErrorMode 53845->53846 53846->53840 53846->53841 53846->53842 53846->53845 53847 100d132 53846->53847 53848 1006320 SetErrorMode 53846->53848 53849 100d169 53847->53849 53850 fdb900 SetErrorMode 53847->53850 53848->53846 53851 fdb800 SetErrorMode 53849->53851 53850->53849 53852 100d177 53851->53852 53852->53831 53853->53815 53854->53815 53855->53815 53856->53820 53857->53826 53858->53833 53859->53824 53860->53832 53871 ff7a6f 53861->53871 53862 fdb5a0 SetErrorMode 53862->53871 53863 ff7bbd 53866 ff7c7e 53863->53866 53932 ff7960 53863->53932 53865 ffb740 SetErrorMode 53865->53871 53959 fdb800 SetErrorMode 53866->53959 53871->53861 53871->53862 53871->53863 53871->53865 53872 ff7c14 53871->53872 53881 ff7b70 53871->53881 53896 ff8300 53871->53896 53956 ffcde0 SetErrorMode 53871->53956 53957 fdb800 SetErrorMode 53871->53957 53983 1006320 SetErrorMode 53871->53983 53958 fdb800 SetErrorMode 53872->53958 53874 ff7c25 53874->53788 53876 ff7e56 53940 ff8020 53876->53940 53878 ff7ea5 53879 ff7ef8 53878->53879 53946 fe5aa0 53878->53946 53882 1000880 SetErrorMode 53879->53882 53881->53876 53960 ff1fe0 SetErrorMode 53881->53960 53885 ff7f14 53882->53885 53886 ff7f35 53885->53886 53888 1000880 SetErrorMode 53885->53888 53981 1000940 SetErrorMode 53886->53981 53888->53886 53890 ff7e07 53890->53876 53961 fec140 SetErrorMode 53890->53961 53892 ff7f45 53982 1000a20 SetErrorMode 53892->53982 53894 ff7fb4 53894->53788 53895->53785 53897 ff830a 53896->53897 53897->53896 53905 ff8396 53897->53905 53984 fdc240 53897->53984 53900 1000880 SetErrorMode 53904 ff8549 53900->53904 53901 ff837f 53901->53905 53908 1000880 SetErrorMode 53901->53908 53902 ff847c 54011 1007dc0 SetErrorMode 53902->54011 54018 1000940 SetErrorMode 53904->54018 53905->53900 53906 ff84a5 54012 1008640 SetErrorMode 53906->54012 53911 ff83e6 53908->53911 53910 ff8555 54019 1000a20 SetErrorMode 53910->54019 54009 1000940 SetErrorMode 53911->54009 53912 ff84b6 54013 1008380 SetErrorMode 53912->54013 53914 ff856c 54000 ff9c00 53914->54000 53917 ff84c5 54014 1008640 SetErrorMode 53917->54014 53919 ff83f2 54010 1000a20 SetErrorMode 53919->54010 53921 ff8585 53921->53871 53923 ff84d6 54015 1008380 SetErrorMode 53923->54015 53924 ff8409 53926 ff9c00 SetErrorMode 53924->53926 53926->53905 53927 ff84e8 54016 1008640 SetErrorMode 53927->54016 53929 ff84f9 54017 1007e20 SetErrorMode 53929->54017 53931 ff84fe 53931->53871 53933 ff796a 53932->53933 53933->53932 53934 ff799d 53933->53934 53938 ff7985 53933->53938 53935 fe87e0 SetErrorMode 53934->53935 53936 ff79a8 53935->53936 53936->53866 53937 ff79c9 53937->53866 53938->53937 53939 fe87e0 SetErrorMode 53938->53939 53939->53938 53941 ff802a 53940->53941 53941->53940 53943 ff95c0 SetErrorMode 53941->53943 53944 ff822b 53941->53944 53945 1004fe0 SetErrorMode 53941->53945 54020 ff7800 SetErrorMode 53941->54020 53943->53941 53944->53878 53945->53941 53954 fe5aaa 53946->53954 53947 1003e20 SetErrorMode 53947->53954 53948 fe5b13 53962 1000880 53948->53962 53949 1007dc0 SetErrorMode 53949->53954 53950 1008640 SetErrorMode 53950->53954 53951 1008380 SetErrorMode 53951->53954 53952 1008000 SetErrorMode 53952->53954 53953 1007e20 SetErrorMode 53953->53954 53954->53946 53954->53947 53954->53948 53954->53949 53954->53950 53954->53951 53954->53952 53954->53953 53955 1006320 SetErrorMode 53954->53955 53955->53954 53956->53871 53957->53871 53958->53874 53959->53881 53960->53890 53961->53876 53963 10008a5 53962->53963 53964 10008b8 53963->53964 54021 1007dc0 SetErrorMode 53963->54021 53964->53879 53966 10008c5 54022 1008640 SetErrorMode 53966->54022 53968 10008d6 54023 1008380 SetErrorMode 53968->54023 53970 10008e5 54024 1008640 SetErrorMode 53970->54024 53972 10008f6 54025 1008460 SetErrorMode 53972->54025 53974 1000905 54026 1008000 SetErrorMode 53974->54026 53976 100090a 54027 1007e20 SetErrorMode 53976->54027 53978 100090f 54028 1006320 SetErrorMode 53978->54028 53980 1000925 53981->53892 53982->53894 53983->53871 53989 fdc24f 53984->53989 53985 fe5de0 SetErrorMode 53985->53989 53986 fdca00 SetErrorMode 53986->53989 53987 fdc599 53987->53901 53987->53902 53988 fe5d00 SetErrorMode 53988->53989 53989->53984 53989->53985 53989->53986 53989->53987 53989->53988 53990 1007dc0 SetErrorMode 53989->53990 53991 1003e20 SetErrorMode 53989->53991 53992 fe87e0 SetErrorMode 53989->53992 53993 fdde80 SetErrorMode 53989->53993 53994 1006320 SetErrorMode 53989->53994 53995 10084c0 SetErrorMode 53989->53995 53996 1008640 SetErrorMode 53989->53996 53997 fddac0 SetErrorMode 53989->53997 53998 1008000 SetErrorMode 53989->53998 53999 1007e20 SetErrorMode 53989->53999 53990->53989 53991->53989 53992->53989 53993->53989 53994->53989 53995->53989 53996->53989 53997->53989 53998->53989 53999->53989 54008 ff9c0a 54000->54008 54001 ffc060 SetErrorMode 54001->54008 54002 ff2d40 SetErrorMode 54002->54008 54003 fff900 SetErrorMode 54003->54008 54004 fffce0 SetErrorMode 54004->54008 54005 ff9e2c 54005->53921 54006 fe57e0 SetErrorMode 54006->54008 54007 1006320 SetErrorMode 54007->54008 54008->54000 54008->54001 54008->54002 54008->54003 54008->54004 54008->54005 54008->54006 54008->54007 54009->53919 54010->53924 54011->53906 54012->53912 54013->53917 54014->53923 54015->53927 54016->53929 54017->53931 54018->53910 54019->53914 54020->53941 54021->53966 54022->53968 54023->53970 54024->53972 54025->53974 54026->53976 54027->53978 54028->53980 54031 ff90aa 54029->54031 54031->54029 54052 fdb5a0 SetErrorMode 54031->54052 54032 ff90d9 54033 fe87e0 SetErrorMode 54032->54033 54034 ff90e5 54033->54034 54053 fdb800 SetErrorMode 54034->54053 54036 ff90f8 54054 ff8cc0 SetErrorMode 54036->54054 54038 ff9176 54039 ff917e 54038->54039 54040 ff9230 54038->54040 54042 ff91f5 54039->54042 54055 fe2bc0 SetErrorMode 54039->54055 54058 fdb5a0 SetErrorMode 54040->54058 54042->53790 54043 ff923e 54059 fdb800 SetErrorMode 54043->54059 54046 ff919a 54048 ff91d1 54046->54048 54056 feedc0 SetErrorMode 54046->54056 54047 ff9278 54047->53790 54057 feec40 SetErrorMode 54048->54057 54051->53790 54052->54032 54053->54036 54054->54038 54055->54046 54056->54048 54057->54042 54058->54043 54059->54047 54061 fe5dea 54060->54061 54061->54060 54062 1003e20 SetErrorMode 54061->54062 54063 fe5e25 54062->54063 54064 fe5e45 54063->54064 54065 1003e20 SetErrorMode 54063->54065 54064->53754 54066 fe5e85 54065->54066 54066->53754 54067->53754 54070 ffc906 54068->54070 54069 fe5de0 SetErrorMode 54071 ffc925 54069->54071 54070->54068 54070->54069 54071->53761 54075 ff6a0a 54072->54075 54074 ff6b5c 54074->53722 54075->54072 54075->54074 54082 fe57e0 54075->54082 54087 fe5880 SetErrorMode 54075->54087 54088 1006320 SetErrorMode 54075->54088 54078->53716 54079->53716 54080->53716 54081->53716 54083 1000880 SetErrorMode 54082->54083 54084 fe57fb 54083->54084 54085 1003e20 SetErrorMode 54084->54085 54086 fe5845 54085->54086 54086->54075 54087->54075 54088->54075 54090 fd1aaa 54089->54090 54090->54089 54100 fdd800 54090->54100 54092 fd1abe 54093 fd1c1b 54092->54093 54104 101ad20 SetErrorMode 54092->54104 54094 fd1e2d 54093->54094 54105 101ad20 SetErrorMode 54093->54105 54098 fd203a 54094->54098 54106 101ad20 SetErrorMode 54094->54106 54098->53638 54099->53640 54103 fdd806 54100->54103 54102 fdd825 54102->54092 54103->54100 54107 fdcde0 54103->54107 54104->54093 54105->54094 54106->54098 54117 fdcdea 54107->54117 54109 fdce2b 54110 fddac0 SetErrorMode 54109->54110 54111 fdce79 54110->54111 54111->54102 54112 1006320 SetErrorMode 54112->54117 54114 fdcfb6 54114->54102 54117->54107 54117->54109 54117->54112 54117->54114 54118 fdcbe0 SetErrorMode 54117->54118 54120 fdd558 54117->54120 54122 fdd549 54117->54122 54129 fdd6e0 SetErrorMode 54117->54129 54130 fe4960 SetErrorMode 54117->54130 54131 fe43a0 SetErrorMode 54117->54131 54132 fefaa0 SetErrorMode 54117->54132 54133 fdd8e0 SetErrorMode 54117->54133 54118->54117 54121 fdd586 54120->54121 54135 fff440 SetErrorMode 54120->54135 54123 fdd5f4 54121->54123 54136 fe8c00 SetErrorMode 54121->54136 54134 fdd760 SetErrorMode 54122->54134 54123->54102 54127 fdd5e5 54127->54123 54137 fe8d00 SetErrorMode 54127->54137 54129->54117 54130->54117 54131->54117 54132->54117 54133->54117 54134->54120 54135->54121 54136->54127 54137->54123 54139 10020aa 54138->54139 54139->54138 54140 1003da0 SetErrorMode 54139->54140 54141 10020e5 54140->54141 54142 10021ba 54141->54142 54153 1001be0 SetErrorMode 54141->54153 54142->53655 54144 100211d 54145 10021b4 54144->54145 54154 1031260 SetErrorMode 54144->54154 54145->53655 54147 100215a 54148 1003da0 SetErrorMode 54147->54148 54149 100219c 54148->54149 54149->53655 54150->53650 54151->53650 54152->53649 54153->54144 54154->54147 54155->53659 54156->53663 54157->53665 54158->53667 54159->53669 54160->53671 54162 ff76c6 54161->54162 54162->54161 54163 ff76d2 54162->54163 54168 1006320 SetErrorMode 54162->54168 54165 ff7a60 SetErrorMode 54163->54165 54166 ff76d9 54165->54166 54166->53683 54167->53683 54168->54162 54169 100bcc0 54170 100bcd3 54169->54170 54175 100bd40 54170->54175 54174 100bd34 54177 100bd4a 54175->54177 54176 100bd69 54190 1003640 54176->54190 54177->54175 54177->54176 54239 1006320 SetErrorMode 54177->54239 54180 100bda5 54181 100bdbc 54180->54181 54237 100be40 SetErrorMode 54180->54237 54185 100bddd 54181->54185 54206 1014ca0 54181->54206 54186 100bdfe 54185->54186 54238 10143c0 SetErrorMode 54185->54238 54223 1010120 54186->54223 54189 100be80 SetErrorMode 54189->54174 54203 100364f 54190->54203 54191 1003fa0 SetErrorMode 54191->54203 54193 1003bc0 SetErrorMode 54193->54203 54194 1008640 SetErrorMode 54194->54203 54196 1008380 SetErrorMode 54196->54203 54197 1003e20 SetErrorMode 54197->54203 54198 1003da0 SetErrorMode 54198->54203 54199 1007dc0 SetErrorMode 54199->54203 54200 100382c 54200->54180 54201 1008000 SetErrorMode 54201->54203 54202 10084c0 SetErrorMode 54202->54203 54203->54190 54203->54191 54203->54193 54203->54194 54203->54196 54203->54197 54203->54198 54203->54199 54203->54200 54203->54201 54203->54202 54204 1006320 SetErrorMode 54203->54204 54205 1007e20 SetErrorMode 54203->54205 54240 fdb5a0 SetErrorMode 54203->54240 54241 fdb800 SetErrorMode 54203->54241 54204->54203 54205->54203 54209 1014caa 54206->54209 54207 fdb5a0 SetErrorMode 54207->54209 54209->54206 54209->54207 54210 1032fa0 SetErrorMode 54209->54210 54212 1034ba0 SetErrorMode 54209->54212 54217 10022e0 SetErrorMode 54209->54217 54219 1014800 SetErrorMode 54209->54219 54220 100fde0 SetErrorMode 54209->54220 54222 fdb800 SetErrorMode 54209->54222 54242 1014860 SetErrorMode 54209->54242 54243 1024380 SetErrorMode 54209->54243 54244 fdbd40 SetErrorMode 54209->54244 54245 1001780 SetErrorMode 54209->54245 54246 ff1a20 SetErrorMode 54209->54246 54247 1015240 SetErrorMode 54209->54247 54248 fe8c00 SetErrorMode 54209->54248 54249 1015640 SetErrorMode 54209->54249 54210->54209 54212->54209 54217->54209 54219->54209 54220->54209 54222->54209 54228 101012a 54223->54228 54227 1006320 SetErrorMode 54227->54228 54228->54223 54228->54227 54230 fdb5a0 SetErrorMode 54228->54230 54231 100dc80 SetErrorMode 54228->54231 54232 1010357 54228->54232 54236 fdb800 SetErrorMode 54228->54236 54250 100ddc0 54228->54250 54266 100fd60 54228->54266 54272 100e1e0 54228->54272 54282 100e040 SetErrorMode 54228->54282 54283 100e3a0 SetErrorMode 54228->54283 54230->54228 54231->54228 54233 100e1e0 SetErrorMode 54232->54233 54235 100bd2a 54233->54235 54235->54189 54236->54228 54237->54181 54238->54186 54239->54177 54240->54203 54241->54203 54242->54209 54243->54209 54244->54209 54245->54209 54246->54209 54247->54209 54248->54209 54249->54209 54263 100ddca 54250->54263 54255 100de6a 54338 10143c0 SetErrorMode 54255->54338 54257 100de7a 54257->54228 54258 1007e20 SetErrorMode 54258->54263 54259 1007dc0 SetErrorMode 54259->54263 54260 10085c0 SetErrorMode 54260->54263 54261 1008380 SetErrorMode 54261->54263 54262 1008000 SetErrorMode 54262->54263 54263->54250 54263->54255 54263->54258 54263->54259 54263->54260 54263->54261 54263->54262 54264 1008640 SetErrorMode 54263->54264 54265 1006320 SetErrorMode 54263->54265 54284 1014620 54263->54284 54290 100d920 54263->54290 54336 1014800 SetErrorMode 54263->54336 54337 fdb980 SetErrorMode 54263->54337 54264->54263 54265->54263 54270 100fd66 54266->54270 54267 100fd99 54269 100dc80 SetErrorMode 54267->54269 54268 1006320 SetErrorMode 54268->54270 54271 100fd9e 54269->54271 54270->54266 54270->54267 54270->54268 54271->54228 54273 100e1ea 54272->54273 54273->54272 54275 100e219 54273->54275 54350 fff060 SetErrorMode 54273->54350 54351 100aca0 SetErrorMode 54275->54351 54277 100e27b 54279 100e2d3 54277->54279 54352 10041e0 SetErrorMode 54277->54352 54280 100e305 54279->54280 54353 1026520 SetErrorMode 54279->54353 54280->54228 54282->54228 54283->54228 54286 101462a 54284->54286 54285 1014665 54340 10146c0 SetErrorMode 54285->54340 54286->54284 54286->54285 54339 1025cc0 SetErrorMode 54286->54339 54289 10146a5 54289->54263 54292 100d92a 54290->54292 54291 100dc4d 54293 100d640 SetErrorMode 54291->54293 54292->54290 54292->54291 54297 100d976 54292->54297 54294 100dc56 54293->54294 54294->54263 54295 100da62 54296 100dab6 54295->54296 54298 100da95 54295->54298 54341 fdb5a0 SetErrorMode 54296->54341 54299 100d9f4 54297->54299 54304 100d9e5 54297->54304 54301 100d640 SetErrorMode 54298->54301 54299->54295 54303 100da53 54299->54303 54305 100dab0 54301->54305 54302 100dac5 54306 100dacf 54302->54306 54316 100db0f 54302->54316 54307 100d640 SetErrorMode 54303->54307 54308 100d640 SetErrorMode 54304->54308 54305->54263 54309 100dafb 54306->54309 54342 fdb900 SetErrorMode 54306->54342 54311 100da5c 54307->54311 54312 100d9ee 54308->54312 54343 fdb800 SetErrorMode 54309->54343 54311->54263 54312->54263 54314 100db09 54314->54263 54315 100db71 54317 100db86 54315->54317 54318 100dc2b 54315->54318 54316->54315 54344 fdb900 SetErrorMode 54316->54344 54320 100dbcb 54317->54320 54321 100dba5 54317->54321 54349 fdb800 SetErrorMode 54318->54349 54346 10162e0 SetErrorMode 54320->54346 54345 fdb800 SetErrorMode 54321->54345 54322 100dc39 54324 100d640 SetErrorMode 54322->54324 54328 100dc47 54324->54328 54327 100dbb3 54330 100d640 SetErrorMode 54327->54330 54328->54263 54329 100dc05 54347 fdb800 SetErrorMode 54329->54347 54332 100dbc5 54330->54332 54332->54263 54333 100dc13 54334 100dc25 54333->54334 54348 100fd00 SetErrorMode 54333->54348 54334->54263 54336->54263 54337->54263 54338->54257 54339->54285 54340->54289 54341->54302 54342->54309 54343->54314 54344->54315 54345->54327 54346->54329 54347->54333 54348->54334 54349->54322 54350->54275 54351->54277 54352->54279 54353->54280 54354 1015160 54355 101516a 54354->54355 54355->54354 54358 10151c7 54355->54358 54360 1003f20 54355->54360 54357 1003d20 SetErrorMode 54359 101521a 54357->54359 54358->54357 54361 1003bc0 SetErrorMode 54360->54361 54362 1003f76 54361->54362 54362->54358 54363 101cc60 54364 101cc72 54363->54364 54364->54363 54365 1007dc0 SetErrorMode 54364->54365 54367 1008640 SetErrorMode 54364->54367 54368 101d031 54364->54368 54369 101cfe6 54364->54369 54375 1006320 SetErrorMode 54364->54375 54396 10084c0 SetErrorMode 54364->54396 54399 1008000 SetErrorMode 54364->54399 54401 1029720 SetErrorMode 54364->54401 54406 10085c0 SetErrorMode 54364->54406 54407 1007e20 SetErrorMode 54364->54407 54438 1008380 SetErrorMode 54364->54438 54439 1020ac0 SetErrorMode 54364->54439 54365->54364 54367->54364 54376 101d06f 54368->54376 54428 1021900 SetErrorMode 54368->54428 54370 101cffb 54369->54370 54425 101d920 SetErrorMode 54369->54425 54374 101d01e 54370->54374 54426 1010be0 SetErrorMode 54370->54426 54373 101d142 54403 101d18a 54373->54403 54431 1007dc0 SetErrorMode 54373->54431 54427 10107e0 SetErrorMode 54374->54427 54375->54364 54376->54373 54377 101d0cd 54376->54377 54429 100aca0 SetErrorMode 54377->54429 54381 1007dc0 SetErrorMode 54381->54403 54383 101d154 54432 1008640 SetErrorMode 54383->54432 54384 101d0e9 54408 101c820 54384->54408 54388 101d165 54433 1008380 SetErrorMode 54388->54433 54393 101d171 54434 1008640 SetErrorMode 54393->54434 54394 101d112 54396->54364 54397 101d185 54435 1007e20 SetErrorMode 54397->54435 54399->54364 54400 1008640 SetErrorMode 54400->54403 54401->54364 54402 10084c0 SetErrorMode 54402->54403 54403->54381 54403->54400 54403->54402 54404 1007e20 SetErrorMode 54403->54404 54436 1006320 SetErrorMode 54403->54436 54437 1008380 SetErrorMode 54403->54437 54404->54403 54406->54364 54407->54364 54409 101c82f 54408->54409 54409->54408 54410 101c852 54409->54410 54411 1006320 SetErrorMode 54409->54411 54412 101bb40 SetErrorMode 54410->54412 54411->54409 54413 101c905 54412->54413 54414 101c97a 54413->54414 54417 101c9ad 54413->54417 54444 1006320 SetErrorMode 54413->54444 54445 101c6c0 SetErrorMode 54414->54445 54440 1027ce0 SetErrorMode 54417->54440 54420 101caf6 54424 101cb1c 54420->54424 54441 101c320 SetErrorMode 54420->54441 54442 1028320 SetErrorMode 54420->54442 54423 101cb51 54430 100aca0 SetErrorMode 54423->54430 54443 101be20 SetErrorMode 54424->54443 54425->54370 54426->54374 54427->54368 54428->54376 54429->54384 54430->54394 54431->54383 54432->54388 54433->54393 54434->54397 54435->54403 54436->54403 54437->54403 54438->54364 54439->54364 54440->54420 54441->54420 54442->54420 54443->54423 54444->54414 54445->54417 54490 25f7d900000 54491 25f7d900021 SleepEx 54490->54491 54493 25f7d9000de 54491->54493 54446 1032d00 54447 1032d20 54446->54447 54450 1039b40 54447->54450 54449 1032e69 54453 1012580 54450->54453 54454 1012586 54453->54454 54454->54453 54455 1032fa0 SetErrorMode 54454->54455 54456 10125cb 54455->54456 54456->54449 54457 1032f20 54458 1032f54 54457->54458 54459 1032f4f 54457->54459 54466 10105c0 54458->54466 54480 1009720 SetErrorMode 54459->54480 54467 10105ca 54466->54467 54467->54466 54482 100aca0 SetErrorMode 54467->54482 54469 1010618 54474 1010645 54469->54474 54483 1026820 SetErrorMode 54469->54483 54471 10107a7 54472 1010120 SetErrorMode 54471->54472 54473 10107ac 54472->54473 54481 1009760 SetErrorMode 54473->54481 54474->54471 54484 100aca0 SetErrorMode 54474->54484 54476 101073d 54477 101075b 54476->54477 54485 1026960 SetErrorMode 54476->54485 54479 100e1e0 SetErrorMode 54477->54479 54479->54471 54482->54469 54483->54474 54484->54476 54485->54477 54486 25f7cbbc3b8 54488 25f7cbbc3ef _DllMainCRTStartup 54486->54488 54487 25f7cbbc492 VirtualProtect 54489 25f7cbbc486 54487->54489 54488->54487 54488->54489 54494 25f7cbc0b48 54495 25f7cbc0b64 _DllMainCRTStartup 54494->54495 54496 25f7cbc0bf4 54495->54496 54503 25f7cbc0bbe 54495->54503 54506 25f7cbc09e8 54495->54506 54496->54503 54537 25f7cbb83e0 54496->54537 54498 25f7cbc0c12 54500 25f7cbc0c3b 54498->54500 54502 25f7cbb83e0 _DllMainCRTStartup 16 API calls 54498->54502 54501 25f7cbc09e8 _CRT_INIT 3 API calls 54500->54501 54500->54503 54501->54503 54504 25f7cbc0c2e 54502->54504 54505 25f7cbc09e8 _CRT_INIT 3 API calls 54504->54505 54505->54500 54507 25f7cbc0a77 54506->54507 54510 25f7cbc09fa _heap_init 54506->54510 54508 25f7cbc0acd 54507->54508 54512 25f7cbc0a7b _CRT_INIT 54507->54512 54509 25f7cbc0b30 54508->54509 54515 25f7cbc0ad2 _freeptd 54508->54515 54529 25f7cbc0a03 _CRT_INIT _mtterm 54509->54529 54567 25f7cbc4808 RtlAllocateHeap RtlAllocateHeap _freeptd _freefls 54509->54567 54510->54529 54547 25f7cbc49b0 2 API calls 6 library calls 54510->54547 54512->54529 54559 25f7cbbef6c RtlAllocateHeap RtlAllocateHeap free 54512->54559 54515->54529 54561 25f7cbc3728 54515->54561 54516 25f7cbc0aa3 54516->54529 54560 25f7cbc716c RtlAllocateHeap RtlAllocateHeap free 54516->54560 54519 25f7cbc0a0f _RTC_Initialize 54519->54529 54548 25f7cbc837c RtlAllocateHeap RtlAllocateHeap free _malloc_crt 54519->54548 54520 25f7cbc0aef _freeptd 54522 25f7cbc0b26 54520->54522 54523 25f7cbc0b10 54520->54523 54520->54529 54566 25f7cbbe244 RtlAllocateHeap RtlAllocateHeap _errno free 54522->54566 54565 25f7cbc48ec RtlAllocateHeap RtlAllocateHeap _freefls _lock __addlocaleref 54523->54565 54525 25f7cbc0a31 54549 25f7cbc6e40 54525->54549 54528 25f7cbc0a3d 54528->54529 54558 25f7cbc7ee0 RtlAllocateHeap RtlAllocateHeap __initmbctable parse_cmdline 54528->54558 54529->54496 54538 25f7cbb84bb 54537->54538 54542 25f7cbb8402 _DllMainCRTStartup 54537->54542 54633 25f7cbba47c 54538->54633 54540 25f7cbb8407 _DllMainCRTStartup 54540->54498 54542->54540 54543 25f7cbb8465 _DllMainCRTStartup 54542->54543 54645 25f7cbbc2ec 54542->54645 54581 25f7cbaba74 54543->54581 54546 25f7cbbc2ec _DllMainCRTStartup VirtualFree 54546->54543 54547->54519 54548->54525 54568 25f7cbc2d8c 54549->54568 54551 25f7cbc6e6f 54552 25f7cbc3728 _calloc_crt RtlAllocateHeap RtlAllocateHeap 54551->54552 54557 25f7cbc6e83 54552->54557 54553 25f7cbc6e93 _ioinit _freefls 54553->54528 54554 25f7cbc3728 _calloc_crt RtlAllocateHeap RtlAllocateHeap 54554->54557 54555 25f7cbc70ce GetFileType 54556 25f7cbc6f74 54555->54556 54556->54553 54556->54555 54557->54553 54557->54554 54557->54556 54559->54516 54560->54529 54564 25f7cbc374d 54561->54564 54563 25f7cbc378a 54563->54520 54564->54563 54573 25f7cbc8cec 54564->54573 54565->54529 54566->54529 54567->54529 54569 25f7cbc2daf 54568->54569 54570 25f7cbc2daa 54568->54570 54572 25f7cbc2e58 2 API calls 7 library calls 54570->54572 54572->54569 54574 25f7cbc8d01 54573->54574 54578 25f7cbc8d1e _callnewh 54573->54578 54575 25f7cbc8d0f 54574->54575 54574->54578 54580 25f7cbc0d18 RtlAllocateHeap RtlAllocateHeap _getptd_noexit 54575->54580 54577 25f7cbc8d36 RtlAllocateHeap 54577->54578 54579 25f7cbc8d14 54577->54579 54578->54577 54578->54579 54579->54564 54580->54579 54649 25f7cbb4fec 54581->54649 54583 25f7cbaba92 _DllMainCRTStartup 54656 25f7cbbe284 54583->54656 54585 25f7cbabb40 54668 25f7cbbb230 2 API calls 4 library calls 54585->54668 54587 25f7cbabb87 54669 25f7cbb24a0 RtlAllocateHeap RtlAllocateHeap _DllMainCRTStartup 54587->54669 54589 25f7cbabb94 54670 25f7cbbdaa8 RtlAllocateHeap RtlAllocateHeap setSBCS malloc realloc 54589->54670 54591 25f7cbabbb5 54671 25f7cbbdaa8 RtlAllocateHeap RtlAllocateHeap setSBCS malloc realloc 54591->54671 54593 25f7cbabbcf _DllMainCRTStartup 54595 25f7cbabbdd _DllMainCRTStartup 54593->54595 54685 25f7cbbca74 VirtualFree VirtualProtect RtlAllocateHeap RtlAllocateHeap _DllMainCRTStartup 54593->54685 54596 25f7cbabbf9 54595->54596 54686 25f7cbbca74 VirtualFree VirtualProtect RtlAllocateHeap RtlAllocateHeap _DllMainCRTStartup 54595->54686 54672 25f7cbae1f8 RtlAllocateHeap RtlAllocateHeap _DllMainCRTStartup 54596->54672 54599 25f7cbabc05 54600 25f7cbabc0e 54599->54600 54687 25f7cbbca74 VirtualFree VirtualProtect RtlAllocateHeap RtlAllocateHeap _DllMainCRTStartup 54599->54687 54673 25f7cbae274 2 API calls 5 library calls 54600->54673 54603 25f7cbabc13 54605 25f7cbabc1c 54603->54605 54688 25f7cbbca74 VirtualFree VirtualProtect RtlAllocateHeap RtlAllocateHeap _DllMainCRTStartup 54603->54688 54606 25f7cbbe284 malloc 2 API calls 54605->54606 54607 25f7cbabc4f 54606->54607 54608 25f7cbabc5c 54607->54608 54689 25f7cbbca74 VirtualFree VirtualProtect RtlAllocateHeap RtlAllocateHeap _DllMainCRTStartup 54607->54689 54674 25f7cbbdaa8 RtlAllocateHeap RtlAllocateHeap setSBCS malloc realloc 54608->54674 54611 25f7cbabc78 54675 25f7cbb4c60 54611->54675 54634 25f7cbb4fec _DllMainCRTStartup 2 API calls 54633->54634 54635 25f7cbba4a0 setSBCS _DllMainCRTStartup 54634->54635 54636 25f7cbbe284 malloc 2 API calls 54635->54636 54637 25f7cbba52d setSBCS 54636->54637 54721 25f7cbbdaa8 RtlAllocateHeap RtlAllocateHeap setSBCS malloc realloc 54637->54721 54639 25f7cbba55e _DllMainCRTStartup 54641 25f7cbba575 memcpy_s _DllMainCRTStartup 54639->54641 54722 25f7cbae014 54639->54722 54642 25f7cbba802 setSBCS _DllMainCRTStartup 54641->54642 54643 25f7cbbe284 malloc 2 API calls 54641->54643 54729 25f7cbbdaa8 RtlAllocateHeap RtlAllocateHeap setSBCS malloc realloc 54641->54729 54642->54540 54643->54641 54646 25f7cbbc399 VirtualFree 54645->54646 54648 25f7cbbc311 _DllMainCRTStartup 54645->54648 54647 25f7cbb8487 54646->54647 54647->54543 54647->54546 54648->54646 54648->54647 54650 25f7cbbe284 malloc 2 API calls 54649->54650 54651 25f7cbb500d 54650->54651 54652 25f7cbb5015 setSBCS _DllMainCRTStartup 54651->54652 54653 25f7cbbe284 malloc 2 API calls 54651->54653 54652->54583 54654 25f7cbb5021 54653->54654 54654->54652 54690 25f7cbbe244 RtlAllocateHeap RtlAllocateHeap _errno free 54654->54690 54657 25f7cbbe29c _callnewh malloc 54656->54657 54658 25f7cbbe318 _callnewh 54656->54658 54659 25f7cbbe2d4 RtlAllocateHeap 54657->54659 54663 25f7cbbe2fd 54657->54663 54666 25f7cbbe302 54657->54666 54691 25f7cbc0df0 RtlAllocateHeap RtlAllocateHeap _NMSG_WRITE _set_error_mode 54657->54691 54692 25f7cbc0e64 2 API calls 6 library calls 54657->54692 54695 25f7cbc0d18 RtlAllocateHeap RtlAllocateHeap _getptd_noexit 54658->54695 54659->54657 54662 25f7cbbe30d 54659->54662 54662->54585 54693 25f7cbc0d18 RtlAllocateHeap RtlAllocateHeap _getptd_noexit 54663->54693 54694 25f7cbc0d18 RtlAllocateHeap RtlAllocateHeap _getptd_noexit 54666->54694 54668->54587 54669->54589 54670->54591 54671->54593 54672->54599 54673->54603 54674->54611 54676 25f7cbb4c7e _DllMainCRTStartup 54675->54676 54696 25f7cbba0b4 RtlAllocateHeap RtlAllocateHeap _DllMainCRTStartup 54676->54696 54678 25f7cbb4ca8 54697 25f7cbbf44c RtlAllocateHeap RtlAllocateHeap _getptd 54678->54697 54680 25f7cbb4cbf _DllMainCRTStartup 54698 25f7cbb4e28 54680->54698 54682 25f7cbb4d94 setSBCS memcpy_s _DllMainCRTStartup 54707 25f7cbb9bcc RtlAllocateHeap RtlAllocateHeap memcpy_s _DllMainCRTStartup 54682->54707 54684 25f7cbb4df5 54690->54652 54691->54657 54692->54657 54693->54666 54694->54662 54695->54662 54696->54678 54697->54680 54699 25f7cbb4fec _DllMainCRTStartup 2 API calls 54698->54699 54700 25f7cbb4e51 _DllMainCRTStartup 54699->54700 54701 25f7cbb4e9f GetUserNameA 54700->54701 54702 25f7cbb4ec8 54701->54702 54708 25f7cbae008 WSASocketA WSAIoctl closesocket _DllMainCRTStartup 54702->54708 54704 25f7cbb4ecd strrchr _DllMainCRTStartup 54709 25f7cbbe63c 54704->54709 54706 25f7cbb4fa0 _DllMainCRTStartup 54706->54682 54707->54684 54708->54704 54712 25f7cbbe66e setSBCS 54709->54712 54710 25f7cbbe673 54718 25f7cbc0d18 RtlAllocateHeap RtlAllocateHeap _getptd_noexit 54710->54718 54712->54710 54713 25f7cbbe692 54712->54713 54719 25f7cbc1528 2 API calls 12 library calls 54713->54719 54714 25f7cbbe678 _invalid_parameter_noinfo 54714->54706 54716 25f7cbbe6c2 54716->54714 54720 25f7cbc139c 2 API calls 7 library calls 54716->54720 54718->54714 54719->54716 54720->54714 54721->54639 54730 25f7cbae118 54722->54730 54724 25f7cbae02f WSASocketA 54725 25f7cbae058 WSAIoctl 54724->54725 54726 25f7cbae051 54724->54726 54727 25f7cbae099 closesocket 54725->54727 54726->54641 54727->54726 54729->54641 54731 25f7cbae12c 54730->54731 54731->54724 54732 25f7cbbc1c8 54734 25f7cbbc1fe _DllMainCRTStartup 54732->54734 54733 25f7cbbc2a4 VirtualAlloc 54735 25f7cbbc298 54733->54735 54734->54733 54734->54735 54736 fddb80 54737 fddb86 54736->54737 54737->54736 54740 fddbc0 54737->54740 54739 fddba8 54742 fddbca 54740->54742 54741 fddc05 54743 fddcdb 54741->54743 54744 fddc16 54741->54744 54742->54740 54742->54741 54745 1006320 SetErrorMode 54742->54745 54746 fe57e0 SetErrorMode 54743->54746 54748 fddc4a 54744->54748 54762 fdb5a0 SetErrorMode 54744->54762 54745->54742 54747 fddce5 54746->54747 54747->54739 54750 fe57e0 SetErrorMode 54748->54750 54752 fddcd6 54748->54752 54751 fddcc5 54750->54751 54751->54752 54758 fdddf0 54751->54758 54756 fddd49 54752->54756 54763 fdb800 SetErrorMode 54752->54763 54757 1000880 SetErrorMode 54756->54757 54761 fddd85 54756->54761 54759 fddd70 54757->54759 54764 1006320 SetErrorMode 54758->54764 54765 fdb800 SetErrorMode 54758->54765 54760 1000880 SetErrorMode 54759->54760 54760->54761 54761->54739 54762->54748 54763->54756 54764->54758 54765->54758

                                                    Executed Functions

                                                    Function 0000025F7CBB4E28 Relevance: 4.7, APIs: 3, Instructions: 190stringCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: NameUser_snprintfmallocstrrchr
                                                    • String ID:
                                                    • API String ID: 1238167203-0
                                                    • Opcode ID: d69273eeb4579e6a96eb8d0c87a60564a21875d7210b55cf29d23a145d20b21e
                                                    • Instruction ID: 2407c9fd12a776410feb1fce3f77623b2c3b462d958ea5921a43a40441fc8ee2
                                                    • Opcode Fuzzy Hash: d69273eeb4579e6a96eb8d0c87a60564a21875d7210b55cf29d23a145d20b21e
                                                    • Instruction Fuzzy Hash: B4513130718E080FFA98AB6C995A7A9B2D2F7CD311F50453DF48FC3296D934D846874A
                                                    Function 010020A0 Relevance: 2.6, Strings: 2, Instructions: 65COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • powrprof.dll, xrefs: 010020B9
                                                    • PowerRegisterSuspendResumeNotification, xrefs: 01002109
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3237532691.0000000000FD1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00FD0000, based on PE: true
                                                    • Associated: 00000005.00000002.3237468462.0000000000FD0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237593395.0000000001054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237686029.0000000001145000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237701834.0000000001147000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.0000000001148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.000000000116E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.0000000001174000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.00000000011DC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237804378.00000000011E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237817456.00000000011E5000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237832185.00000000011E6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_fd0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: PowerRegisterSuspendResumeNotification$powrprof.dll
                                                    • API String ID: 0-3247360486
                                                    • Opcode ID: 07492b976020eaaae2a050be10ed148c93f9df21de1df5221010a449af43b044
                                                    • Instruction ID: 2dfe0284227ac7822233fd5d2fa22cd56b46d13965876d3194188f65932549c4
                                                    • Opcode Fuzzy Hash: 07492b976020eaaae2a050be10ed148c93f9df21de1df5221010a449af43b044
                                                    • Instruction Fuzzy Hash: EA213736208F84C6EB42DB10F44439AB7A5F78AB80F488116EBCC47BA8DF79C195CB50
                                                    Function 0000025F7D900000 Relevance: 1.7, APIs: 1, Instructions: 211COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239674052.0000025F7D900000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7D900000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7d900000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Sleep
                                                    • String ID:
                                                    • API String ID: 3472027048-0
                                                    • Opcode ID: 88e8bec169d31fc803aeef05fed04f98ffb8ac2501b92b4af572ff67ccb03544
                                                    • Instruction ID: ca1a3e08a4ab6497be78846f3a3eeeae5c1e73624bec6c835be5da46efe21e8c
                                                    • Opcode Fuzzy Hash: 88e8bec169d31fc803aeef05fed04f98ffb8ac2501b92b4af572ff67ccb03544
                                                    • Instruction Fuzzy Hash: D1512431204E468FC79CCE1C99C5A31B7E6E789306F45D27CD59FDB2AAC930D842C684
                                                    Function 010021E0 Relevance: .1, Instructions: 61COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3237532691.0000000000FD1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00FD0000, based on PE: true
                                                    • Associated: 00000005.00000002.3237468462.0000000000FD0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237593395.0000000001054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237686029.0000000001145000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237701834.0000000001147000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.0000000001148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.000000000116E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.0000000001174000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.00000000011DC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237804378.00000000011E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237817456.00000000011E5000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237832185.00000000011E6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_fd0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 42dba6737da281719e326556b387c10384a86ac2c7a65cc43267a6b994b79169
                                                    • Instruction ID: e3911d13def0cae82fb52d60d5df1185dceb807009d9216029ae29c9412aede7
                                                    • Opcode Fuzzy Hash: 42dba6737da281719e326556b387c10384a86ac2c7a65cc43267a6b994b79169
                                                    • Instruction Fuzzy Hash: C3218E32608B85D2DA55CB21F4453AAB760F396BE4F449322AEED47B94DB3CC191CB40
                                                    Function 0000025F7CBAD68C Relevance: 7.8, APIs: 5, Instructions: 260networkCOMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: _snprintf$strchr$AvailableDataInternetQuery_errno_invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 2459009813-0
                                                    • Opcode ID: 6e2045361780fadf1587795c869fcd23f7db7a84374f415de51a140654aa30c6
                                                    • Instruction ID: 4761b73f13094d02509f8d9c22494944c3281f373ed3e689ce8dfdc910016857
                                                    • Opcode Fuzzy Hash: 6e2045361780fadf1587795c869fcd23f7db7a84374f415de51a140654aa30c6
                                                    • Instruction Fuzzy Hash: 22819531618A484FEB99EB68DC89BAEF3E5FB98312F40057DF48AC3191DE74D9018785
                                                    Function 0000025F7CBAE014 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 103networkCOMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1143 25f7cbae014-25f7cbae04f call 25f7cbae118 WSASocketA 1146 25f7cbae058-25f7cbae097 WSAIoctl 1143->1146 1147 25f7cbae051-25f7cbae053 1143->1147 1149 25f7cbae099-25f7cbae0b1 1146->1149 1150 25f7cbae0b4-25f7cbae0be 1146->1150 1148 25f7cbae0f6-25f7cbae10a 1147->1148 1149->1150 1151 25f7cbae0eb-25f7cbae0f4 closesocket 1150->1151 1152 25f7cbae0c0-25f7cbae0c1 1150->1152 1151->1148 1153 25f7cbae0c5-25f7cbae0cf 1152->1153 1154 25f7cbae0d1-25f7cbae0d4 1153->1154 1155 25f7cbae0d6-25f7cbae0e2 1153->1155 1154->1155 1156 25f7cbae0e6-25f7cbae0e7 1154->1156 1155->1151 1157 25f7cbae0e4 1155->1157 1156->1151 1157->1153
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: IoctlSocketclosesocket
                                                    • String ID: _Cy
                                                    • API String ID: 3445158922-1085951347
                                                    • Opcode ID: 9f6035121241c12ff71e8e552415c275c25b201d0c9d2d3551ffb33b20d91594
                                                    • Instruction ID: d7562d54279fe2edde95c2f33024e181efbfdd98f5fc5700c86775f33be30f32
                                                    • Opcode Fuzzy Hash: 9f6035121241c12ff71e8e552415c275c25b201d0c9d2d3551ffb33b20d91594
                                                    • Instruction Fuzzy Hash: D931083060CE884BEBA4DF6C9989B6AB7D5FBA8316F10063EF48EC3291DB34C5118745
                                                    Function 0000025F7CBADA48 Relevance: 3.2, APIs: 2, Instructions: 159networkCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Internet$ConnectOpen
                                                    • String ID:
                                                    • API String ID: 2790792615-0
                                                    • Opcode ID: c02896be98f17698b461471e8597e5ae08ffedd86d74317b17a8770a829ca45e
                                                    • Instruction ID: 27d7ce4c4587ac2deb93d35f5ba394d42452ff687d41c505bcd1fa5e6a741e4f
                                                    • Opcode Fuzzy Hash: c02896be98f17698b461471e8597e5ae08ffedd86d74317b17a8770a829ca45e
                                                    • Instruction Fuzzy Hash: E8518030618E044FFB99DF2CD99A769B3D5FB88705F51043DE08AC3292DA7C9906874A
                                                    Function 0000025F7CBBC3B8 Relevance: 1.6, APIs: 1, Instructions: 122memoryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID:
                                                    • API String ID: 544645111-0
                                                    • Opcode ID: aac624e9975941b750356ceb78cd3aa232c6bd2fb96b7d29432793f1a6c54ced
                                                    • Instruction ID: 67b331ed444384ef9fbe5431ccc1ddbe4578eda8d8fe7c0b4e2280f5898e7d3c
                                                    • Opcode Fuzzy Hash: aac624e9975941b750356ceb78cd3aa232c6bd2fb96b7d29432793f1a6c54ced
                                                    • Instruction Fuzzy Hash: CB314B3061CF098FFA98DF5CA999629B7D5F79C311F10013EE04AC3265CB74E941878A
                                                    Function 010366E0 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3237532691.0000000000FD1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00FD0000, based on PE: true
                                                    • Associated: 00000005.00000002.3237468462.0000000000FD0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237593395.0000000001054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237686029.0000000001145000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237701834.0000000001147000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.0000000001148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.000000000116E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.0000000001174000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.00000000011DC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237804378.00000000011E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237817456.00000000011E5000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237832185.00000000011E6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_fd0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID:
                                                    • API String ID: 2340568224-0
                                                    • Opcode ID: a0520eac1ccf24d66fb7d7e56398b906acba0fc96287ccc1e9c1c5cf3b874f96
                                                    • Instruction ID: dbda47c6170d8a3ce6d0771bedb79f9c4ef375ad325ed3dcb054317fe2ba0543
                                                    • Opcode Fuzzy Hash: a0520eac1ccf24d66fb7d7e56398b906acba0fc96287ccc1e9c1c5cf3b874f96
                                                    • Instruction Fuzzy Hash: 76115236601B40D1DB118B1EE44132973B4F388BE4F644665DFAD57794DB29E192C740
                                                    Function 0000025F7CBBC1C8 Relevance: 1.4, APIs: 1, Instructions: 121memoryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AllocVirtual
                                                    • String ID:
                                                    • API String ID: 4275171209-0
                                                    • Opcode ID: aae31d7e320f49b2b7b8d2523f04f5552282cf255c9fc24f679e558ee007d563
                                                    • Instruction ID: 5cd2b56f70d54a2f8a5e5de3459cbbbf39f5294751487525b50e21084cf2354c
                                                    • Opcode Fuzzy Hash: aae31d7e320f49b2b7b8d2523f04f5552282cf255c9fc24f679e558ee007d563
                                                    • Instruction Fuzzy Hash: 95310A30618F598FEB95DF9CA99562AB7E1F7AC301F10053EF44AC3261DA74EC418B86
                                                    Function 0000025F7CBBC2EC Relevance: 1.3, APIs: 1, Instructions: 75COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FreeVirtual
                                                    • String ID:
                                                    • API String ID: 1263568516-0
                                                    • Opcode ID: 33013136f0bb95f1eb9f3645b418df4a5ff2efb559231014e174e8ee2656166c
                                                    • Instruction ID: ce372e9cc53ee677e6b1241c85e422d709bbf7bf9d1ac1e3d83cfcfd0cf783f0
                                                    • Opcode Fuzzy Hash: 33013136f0bb95f1eb9f3645b418df4a5ff2efb559231014e174e8ee2656166c
                                                    • Instruction Fuzzy Hash: A1215170609F488FFBD5DF5CA95872A77E5FB9C312F50093AE44AC32A0C6789980CB45

                                                    Non-executed Functions

                                                    Function 00FDB320 Relevance: 6.3, Strings: 5, Instructions: 80COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • -> node= ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)tracebac, xrefs: 00FDB405
                                                    • runtime: lfstack.push invalid packing: node=out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark p, xrefs: 00FDB3A5
                                                    • lfstack.push span.limit= span.state=bad flushGen MB stacks, worker mode nDataRoots= nSpanRoots= wbuf1=<nil> wbuf2=<nil> gcscandone runtime: gp= found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcProces, xrefs: 00FDB42F
                                                    • cnt=gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:filesclosesse41sse42ssse3int16int32int64uint8arraysliceGreekGetACPlistensendtosocketstringsysmontimersefenceselect, not object next= jobs= goid sweep B -> % util alloc f, xrefs: 00FDB3C5
                                                    • packed=BAD RANK status unknown(trigger= npages= nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes wsaioctlavx512bwavx512vlgo/typesnet/httpgo/buildx509sha1ClassANYQuestionntdll.dllImm32.dllole32.dllpsapi.dllwinmm.dl, xrefs: 00FDB3E5
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3237532691.0000000000FD1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00FD0000, based on PE: true
                                                    • Associated: 00000005.00000002.3237468462.0000000000FD0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237593395.0000000001054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237686029.0000000001145000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237701834.0000000001147000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.0000000001148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.000000000116E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.0000000001174000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.00000000011DC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237804378.00000000011E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237817456.00000000011E5000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237832185.00000000011E6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_fd0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: -> node= ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)tracebac$ cnt=gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:filesclosesse41sse42ssse3int16int32int64uint8arraysliceGreekGetACPlistensendtosocketstringsysmontimersefenceselect, not object next= jobs= goid sweep B -> % util alloc f$ packed=BAD RANK status unknown(trigger= npages= nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes wsaioctlavx512bwavx512vlgo/typesnet/httpgo/buildx509sha1ClassANYQuestionntdll.dllImm32.dllole32.dllpsapi.dllwinmm.dl$lfstack.push span.limit= span.state=bad flushGen MB stacks, worker mode nDataRoots= nSpanRoots= wbuf1=<nil> wbuf2=<nil> gcscandone runtime: gp= found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcProces$runtime: lfstack.push invalid packing: node=out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark p
                                                    • API String ID: 0-2297701913
                                                    • Opcode ID: af92a64c9f6d4d9c7d16bfea1fbe1651a9243a1dd138ea718c56c4f0b062d045
                                                    • Instruction ID: f1b24ff563da14613d0c2327c080837c37da3610f133eba1110a8f2a5d104be9
                                                    • Opcode Fuzzy Hash: af92a64c9f6d4d9c7d16bfea1fbe1651a9243a1dd138ea718c56c4f0b062d045
                                                    • Instruction Fuzzy Hash: 5D214B32A19F85C6E601EF10E8803ADB768F79EB80F499522DBCD07BA5DF78C4518B51
                                                    Function 00FEF360 Relevance: 5.2, Strings: 4, Instructions: 177COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • runtime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)semacquire not on the G stac, xrefs: 00FEF527
                                                    • greyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockfindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did n, xrefs: 00FEF5EF
                                                    • +]1/=[<{}_MLy: i), M [("")) ) @s -> Pn=][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=, xrefs: 00FEF565
                                                    • marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [panic during mallocpanic holding locksmissing deferreturnunexpected gp.parampanic during , xrefs: 00FEF5DE
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3237532691.0000000000FD1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00FD0000, based on PE: true
                                                    • Associated: 00000005.00000002.3237468462.0000000000FD0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237593395.0000000001054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237686029.0000000001145000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237701834.0000000001147000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.0000000001148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.000000000116E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.0000000001174000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.00000000011DC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237804378.00000000011E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237817456.00000000011E5000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237832185.00000000011E6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_fd0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: +]1/=[<{}_MLy: i), M [("")) ) @s -> Pn=][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=$greyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockfindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did n$marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [panic during mallocpanic holding locksmissing deferreturnunexpected gp.parampanic during $runtime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)semacquire not on the G stac
                                                    • API String ID: 0-3934792834
                                                    • Opcode ID: 08377912b86303e8ac9e57a67d7966ccb4961e5da47b38a8f98771e24e22b093
                                                    • Instruction ID: 75220cc66b09ba7991eda47998fe945baf93e74e02516f2ef31eb3a6ea673cc9
                                                    • Opcode Fuzzy Hash: 08377912b86303e8ac9e57a67d7966ccb4961e5da47b38a8f98771e24e22b093
                                                    • Instruction Fuzzy Hash: A061E072A04BC186EB11DF12E8403ADBB69F799B90F845126EFCD07BA5CB78C598D740
                                                    Function 00FEFAA0 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not supportedcannot trace user goroutine on its own stackcannot send after transport endpoint shu, xrefs: 00FEFB90
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3237532691.0000000000FD1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00FD0000, based on PE: true
                                                    • Associated: 00000005.00000002.3237468462.0000000000FD0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237593395.0000000001054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237686029.0000000001145000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237701834.0000000001147000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.0000000001148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.000000000116E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.0000000001174000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.00000000011DC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237804378.00000000011E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237817456.00000000011E5000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237832185.00000000011E6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_fd0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not supportedcannot trace user goroutine on its own stackcannot send after transport endpoint shu
                                                    • API String ID: 0-656962341
                                                    • Opcode ID: 7c2e61a62e90ead759f417bbe1f1399d545bfdc3c11705be5c66fe3e8241a002
                                                    • Instruction ID: 2f92aedc34a451ffecaa3c59366169e2dd78c66b78b19e3843183193006b4ed0
                                                    • Opcode Fuzzy Hash: 7c2e61a62e90ead759f417bbe1f1399d545bfdc3c11705be5c66fe3e8241a002
                                                    • Instruction Fuzzy Hash: FC21D0F3B02AC542EB058F15D4903E86722E39AFD8F4AA075CF4957756CA68C596C340
                                                    Function 00FFA580 Relevance: .2, Instructions: 231COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3237532691.0000000000FD1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00FD0000, based on PE: true
                                                    • Associated: 00000005.00000002.3237468462.0000000000FD0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237593395.0000000001054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237686029.0000000001145000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237701834.0000000001147000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.0000000001148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.000000000116E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.0000000001174000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.00000000011DC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237804378.00000000011E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237817456.00000000011E5000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237832185.00000000011E6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_fd0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 45fe04ac07d9e4df590570a8f83cb0d84bda1080bc505db192f511de2bdc66ac
                                                    • Instruction ID: f52de41064e4d853f57897e099c202eec499245f86bf0415c8b31cf238ea4714
                                                    • Opcode Fuzzy Hash: 45fe04ac07d9e4df590570a8f83cb0d84bda1080bc505db192f511de2bdc66ac
                                                    • Instruction Fuzzy Hash: E6A13A77618B8882DB108B15F4802AAB7A5F789BE4F545226EFDD53BA9CF7CD051CB00
                                                    Function 00FFBA00 Relevance: .2, Instructions: 219COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3237532691.0000000000FD1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00FD0000, based on PE: true
                                                    • Associated: 00000005.00000002.3237468462.0000000000FD0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237593395.0000000001054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237686029.0000000001145000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237701834.0000000001147000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.0000000001148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.000000000116E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.0000000001174000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.00000000011DC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237804378.00000000011E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237817456.00000000011E5000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237832185.00000000011E6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_fd0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b80b28e9f0368e08475e51977a5840c692297971d3256ae9aafaafb66b7952be
                                                    • Instruction ID: 145b650d31f4a5c9d8fca8c0ba5f4c957a46624d1eabbbe4638dc739e091e2c2
                                                    • Opcode Fuzzy Hash: b80b28e9f0368e08475e51977a5840c692297971d3256ae9aafaafb66b7952be
                                                    • Instruction Fuzzy Hash: BF818073618B8882DB108B15E4803AEB762FB9ABC0F445126EF9D57B69CF7CC191D740
                                                    Function 01034E60 Relevance: .0, Instructions: 11COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3237532691.0000000000FD1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00FD0000, based on PE: true
                                                    • Associated: 00000005.00000002.3237468462.0000000000FD0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237593395.0000000001054000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237686029.0000000001145000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237701834.0000000001147000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.0000000001148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.000000000116E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.0000000001174000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237717473.00000000011DC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237804378.00000000011E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237817456.00000000011E5000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                    • Associated: 00000005.00000002.3237832185.00000000011E6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_fd0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d62c5fd17778f817de740871a6899372cd913a18dfe35a0517ef0f8af829fcf2
                                                    • Instruction ID: 09bd3abe4da1e955c3e912397cfc2e1e56868390076eb4a5bb8b75515b3dad86
                                                    • Opcode Fuzzy Hash: d62c5fd17778f817de740871a6899372cd913a18dfe35a0517ef0f8af829fcf2
                                                    • Instruction Fuzzy Hash: BCC02BF090FBD118FB10C30875013843DCD8FC43D0E80C0C4C3C8C4215D72C82809524
                                                    Function 0000025F7CBC5E1C Relevance: 16.6, APIs: 11, Instructions: 108COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: __doserrno_errno_getptd_noexit$_invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 388111225-0
                                                    • Opcode ID: f569b21a01fad2a92039226acf8a97d91cb16fac7f3924a9cc2c8e1a455bf938
                                                    • Instruction ID: e888fe29ceb19bcf0e60e7401b59467f7061384c8a50a50381ddc6da497ebead
                                                    • Opcode Fuzzy Hash: f569b21a01fad2a92039226acf8a97d91cb16fac7f3924a9cc2c8e1a455bf938
                                                    • Instruction Fuzzy Hash: D8310630218F054FF7B8AF6C9DCA3BDB680EB8A321F510279F652872D3D67098465399
                                                    Function 0000025F7CBC6C08 Relevance: 15.1, APIs: 10, Instructions: 93COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseeki64_nolock_unlock_fhandle
                                                    • String ID:
                                                    • API String ID: 2644381645-0
                                                    • Opcode ID: 1a0056bbafc3a7faafb75a0a5683c60387dc6450d26c6e1c9b28f7a797692c5c
                                                    • Instruction ID: 47d746f8c18952785b3f86a8bf22ce9d6dab59a31ca9b0a6edacc0548ad630ae
                                                    • Opcode Fuzzy Hash: 1a0056bbafc3a7faafb75a0a5683c60387dc6450d26c6e1c9b28f7a797692c5c
                                                    • Instruction Fuzzy Hash: A121E730608E044FF3F46B5CAD4A7BAF2D0EB8D322F550679F656871D3D67458414299
                                                    Function 0000025F7CBC6A90 Relevance: 15.1, APIs: 10, Instructions: 88COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseek_nolock_unlock_fhandle
                                                    • String ID:
                                                    • API String ID: 1078912150-0
                                                    • Opcode ID: af586274eb7c0247a5ed565ce490a43ddd2b1adc4c580e4a875ff27a69eb19f0
                                                    • Instruction ID: cd09a4df2aad035188349afe7b85c33818e70f733a9c7f6d3bf7aa2fcc182451
                                                    • Opcode Fuzzy Hash: af586274eb7c0247a5ed565ce490a43ddd2b1adc4c580e4a875ff27a69eb19f0
                                                    • Instruction Fuzzy Hash: 0721E531608E004FF3B86B6C9D8B7BDB6D0DB9E332F150279F656871D3D6745842429A
                                                    Function 0000025F7CBC5434 Relevance: 13.6, APIs: 9, Instructions: 89COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_unlock_fhandle
                                                    • String ID:
                                                    • API String ID: 2464146582-0
                                                    • Opcode ID: c89056d156aae0bb9c491ae48c02d203d405bbf82af9f534bcd04b22b5544d86
                                                    • Instruction ID: 17b81b49ca41bb9512b3908f29ae57664723786c003735d4f2c1364ee304a1f0
                                                    • Opcode Fuzzy Hash: c89056d156aae0bb9c491ae48c02d203d405bbf82af9f534bcd04b22b5544d86
                                                    • Instruction Fuzzy Hash: C621D330608E004FF3B46B6CED8A3BDB6D0DB89323F150279F656871D7D6B85C4552A9
                                                    Function 0000025F7CBC4C58 Relevance: 13.6, APIs: 9, Instructions: 71COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: _getptd_noexit$__doserrno__lock_fhandle_close_nolock_errno_unlock_fhandle
                                                    • String ID:
                                                    • API String ID: 2140805544-0
                                                    • Opcode ID: d63a0d9a057a00514656f61d256491cfcc4309f98023220473e92bade8306c33
                                                    • Instruction ID: 4c08ada78c48f4b821b7e137aa72ea642a8d0185d2b5e9d57c9dd08da8343f99
                                                    • Opcode Fuzzy Hash: d63a0d9a057a00514656f61d256491cfcc4309f98023220473e92bade8306c33
                                                    • Instruction Fuzzy Hash: 75215732105E148FF3B4AF6C9E893B9F681EF49322F21053CF616871E3CA7498418B68
                                                    Function 0000025F7CBBEF6C Relevance: 12.6, APIs: 10, Instructions: 116COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: free$_errno
                                                    • String ID:
                                                    • API String ID: 2288870239-0
                                                    • Opcode ID: f2c387d57ff385ba375dc00a6173171a26f2c39e06d74853e0125178de0f68c4
                                                    • Instruction ID: ab76d7a5c5cb79ca453d62e9d5c4b506c37fce98d47a61ef206c509a57a3250d
                                                    • Opcode Fuzzy Hash: f2c387d57ff385ba375dc00a6173171a26f2c39e06d74853e0125178de0f68c4
                                                    • Instruction Fuzzy Hash: CA413830254E8A8FFFD4EF9CDDA9BA4B2E0F758316FA45079A105C22A1CA3899458719
                                                    Function 0000025F7CBA360C Relevance: 11.6, APIs: 9, Instructions: 305COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: free$malloc$_errno$_callnewh$AllocateHeap
                                                    • String ID:
                                                    • API String ID: 2779598320-0
                                                    • Opcode ID: 78c5723810e6e6d18fab4a62d391ea0db65c57382cb75ed74f6abc212771b6cb
                                                    • Instruction ID: 725c4e151b15b6b1ad60a9b25416dea91c5b067a8942c8530047c8cbb23e0680
                                                    • Opcode Fuzzy Hash: 78c5723810e6e6d18fab4a62d391ea0db65c57382cb75ed74f6abc212771b6cb
                                                    • Instruction Fuzzy Hash: 3E91B730318F494BF799AF5C9D55B7DB3D1EB89702F54027EE48AC3292DE30D806868A
                                                    Function 0000025F7CBBEE10 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Packaged__crt_dosmaperr_errno_getptd_noexit_invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 2917016420-0
                                                    • Opcode ID: cfbfe809ff06962f400f8854e8dfaca57605153f463412cb5835124c7fa4a529
                                                    • Instruction ID: 3b8fc69c84c66230cda43957a9d7778730889746e062aceaa7484cdee902f12a
                                                    • Opcode Fuzzy Hash: cfbfe809ff06962f400f8854e8dfaca57605153f463412cb5835124c7fa4a529
                                                    • Instruction Fuzzy Hash: 41316F30614E098FFBD4AFAD9949369B6D1FB8C312F14417DB44AC32E1DB38C8418746
                                                    Function 0000025F7CBC973C Relevance: 10.6, APIs: 7, Instructions: 78COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: _errno$__doserrno__lock_fhandle_getptd_noexit_unlock_fhandle
                                                    • String ID:
                                                    • API String ID: 4120058822-0
                                                    • Opcode ID: 9341880fa3ae8ea43da77f4714028596b22b009dd5c4526b8d460d71b2af8a07
                                                    • Instruction ID: 56c9b10c47d86eda515cc87a02f70de5ec0d716e445a1ad7acea0f2d5214f7f6
                                                    • Opcode Fuzzy Hash: 9341880fa3ae8ea43da77f4714028596b22b009dd5c4526b8d460d71b2af8a07
                                                    • Instruction Fuzzy Hash: 8F21F530A05E444EF7B4AF7CAED936DF690EB49322F15013DF61A872D2E77898418359
                                                    Function 0000025F7CBBFB10 Relevance: 9.3, APIs: 6, Instructions: 257COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: _errno$_filbuf_fileno_getptd_noexit_invalid_parameter_noinfomemcpy_s
                                                    • String ID:
                                                    • API String ID: 2328795619-0
                                                    • Opcode ID: 4bbdce99b29ecd3e24264ac9f3b66a56e11342a03ebc5466d7d382185dba5216
                                                    • Instruction ID: c9314cd0f6f1c6c230c4d46caaaf642449507efe2f02b356a2e0c011cf2340d1
                                                    • Opcode Fuzzy Hash: 4bbdce99b29ecd3e24264ac9f3b66a56e11342a03ebc5466d7d382185dba5216
                                                    • Instruction Fuzzy Hash: F1619F34218F094AF6A85E6C5E59279F3C1FB99762F24033EF456C32D2DA70F85242C9
                                                    Function 0000025F7CBBF620 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: _errno$_getptd_noexit_getstream_invalid_parameter_noinfo_openfile
                                                    • String ID:
                                                    • API String ID: 1547050394-0
                                                    • Opcode ID: 25a8bf288fd42ce426ab2ae56b53d18e2e8359fd32586f4ae3706e9ff750b65b
                                                    • Instruction ID: 7cec4203bcd9e324ea40223ed61d26c14669d22c5c00cdc64a94138b996d8bb6
                                                    • Opcode Fuzzy Hash: 25a8bf288fd42ce426ab2ae56b53d18e2e8359fd32586f4ae3706e9ff750b65b
                                                    • Instruction Fuzzy Hash: FA219C70618E0A4FF7E0EF2C5A0936AA7D1FB9D312F14057AB44AC3292DA34DC418389
                                                    Function 0000025F7CBB21F4 Relevance: 9.0, APIs: 7, Instructions: 264stringCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: freemallocstrchr$_errnorand
                                                    • String ID:
                                                    • API String ID: 2126518082-0
                                                    • Opcode ID: f35e4bf4a30ec4413237561f10dac7197b8990473e0b46e11b580f4fb44e5963
                                                    • Instruction ID: ba5b6eb00175ef4cb575e08f2e2cf67e0df77f098eb86ba1b59586d2e1bd2a59
                                                    • Opcode Fuzzy Hash: f35e4bf4a30ec4413237561f10dac7197b8990473e0b46e11b580f4fb44e5963
                                                    • Instruction Fuzzy Hash: CA81C630618ED84AFBE9AF2C99053F6F3D0FF9D306F040579E58AC71A2DA3499468746
                                                    Function 0000025F7CBA3170 Relevance: 8.9, APIs: 7, Instructions: 181COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: free$_errno$_callnewhmalloc$AllocateHeap
                                                    • String ID:
                                                    • API String ID: 4095668141-0
                                                    • Opcode ID: a46d6df1e63736bbf5e6f8efd513222b2720334364c4a35ae3722e37f335d37b
                                                    • Instruction ID: 79f5bf0af62f7c7ea99da70c5fb0a2519b38fec1e6ed7927e796493ce79c4208
                                                    • Opcode Fuzzy Hash: a46d6df1e63736bbf5e6f8efd513222b2720334364c4a35ae3722e37f335d37b
                                                    • Instruction Fuzzy Hash: D851C430618F495BFB99AB6C9959679B7D0FB4D301F50017DE88AC3297EF30DC068689
                                                    Function 0000025F7CBABA74 Relevance: 7.9, APIs: 6, Instructions: 411COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: malloc$_snprintf$_errno$AllocateHeap_callnewhfreerealloc
                                                    • String ID:
                                                    • API String ID: 705544021-0
                                                    • Opcode ID: fd4b1ce187cf5d2c7b3c7d1d5f2f485ec143d87fcb2d796d9dd721ce5a89571b
                                                    • Instruction ID: 81f32b1998bdd7013936c3fb8a5242a09269abe13a10aa00e9d6475b7a8ce5a4
                                                    • Opcode Fuzzy Hash: fd4b1ce187cf5d2c7b3c7d1d5f2f485ec143d87fcb2d796d9dd721ce5a89571b
                                                    • Instruction Fuzzy Hash: F2D15E30604E454BFB99BB6C8E5A7ADF2D6FB8C302F50453DB496C32D3DE349905868A
                                                    Function 0000025F7CBB0694 Relevance: 7.7, APIs: 5, Instructions: 205COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: _errno$_invalid_parameter_noinfo$fseekmalloc$AllocateHeap_callnewh_fseek_nolock_ftelli64fclose
                                                    • String ID:
                                                    • API String ID: 495604859-0
                                                    • Opcode ID: f1c4e02295faa99f8843714657dd5281141177bf23df19fa39898597ddf49910
                                                    • Instruction ID: b9f43447c95d8f073de13138081b08d0e30a14d81c5b98376fa7e925f27ec8f2
                                                    • Opcode Fuzzy Hash: f1c4e02295faa99f8843714657dd5281141177bf23df19fa39898597ddf49910
                                                    • Instruction Fuzzy Hash: 8B518131618E084BF789EF2C9999BB9B2D5FB8C301F50427EB48BC3297DD34990686C5
                                                    Function 0000025F7CBC9348 Relevance: 7.7, APIs: 5, Instructions: 201COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: _lock$_calloc_crt_mtinitlocknum
                                                    • String ID:
                                                    • API String ID: 3962633935-0
                                                    • Opcode ID: b1e94c722dda090378a8e761eed7513b06593d91ccd6790d0d4411b736f80c7c
                                                    • Instruction ID: c9030e7fca26d4573237cf5f9d2c241ba9bc4965f6a8a5dfa28119cddc5c046e
                                                    • Opcode Fuzzy Hash: b1e94c722dda090378a8e761eed7513b06593d91ccd6790d0d4411b736f80c7c
                                                    • Instruction Fuzzy Hash: 3351C470918F088BF7B49F2CCD89365F7D0FB58311F15027DE98AC71A2E678D8428686
                                                    Function 0000025F7CBA44F0 Relevance: 7.7, APIs: 6, Instructions: 175COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: free$_errno$_callnewhmalloc$AllocateHeap
                                                    • String ID:
                                                    • API String ID: 4095668141-0
                                                    • Opcode ID: 9dd44889f23309e2c133c4e883ac3d7c03cf28f4ebc62bcd805b5d39935d1e2d
                                                    • Instruction ID: 9622e9c180c8bc3cb4ae5c18aebe52a7234dab6cb3919c925e980b2183741061
                                                    • Opcode Fuzzy Hash: 9dd44889f23309e2c133c4e883ac3d7c03cf28f4ebc62bcd805b5d39935d1e2d
                                                    • Instruction Fuzzy Hash: CF41D330218F4D0BFB989A6C494967AB2D5EB9A312F14517DE4C6C32A3ED30D8068B89
                                                    Function 0000025F7CBC139C Relevance: 7.6, APIs: 5, Instructions: 149COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: _errno$_fileno_getbuf_getptd_noexit_invalid_parameter_noinfo_isatty
                                                    • String ID:
                                                    • API String ID: 304646821-0
                                                    • Opcode ID: c35e8c2de9f02937b40d8dcb44627bb11330896f7d068decc206105344bae12a
                                                    • Instruction ID: 96ddf29b6ee979ad183087caa9080070a90bf323f4063c23d97b023a5f47e613
                                                    • Opcode Fuzzy Hash: c35e8c2de9f02937b40d8dcb44627bb11330896f7d068decc206105344bae12a
                                                    • Instruction Fuzzy Hash: 6351A030114E084FFBE8EF1CC989765B6D1EB8C311F5406B9EA16CB2D6D678C9418B85
                                                    Function 0000025F7CBB8220 Relevance: 7.6, APIs: 6, Instructions: 142COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: _errno$_snprintffreemalloc$AllocateHeap_callnewh_invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 3374735158-0
                                                    • Opcode ID: faf2166294d0965833cb84c6e7fe882f3c5ed13ceeefabe40a4c11aee224dca5
                                                    • Instruction ID: 4a27a387ee9593b59c69adb633576cdd01ffedb0e9e484aa11cf199760dacbad
                                                    • Opcode Fuzzy Hash: faf2166294d0965833cb84c6e7fe882f3c5ed13ceeefabe40a4c11aee224dca5
                                                    • Instruction Fuzzy Hash: 3541633060CD480FE698AF6C69157B5B7D2F78D311F54417DF08EC3296DA359C428795
                                                    Function 0000025F7CBAEC64 Relevance: 7.6, APIs: 5, Instructions: 90fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: _errno$free$AllocateHeap_callnewhfclosefwritemalloc
                                                    • String ID:
                                                    • API String ID: 3186758386-0
                                                    • Opcode ID: c287650ca013cd6fba82a94b2bfab312077d62521af6d54d1c0599a360ecab3d
                                                    • Instruction ID: e650b93aad55155fab85b2fc34b36a2d5f2ab89fbe89f9622f20965402efc5cf
                                                    • Opcode Fuzzy Hash: c287650ca013cd6fba82a94b2bfab312077d62521af6d54d1c0599a360ecab3d
                                                    • Instruction Fuzzy Hash: 04215E30228E480BF6C4BB6C89597AEF2D1FB9C345F540579B48AC32D2ED34D905838A
                                                    Function 0000025F7CBC95EC Relevance: 7.5, APIs: 5, Instructions: 41COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: _getptd_noexit$__doserrno_errno
                                                    • String ID:
                                                    • API String ID: 2964073243-0
                                                    • Opcode ID: 7de39b626677fa29025c8f4af27b0a540db68e2d6824cc23474586602198323a
                                                    • Instruction ID: 7aa289b716b7a839535b78e6932a26ba3f5f3ca821bf47b8a5874f2750d70e9d
                                                    • Opcode Fuzzy Hash: 7de39b626677fa29025c8f4af27b0a540db68e2d6824cc23474586602198323a
                                                    • Instruction Fuzzy Hash: E701D130524C084EF3F4A73CCE89399B290FF09327FA00274B605870E2EB384441871A
                                                    Function 0000025F7CBADC04 Relevance: 6.5, APIs: 5, Instructions: 254COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: _snprintf
                                                    • String ID:
                                                    • API String ID: 3512837008-0
                                                    • Opcode ID: 72e4e973a1d0442b98f7febb78707b45b3081222fbe35b5ecbc6412512dc3076
                                                    • Instruction ID: 0f8d694bd559f0528d691ec507358e8e7ec935204d2c307a76fcf71c88c6d7b1
                                                    • Opcode Fuzzy Hash: 72e4e973a1d0442b98f7febb78707b45b3081222fbe35b5ecbc6412512dc3076
                                                    • Instruction Fuzzy Hash: 31917130618E488FFB95EF28DD89BAAB3E5FB99301F400579E486C31A2DA38D945C745
                                                    Function 0000025F7CBBDFEC Relevance: 6.3, APIs: 5, Instructions: 76COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: _errnomalloc$_callnewh$AllocateHeap_invalid_parameter_noinfo_snprintf
                                                    • String ID:
                                                    • API String ID: 3487649172-0
                                                    • Opcode ID: b352101c7262c8bcb4a5e96376bd10b91777e0dce9561e268234f3b9efdf5141
                                                    • Instruction ID: e000a377a2ec62f582ef46273a31f83b962a6b1feb6cadcde1282c6fd3ae9f75
                                                    • Opcode Fuzzy Hash: b352101c7262c8bcb4a5e96376bd10b91777e0dce9561e268234f3b9efdf5141
                                                    • Instruction Fuzzy Hash: EF111C70A1CF484FEBE8AF6CA449365B6D1FB8C311F10456EF09AC32A6EA349D4187C5
                                                    Function 0000025F7CBBF62C Relevance: 6.2, APIs: 4, Instructions: 194COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: _errno_fileno_flush_getptd_noexit_invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 634798775-0
                                                    • Opcode ID: 34e7f92ebff520e6a17a4e985317f9f17b8bd586bad3667c73d28a98cf0395a5
                                                    • Instruction ID: 52c636e00570c9534b71cb05f63d7dfde2aa3c1b039709b96a74a274fc0666a0
                                                    • Opcode Fuzzy Hash: 34e7f92ebff520e6a17a4e985317f9f17b8bd586bad3667c73d28a98cf0395a5
                                                    • Instruction Fuzzy Hash: E551B834218F094AF6E85DAD5E4D335B3C1F76D312F14027EF89AC31E6E971E8528289
                                                    Function 0000025F7CBA00D0 Relevance: 6.1, APIs: 4, Instructions: 90COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: clock
                                                    • String ID:
                                                    • API String ID: 3195780754-0
                                                    • Opcode ID: 88d80a52c757cc5c40c2c6d70a970e4954adb33c3b78b443ec03df4506b3ea8d
                                                    • Instruction ID: be6bcc76064ac1f7cfd10878f05826a740c8e42f93a6f9d26029267eec4af33b
                                                    • Opcode Fuzzy Hash: 88d80a52c757cc5c40c2c6d70a970e4954adb33c3b78b443ec03df4506b3ea8d
                                                    • Instruction Fuzzy Hash: 0621A73544CB0D4EF7B8A9AC6D8666AF6D0D75D351F15023DF9C783142F9709C4282DA
                                                    Function 0000025F7CBA0CC4 Relevance: 5.4, APIs: 4, Instructions: 410COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: _errnofree$_calloc_implcalloc
                                                    • String ID:
                                                    • API String ID: 1251419800-0
                                                    • Opcode ID: d93992b633c35f2e37b516dd72fb4d9a33d59668b61f8d19e3ffcf9038676577
                                                    • Instruction ID: a1fed653819914f10a1ecb560ce7c08a67a420e435891b3d8913604f61599a71
                                                    • Opcode Fuzzy Hash: d93992b633c35f2e37b516dd72fb4d9a33d59668b61f8d19e3ffcf9038676577
                                                    • Instruction Fuzzy Hash: 8BE1EC70618B488FEB98DF5CD489BAABBE1FB9C305F10452EE48EC3251DB70D9458B45
                                                    Function 0000025F7CBBE860 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                                                    • String ID: B
                                                    • API String ID: 1812809483-1255198513
                                                    • Opcode ID: c02d2d703cad3fde31994e70e132d1470a84cf0b2fdde3fa0011d2dc5e3ae6ea
                                                    • Instruction ID: e4c3953332afe91dfd2a19ddc7e27d379edad6ad80618618fa31f6e727cce16b
                                                    • Opcode Fuzzy Hash: c02d2d703cad3fde31994e70e132d1470a84cf0b2fdde3fa0011d2dc5e3ae6ea
                                                    • Instruction Fuzzy Hash: A311B230218F484FE794EF5C98497A9B7D1FB98326F50477EA419C72A1CB74C840C786
                                                    Function 0000025F7CBB9D44 Relevance: 5.2, APIs: 4, Instructions: 226COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: free$_errno$AllocateHeap_callnewhmalloc
                                                    • String ID:
                                                    • API String ID: 106865790-0
                                                    • Opcode ID: 220d10eecca3932b28677e19a5d899b4e1de467fae96e5e6bbac4d4284393be2
                                                    • Instruction ID: adee1d7da22092abc476a4668b7a5b78b115eb691a51ff550fd818a7596addd5
                                                    • Opcode Fuzzy Hash: 220d10eecca3932b28677e19a5d899b4e1de467fae96e5e6bbac4d4284393be2
                                                    • Instruction Fuzzy Hash: B7618630618D094BFA98AF2C9D997ADB3E1FB9C311F10093DB546C3197DA34E9468689
                                                    Function 0000025F7CBA3300 Relevance: 5.2, APIs: 4, Instructions: 179COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.3239172694.0000025F7CBA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000025F7CBA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_25f7cba0000_ImmEnumInputContext9ed8e2f7ae.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: malloc
                                                    • String ID:
                                                    • API String ID: 2803490479-0
                                                    • Opcode ID: eb22e79342f6c44f5990d3d93bc1acaf377093f70efb3d4e41a798bd81bbd69f
                                                    • Instruction ID: b8d99356f917e5825bac2176df745104fbc0487b55f5ad4a58e82d0513683c59
                                                    • Opcode Fuzzy Hash: eb22e79342f6c44f5990d3d93bc1acaf377093f70efb3d4e41a798bd81bbd69f
                                                    • Instruction Fuzzy Hash: A0518430618E454FFB999F2C998966EB3D1FB89301F14457DF88BC3296EE30DC468689